vidar | hxxps://www[.]dropbox[.]com/s/zj7cz5633tszjk3/Zafiro%20EA%20MFF%20v1[.]13%20%2B%20Zafiro%20EA%20FTMO%20v1[.]13[.]zip?dl=0

max time kernel
89s
max time network
214s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-06-2023 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/s/zj7cz5633tszjk3/Zafiro%20EA%20MFF%20v1.13%20%2B%20Zafiro%20EA%20FTMO%20v1.13.zip?dl=0

Score

10^/10

vidar 2ca19830ec2c67b5159166c89d3ebb74 stealer

Malware Config

Extracted

Family

vidar

Version

4.2

Botnet

2ca19830ec2c67b5159166c89d3ebb74

https://steamcommunity.com/profiles/76561199511129510

https://t.me/rechnungsbetrag

Attributes

profile_id_v2
2ca19830ec2c67b5159166c89d3ebb74
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 5 IoCs

ransomware

pid	Process
1452	NOTEPAD.EXE
2652	NOTEPAD.EXE
996	NOTEPAD.EXE
2092	NOTEPAD.EXE
2512	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1704	2036	chrome.exe	28
PID 2036 wrote to memory of 1704	2036	chrome.exe	28
PID 2036 wrote to memory of 1704	2036	chrome.exe	28
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1316	2036	chrome.exe	30
PID 2036 wrote to memory of 1080	2036	chrome.exe	31
PID 2036 wrote to memory of 1080	2036	chrome.exe	31
PID 2036 wrote to memory of 1080	2036	chrome.exe	31
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32
PID 2036 wrote to memory of 896	2036	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.dropbox.com/s/zj7cz5633tszjk3/Zafiro%20EA%20MFF%20v1.13%20%2B%20Zafiro%20EA%20FTMO%20v1.13.zip?dl=0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69a9758,0x7fef69a9768,0x7fef69a9778
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3704 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3728 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4108 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3576 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1248,i,15518330096053190946,10168747679848574053,131072 /prefetch:8
  2⤵
  PID:2516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1712

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\spam.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:2652

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\spam.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:996

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\spam.cmd" "
1⤵
PID:2668
- C:\Users\Admin\Desktop\ZALUPA.exe
  ZALUPA.exe
  2⤵
  PID:2700

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\spam.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:2092

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\spam.cmd" "
1⤵
PID:792
- C:\Users\Admin\Desktop\ZALUPA.exe
  ZALUPA.exe
  2⤵
  PID:864

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\spam.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:2512

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\spam.cmd" "
1⤵
PID:2252
- C:\Users\Admin\Desktop\ZALUPA.exe
  ZALUPA.exe
  2⤵
  PID:1844

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\spam.cmd" "
1⤵
PID:2624
- C:\Users\Admin\Desktop\ZALUPA.exe
  ZALUPA.exe
  2⤵
  PID:2720

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\spam.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:1452

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\spam.cmd"
1⤵
PID:1924
- C:\Users\Admin\Desktop\ZALUPA.exe
  ZALUPA.exe
  2⤵
  PID:2824

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c489d2cf9b3f6cdc2ca0d6932686da6

SHA1
3e155fef53b63d6a4eb92afbd836db087b6bcc9e

SHA256
6167046243667db37ee9aeca09df96eeba16aa44cba801baa59f46480c15d1af

SHA512
ea050c43169afd25483bfdb5b5ad7e261e8751c146bec5ffaaddcb9b6c30b9fc1b57beb0d70b98dfdff30a0273e6ddd6ffd3699cd22524b7779a2912e432d735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28594e361c79dba85e9f75c0025e0ba7

SHA1
ab24ae324f8aff7c8ff1bbedacc1fc460799dbe2

SHA256
f7a736a563a95987e281c1ce005a9f16c33e1e371a953004f0065b77a4de31b0

SHA512
4b194a653d4dff593e914de80cc3f74cbac386665b06d4ae5805d0156bb0aa2970af5eb8f19361a25cb5bcda2e03d5c5ed229c67b1248408c66fa76cae380a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.dropbox.com_0.indexeddb.leveldb\CURRENT~RF6c3fa0.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
3822e90443b3a21a25f1a2090a367d0d

SHA1
3f4f05e207d8dbc83759d60e8e8bcbd892de7c83

SHA256
460fe7dfad847d4a675bd1b17736640905de7846f3a5e6c04fe2339b84a658cf

SHA512
305d758576761be0ad7b4b83844cb5b59db66dc25547b1de8ff310ded0921b8507af522df96297bdeb6dbd393fe2b37d737a10564fa2b40126a2c1983343fc0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a4859702833154ddcf0e7b1a92263d54

SHA1
7588e40148140710433c57e43fa31110315aa03e

SHA256
eac3d7eebe758beaae4bd37cd107834a5d43ae3e18c2a70b41eb5baf2d9b34e2

SHA512
ea17f9a54d9a65c003d13d4ff7ce9c6f61c9d4db50df1f66fad5e30f0a72cc4855ba69d173aa73127d73249f594423b53f6f01735d47abc81720bb4cc33ac49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
2dd0471b23e4248f1ff5d0c82c97f7e6

SHA1
35af6441f3db3ae1807bfdac1f2bb697423ebebd

SHA256
b823fb682d1895cf87a31d141c94c506e2a088fcd8e3539edecf564e568eeca4

SHA512
c1ef06e36f0351f31aa96551524e7df88fff7ce56566cbb732fa6b9cfc43e57a536b6bbb42917100ff2161449141736cabe1bd5567162e28c5dd4b22bc06a3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9de1d884f4bb56288940390f485ebc5c

SHA1
dae64c05b928d55637cc40f2c27a9fd1b0179787

SHA256
eec17d50921df4ad21b0c566cbff3b9cf2ba264ac7b0b5184573445e9df0391c

SHA512
7522f337dcf9c6f095ae44bfeb9164f11817eb26c19fde72ffd56dd637ffd3399815424877454c2b1e539507da85a123fc878f41aa853eff0caacd9433a4f586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
0c765a222f8645e6b6a954092c4887bd

SHA1
677c23015432da63659fc701add587d1284810a3

SHA256
56b72935089b0f29f428d755576157f5ce201a833adf873dfd9beb4797b15512

SHA512
530d074d8fa1ba027accdcd81fe892f545ff630b5095aa9d61bb2967133ad6f94e0b09e24d781c7e137eb8390fd26a6298fd5f96dcfaa3b5a420ea562bcbd3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
7b70aeef889589858d03db8a17dadff1

SHA1
eaeccc9b75370d12626631dd472f0f7d5ea0a0c2

SHA256
c87dee4053e2d2523ca07a61d004a8a39fe283372c5d16efa8f3aeb7c1eafdc5

SHA512
225c7d54945c2922bb69ada9c40ee81044a51ff9b590c198a0a34dfacf5062a81e5c124d19eb5bba589e58682041324a0c006a7ee477b5d0cfc812a42d9ccf69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fac0ea20539c8b936a34ee23b9207f4b

SHA1
bb2556e39315eb93a64189c014ce1110848dbe73

SHA256
77505b1c15f9cbe24d37c45692dce71dfe9db05b8d8b8fb5e5e4a60d8564baf9

SHA512
45fb18a718b6117d309c2b005b70598767062d199a7959ed22a935575de146495acd33cb7435ba18b88d33c1538149d4c9e2e1e3c13a893a7f5ceba87df58c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
346df92be9b549df4db8ba291c6535b5

SHA1
50018714edc5587f6384645672c697eee944c066

SHA256
6c0891762c686dd1d727dad44f1eb19f6f77ab3cfda8f63124e4e1f8122ebb71

SHA512
5f6e793b4e9a230d3dec22fdb399fd8da45fa046f1ce0abb899ab1d7729e2dad56e0735d527de3ab45e0d6ae4455f1bbdfd894c4bf897231f90489844c130c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4f5b9d41794a9f341d3daf65204f4d51

SHA1
4beebeaa03d121cabdb9116f3c748b525a5befd0

SHA256
8d9afb52f8db50dc9124c67935c3a7c65063b466d04fb81a6e7ae2158c9210cb

SHA512
6b971864729613ff5adde8a80d9c57253a7f5dacc47bbcb47f81e2595b7c1bf630ad058b1dc26a3fca3b45fef48e5a94915cae46c219ba52d4d17273f2fbb1c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3448833fdb4cb21cb2bd4bde919795e3

SHA1
13120abcc64f5786a0ff61db3259f27c9e715f45

SHA256
93eced6288aa69d852a5e934068ba57836d08a16819a98491377bcf059e376d9

SHA512
34b17d94c833657f3de7e205a4966ed91b1ebc0145e976dfa21bef6def0809370fc073e5a686973087a377be3edb289bf6f50a3037a82fd66b19248d1e48acac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7b3d7bd2706fb3750fc876fd10951c64

SHA1
a569bc4836ce6bf8c85f2dfc1f6fb6992f451804

SHA256
3da982479db3d4d5c6e3eb98c4b7bd4c624d85dc889599176629044c8b86c5bb

SHA512
d86daf0bcf1a34a6cb2bc8f509d1a1fb72e70adbf6ab3ae71c4fc6540b8dcfc887f6408d598dc2889661005eddfb40ed8a6f4897d4744b773e7f272b0b8eda6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2ec37d59fec63a85d3f334961f34bab8

SHA1
1ebb3635b4e34c0c5b69b4f1d78e2cf8c8189ad3

SHA256
6a4a54c45e2b53601533c3486cf6b7fa04996c2bc06f41396d311051aabc4572

SHA512
a0ebc5f13baeafdb7af5ff928fb1544edac3c311d80df844b9c6b8d5f7b618ef61e76615b4a1766d027629bf70f4844ac1ade7b1ee01e32a98eb7c9287cafa73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fe6d1e08-3d0f-4784-aa0d-a685f413b304.tmp

Filesize
4KB

MD5
c6a2b2d221d7be07d27fbb778edc273a

SHA1
ebce40e9e977e54792d953b972a759ac7de495c7

SHA256
a2926f6ba5c652a13fb1764eac2daabb4d84f77cd1e57b101e7f4d323491b4af

SHA512
94a3043358bf2a1e449e90464bade6fe923977d60cd4da30273e31c09d1ecf5e4e47d51bd3720031ac5a9f9ebe20271d591b6cf7475966db31b480abf0ac7da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
d374f4e57509b802bd05c99b16213e1e

SHA1
de59480b60b674e2e63add879f38cf9097335470

SHA256
352a3f212feea7c99274aacae7983fbd541a0220b745e3f69fa32628cadf068e

SHA512
757b3235d9b2be68ed71027db724ef04f1719b79f300c9ff540da3ffd6056c4f73dee4aeb0669b8f7db2d995df06c697198f626b9b4f4052dd4e10f2eeb0daa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab434A.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar44E7.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\Desktop\spam.cmd

Filesize
118B

MD5
10829979500b70d811bb88e307ff4b22

SHA1
583d2ccef7dd802c0899241f9568d811f53dd740

SHA256
5d0284e00654affcb048567645ba199479d3880947b62521dde590c31e9d12a2

SHA512
fcac9399d70cde9737d337bac470555e2a67b8dc3b82990b178565939c77a8330c012e723e08b1372b37acd8fdb0d3c9e5e152493b04ac8498786f98e433e23e

Download Submit
C:\Users\Admin\Desktop\spam.cmd

Filesize
129B

MD5
947136fd3e1f81f35aba07ac10a53574

SHA1
7cf00f3dde16a3894b85bb7109457d48deeec978

SHA256
388aed0dc9e33c0640fe4db39a6aa11c1c6809d85e1aa58b4a7199fa22338e75

SHA512
f6515b5a98e995dd696aa544d59517902400d490fddccd57018b424278b5511f25930c983f5d591d638663b31d6202c5a44907538363e6c4813741c4d87bb53f

Download Submit
C:\Users\Admin\Desktop\spam.cmd

Filesize
129B

MD5
947136fd3e1f81f35aba07ac10a53574

SHA1
7cf00f3dde16a3894b85bb7109457d48deeec978

SHA256
388aed0dc9e33c0640fe4db39a6aa11c1c6809d85e1aa58b4a7199fa22338e75

SHA512
f6515b5a98e995dd696aa544d59517902400d490fddccd57018b424278b5511f25930c983f5d591d638663b31d6202c5a44907538363e6c4813741c4d87bb53f

Download Submit
C:\Users\Admin\Downloads\Zafiro EA MFF v1.13 + Zafiro EA FTMO v1.13.zip

Filesize
7.9MB

MD5
a0638548ba0b039ef86cab79b7d6a925

SHA1
e6b84bc5eaf1e7a505e2bd34536e3cd491422a15

SHA256
a063e4a346ef47f4c739515e005fe1bb2d3f887e093408775f0479c29c5bfbea

SHA512
e863f8b4a20e5cb7f91d33b41ca1356e2fcf3bca50b252a23902a208284b5c5c05e65b7f1977220766ae7440944f908b156f58edf4b6354ebffcb192fbee17e5

Download Submit
\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
memory/864-583-0x00000000011B0000-0x0000000001901000-memory.dmp

Filesize
7.3MB

Download
memory/1844-594-0x00000000011B0000-0x0000000001901000-memory.dmp

Filesize
7.3MB

Download
memory/2700-474-0x00000000011B0000-0x0000000001901000-memory.dmp

Filesize
7.3MB

Download
memory/2700-540-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/2720-597-0x00000000011B0000-0x0000000001901000-memory.dmp

Filesize
7.3MB

Download
memory/2824-603-0x00000000011B0000-0x0000000001901000-memory.dmp

Filesize
7.3MB

Download