5774a907f209476fa79a3709791c9421875c16ebac1c4cede99bbcbc60fec685

Analysis

max time kernel
602s
max time network
603s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AimFury™.exe
Size

86.8MB
MD5

1a3d9c72a38acc8beefca80f67ab0908
SHA1

ee86f2337970bf519d0b84af7fa7a78aabe29371
SHA256

5774a907f209476fa79a3709791c9421875c16ebac1c4cede99bbcbc60fec685
SHA512

1059ce673495c271484442aa32b57c494a37f7942e6472dcd21029d8a75ebacccddbb992ca3f593121c7888bf363703796bc0161e7a7913f8748c51c081d6812
SSDEEP

1572864:00XJlvs/2O6jZEN/piY2R0X0i0IwI1NO5b4CY33yq7r:X/s/2LjZEN/S0wgwa3D7r

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	AimFury™.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	AimFury™.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	AimFury™.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation	AimFury™.exe

Executes dropped EXE 7 IoCs

pid	Process
436	AimFury™.exe
2144	AimFury™.exe
3832	AimFury™.exe
4820	AimFury™.exe
3564	AimFury™.exe
1448	AimFury™.exe
4108	AimFury™.exe

Loads dropped DLL 11 IoCs

pid	Process
436	AimFury™.exe
3832	AimFury™.exe
2144	AimFury™.exe
4820	AimFury™.exe
2144	AimFury™.exe
2144	AimFury™.exe
2144	AimFury™.exe
2144	AimFury™.exe
3564	AimFury™.exe
1448	AimFury™.exe
1448	AimFury™.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AimFury™ = "C:\\Users\\Admin\\AppData\\Roaming\\AimFury™\\AimFury™.exe"	AimFury™.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AimFury™.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AimFury™.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	AimFury™.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AimFury™.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AimFury™.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1448	AimFury™.exe
1448	AimFury™.exe
4840	msedge.exe
4840	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe
Token: SeShutdownPrivilege	436	AimFury™.exe
Token: SeCreatePagefilePrivilege	436	AimFury™.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
436	AimFury™.exe
436	AimFury™.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
436	AimFury™.exe
436	AimFury™.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 436	1124	AimFury™.exe	100
PID 1124 wrote to memory of 436	1124	AimFury™.exe	100
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 2144	436	AimFury™.exe	102
PID 436 wrote to memory of 3832	436	AimFury™.exe	103
PID 436 wrote to memory of 3832	436	AimFury™.exe	103
PID 436 wrote to memory of 4820	436	AimFury™.exe	104
PID 436 wrote to memory of 4820	436	AimFury™.exe	104
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107
PID 436 wrote to memory of 3564	436	AimFury™.exe	107

C:\Users\Admin\AppData\Local\Temp\AimFury™.exe
"C:\Users\Admin\AppData\Local\Temp\AimFury™.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe
  "C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:436
- - C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe
    "C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1692,i,2877041191875162291,2422150360952810713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2144
- - C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe
    "C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034" --mojo-platform-channel-handle=1924 --field-trial-handle=1692,i,2877041191875162291,2422150360952810713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3832
- - C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe
    "C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034" --app-user-model-id=aimfury™-nativefier-f9c034 --app-path="C:\Users\Admin\AppData\Roaming\AimFury™\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2352 --field-trial-handle=1692,i,2877041191875162291,2422150360952810713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4820
- - C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe
    "C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034" --app-user-model-id=aimfury™-nativefier-f9c034 --app-path="C:\Users\Admin\AppData\Roaming\AimFury™\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3292 --field-trial-handle=1692,i,2877041191875162291,2422150360952810713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3564
- - C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe
    "C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1692,i,2877041191875162291,2422150360952810713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1448
- - C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe
    "C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034" --app-user-model-id=aimfury™-nativefier-f9c034 --app-path="C:\Users\Admin\AppData\Roaming\AimFury™\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3236 --field-trial-handle=1692,i,2877041191875162291,2422150360952810713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dqfldwpdfckt2.cloudfront.net/public/dynamo/lockerClick.php?offer=53345986&offer_position=5&it=3845765&m=0&visitor_id=Vdb256e15a131a&cpguid=&hash=83040e403de30b09d1aa6aeee2e40c19
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ff9e46f8,0x7ff9ff9e4708,0x7ff9ff9e4718
      4⤵
      PID:4756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
      4⤵
      PID:2828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
      4⤵
      PID:456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:2172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
      4⤵
      PID:3664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
      4⤵
      PID:3988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,8408626258404222957,2016384299780853599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
      4⤵
      PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
7bd940bba5a42ff1b5bb780663eb0c76

SHA1
f40c272b89b70d7c0b7a41f3b68e71c5458733d8

SHA256
4391fa0c3944ce06d43b695e1f99acff4b14a5c37d0e12f7f5bba16e485bb04f

SHA512
da8315b3649f35d603162ce9916eaa73dbd8b38a378f550ec45c820ee9f55bbf8a4908440d3eb8d4333cb99aab16e12ddb16135fc2c7f5c4480d4365b9e350d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
24e077532b60fd622f28fec9baf7a2b7

SHA1
86f7be6d62836a13f57a808472bf414ba82e9170

SHA256
e44c8c536aece6113b185efa57faefb82cd19b9d0a29503a07c06d67c8e62ddf

SHA512
ffb9efe2bd0bf5ef93ee621acc9810792de0264bcd2873aeb645f19b4f19579047657451e65da91dbb84f12e0818205e854d249158d5eea9534846df6afb0fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4ede018880a486b32de76422cdd8e88

SHA1
6ff50ab63bca1f20342cedfc18dc0ea2191c80a9

SHA256
d85c504ba2ef88c6e7402a9c35ba2901f9d14f01435df987f3bc1c693ac3b930

SHA512
78a507fead59b8cb8dde6308ca5c1488e17ed763102ae26e4324fb98f2d43f11b37ddd27e43ec0e61d3da37970063c7f11df97490a21bba9a8b132cb09935a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6d416cca2c89117091ba2c7a5c8d7d3b

SHA1
6c0a258fcb1803f2429e141a5a7ceef53c640424

SHA256
c0a90614a14a935dd4b139573d590f9355645ec2e7b15b7cc631a3ee749e5d01

SHA512
829fec6e3c2477fcc8fefc344bef5a1204657dfc628f1786710b5aac1613cf8d6429c5ffd84fa8dc52aadc86408c6a4ca7b702eed716a48bbb359780b79e5a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
58d33ce3afccb1a27e7db09318bbc10f

SHA1
f64ac0ea223256580458b5b4444db5daa34dfcba

SHA256
04248928778a2a9529f4c277b77d091be5ad4c191def3c5421e45ab918911daf

SHA512
b23493113a80c88baecc56a40440d16e46c96c86af7cacdf65836e980cd5a59d191be89a2a5d5238b161fe48583390895e523e18f9563b093b30a23ce5fcbd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
34be73022fda1491b90f361eb54cc967

SHA1
f3b137c61b32daf5448a9406985eca49a3e8235a

SHA256
6c57216477d50880ce1eaf11666fd1fd5d2f743f0453a3841fef4fb0465d7fa5

SHA512
eee204a1124d24afe2478551156aeb10fcc7bd983c6c1f492fd989c55d98496c5168100024c8f1bb736fcf8e6c24f2f14f623f60ff4382a07a99edab7f1dff67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5abe21.TMP

Filesize
2KB

MD5
6a770f0b5a1a1e6b58d4b44a4f6ed21d

SHA1
acc09f06640e567d76de2a2837971b95a365559c

SHA256
c1b3e55ccb5b7159dbdb1a15940687e010e30dfd59a7b3cf452cc18a2acb95bf

SHA512
2f10f51c1d4a4502727740a44ef3cfffaf25b5b4ed739bc5449950e19baaa617f582a3dd3a59d5701d80eb8b7fda1f49bb983bc2491b9895140e3c8368720e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
83ffd022878fffef6f38301176af466c

SHA1
852ec6f6806910898e024685f8d3dfd8dd6f9f9c

SHA256
3015888484f2407b24985c47bb43a7aa8387b12c15d7d9c158050bcc37233723

SHA512
d451ad99b4ad5dd475daa3ec4017db12f5f3b2c9d4c98cafec4e0a94d841a60e92fd82262c7b289e9399309f4334b6657201af7b103b1c8e4cb930efa46fe6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a1becd6779b6d8d5226775c319dd0a7

SHA1
06ec46040fb05637c1f24e3438203d3fb27b4071

SHA256
0fa245c435343438384e9791731054ea9668e449161bd59b3fe64779b519d6f1

SHA512
9bb08efb31e925d1089378cc0ee3b65bc95e4c5b64e0b01b3a863fb1b17d415a7e239294deae4545b2988ac13ba5755eaaff5ec8f9b5d6a76df0df833d7f8c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\AimFury™.exe

Filesize
142.0MB

MD5
a0b2bfdb55ffc07d5033ffe20d09d4a5

SHA1
2e1d00c69bc983dcfbee27affb29e150ffba223d

SHA256
5e566ae7c2d5c24b57db1a97467b03207b3573866ec7c3bab1d7c416de1a25ad

SHA512
896b3305aca5aaff472a2575a0960d6c12ba5eaaa70b5c9e4db2d1ef49767bcc437a29413c2d7b8d443ff1aa492e6b8ed7874fabca8fb6f77ca1a20e785c7bf6

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\libegl.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\libglesv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\resources\app\icon.ico

Filesize
19KB

MD5
781dde41fc9ae680883dc7ba0a3c9875

SHA1
699547125a7f480941d9d9c1e5e550667ff2fda4

SHA256
1d4ed69b7ed6f605906764ba2887bd921a09a15c088041b4e498f7df0faa4f9e

SHA512
5705e2594ffd9926ebc16f6ba1913c05dd7894499c2d02c82b8b1a7cf47bf8fd94d8331e2ad776c604f6883ba98643df7e01c37f5f10616cda3e2e3caded5aad

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\resources\app\lib\main.js

Filesize
495KB

MD5
d1bbee38f184cd44322a0bbae13d6b7d

SHA1
900c2362ed581436a7e0b5210ae1cc2fba769ca0

SHA256
3bc4df185354269c757e4c31414ded23866a6e5bb880b07e2ba22e1314281863

SHA512
6ca51132ff3e88c97005c626d913d263a9ed383e64803f66a980ce57e92e3bba16b3008b87480818476cde5979efea6bc2c1edb1472517a93d26d1bccb75d0a2

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\resources\app\lib\preload.js

Filesize
4KB

MD5
fa55c68c5f0b5a560604becb9df601fe

SHA1
0eeb7a10a9574238d6360ab895c78ddfdbca61ed

SHA256
317ea36e9119cd2024689687aaf927287213b5ec2909bb98c1ae87a01b49106e

SHA512
709da44b05879e4c1e8121e8c818e364bd6167d873529274d9ed63ea1b25a1ff4e9f501f11668a01677f9f610950a44b9fcbef99356d4c3cd9db51619d2dd9bd

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\resources\app\nativefier.json

Filesize
941B

MD5
cba85424ee3d4d156c2a8e616153edd1

SHA1
2a43857b78c22fb97256c89b15144444c93de112

SHA256
3ae21be90d7aebb3b478c45b930cae790310a7ef8a02a426f650c8aa138b9530

SHA512
7e226259428b68dc1a6fbe82d795ba6ab422231c24357be90f2fcf9cda47f4f3d83e8e21d66cadb69ac22a136c51b461d37ce43a3d4819172b838096c9c7b82c

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\resources\app\package.json

Filesize
597B

MD5
01c6223dbfbbba88cdf4fac3b8ebad98

SHA1
de933433dd21edfd3043fc496d21e204bfb0f836

SHA256
b28119e3b5a699a84195ab189e230244bc9d5c06add8ff5a362a55bd0e284160

SHA512
4496b91cc49c1f8ccd835051d4c2e1716a557bb90d8976531ce87f0e9a7e938b539e6f8267d8390064bc021616722d122dfe63545671fdf1007e156067351091

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\AimFury™\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
8652329cac37bc20af1e9cce5b5acaa8

SHA1
1e0e4fb5b9d98c7b8100919d23c3b0c23f1c9675

SHA256
17278b4c4e65a7005f0a80abd00488b689d19f1cdf0896fe73755596b2d8f640

SHA512
35dc33464e53a08c1511153a16f3478d0e9819fe682be74d15fd11f43993b63bbe48fb6e023f2ce07fa2de3373f8fee353b73c3fb4b32d2b0df0eba4ac6664bc

Download Submit
C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
79092a88c1ce6ae02c79fd281523bdc6

SHA1
3bf705a132521225e831542d31baa49647c1ed74

SHA256
b98883b8296dbb9cdb0d3d81c15be4c4fc8eda67b031ea0b4272a58b29b913f2

SHA512
a48f8371a417f7bfd15f61470af0e21444e6595d0f25394167384a15e4619b97867689a3ac5bbfa23dc8607f30ba1005a3e78307a774583952e76c8c58207d4f

Download Submit
C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034\Network\Network Persistent State

Filesize
1KB

MD5
9f6a26ce3b04048a8c8257a94a8fb841

SHA1
2017ce33fb2d928fe5d8db03a682c2f592314a35

SHA256
9139b048f0fad579f6f73579686ff807dc6bf5ba1e08cca71240d88a35055b7a

SHA512
5bd56592dc17fc02b005e9ff1e007602ffa8a2e74f709eac6eb09a212af8030c81bd1d992d92539bab10657164c676003554076c815d089efb7c9de4f8b12715

Download Submit
C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034\Network\Network Persistent State~RFe5930ea.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034\Network\TransportSecurity

Filesize
539B

MD5
7c713bdb667dbba27cf7c2738b19d408

SHA1
75ca5a4d4a3b550d7ec8841e97d2b5bd6c5e49eb

SHA256
aafeeec821925e42a2a9fc0d12e28a535dc279961fd7bb1c01194a153cd2c8a8

SHA512
b4ec5a4cb6de27ebbecd654b2af2f178742ea316182186fbad23bde39d5b769ab544efa766650a85f1b3509d4ab36f97a65184284a387eccef7dab9913baf23e

Download Submit
C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034\Network\TransportSecurity~RFe58a718.TMP

Filesize
203B

MD5
cc77a1b1bce8433faf612ff826e45bf0

SHA1
442ad6d9e4db02b4c147f0af926acabfae1bce62

SHA256
5880804d5f2e6f4d1d4d04a6a41ac61b0b8c84f39597e4e5d30e97d944cc56b2

SHA512
7995e120cdff45ff76ae34700c3bbfe60d12158b44494be51688171192e6d5fa18e126d8a9e94f88f651c880d264627d61a0c0d721a991295eac0a9f664bcb91

Download Submit
C:\Users\Admin\AppData\Roaming\aimfury™-nativefier-f9c034\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/1124-0-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/1124-202-0x0000000000850000-0x0000000000B30000-memory.dmp

Filesize
2.9MB

Download
memory/1124-182-0x0000000000850000-0x0000000000B30000-memory.dmp

Filesize
2.9MB

Download
memory/1124-10-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/1124-9-0x0000000000850000-0x0000000000B30000-memory.dmp

Filesize
2.9MB

Download
memory/1448-402-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-398-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-407-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-406-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-405-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-404-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-403-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-408-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-397-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/1448-396-0x0000021078970000-0x0000021078971000-memory.dmp

Filesize
4KB

Download
memory/2144-290-0x0000026DBC720000-0x0000026DBC8C1000-memory.dmp

Filesize
1.6MB

Download
memory/2144-226-0x00007FFA0BFF0000-0x00007FFA0BFF1000-memory.dmp

Filesize
4KB

Download
memory/3564-347-0x000001BA4D610000-0x000001BA4DD4F000-memory.dmp

Filesize
7.2MB

Download
memory/3564-337-0x000001BA4CF00000-0x000001BA4D0A1000-memory.dmp

Filesize
1.6MB

Download
memory/3564-319-0x000001BA4D0B0000-0x000001BA4D0B1000-memory.dmp

Filesize
4KB

Download
memory/3564-318-0x00007FFA0D010000-0x00007FFA0D011000-memory.dmp

Filesize
4KB

Download