hxxps://calina-dev[.]com/delphy-based-loader-free-fud-and-powerfull/

Analysis

max time kernel
1800s
max time network
1711s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2023 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://calina-dev.com/delphy-based-loader-free-fud-and-powerfull/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2032	PersianXloader.exe
2316	Stub.exe
2080	Compiled.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
551	api.myip.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2944	msedge.exe
2944	msedge.exe
4736	msedge.exe
4736	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2032	PersianXloader.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	4860	7zG.exe
Token: 35	4860	7zG.exe
Token: SeSecurityPrivilege	4860	7zG.exe
Token: SeSecurityPrivilege	4860	7zG.exe
Token: SeRestorePrivilege	5100	7zG.exe
Token: 35	5100	7zG.exe
Token: SeSecurityPrivilege	5100	7zG.exe
Token: SeSecurityPrivilege	5100	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4860	7zG.exe
5100	7zG.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe
2032	PersianXloader.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2032	PersianXloader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 3852	4736	msedge.exe	48
PID 4736 wrote to memory of 3852	4736	msedge.exe	48
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 3828	4736	msedge.exe	85
PID 4736 wrote to memory of 2944	4736	msedge.exe	84
PID 4736 wrote to memory of 2944	4736	msedge.exe	84
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86
PID 4736 wrote to memory of 640	4736	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://calina-dev.com/delphy-based-loader-free-fud-and-powerfull/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd775446f8,0x7ffd77544708,0x7ffd77544718
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,2233633413642426261,10589332742581197976,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:5240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2104

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PersianXloader(2)\" -spe -an -ai#7zMap2714:96:7zEvent2198
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4860

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\" -spe -an -ai#7zMap19491:156:7zEvent23452
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5100

C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\PersianXloader.exe
"C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\PersianXloader.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/PersianRemoteWorld
  2⤵
  PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd775446f8,0x7ffd77544708,0x7ffd77544718
    3⤵
    PID:2388

C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Stub.exe
"C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Stub.exe"
1⤵
- Executes dropped EXE
PID:2316

C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Compiled.exe
"C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Compiled.exe"
1⤵
- Executes dropped EXE
PID:2080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
27KB

MD5
23bd7d24aa0086eefb51853a2bbdb99a

SHA1
312edb2fbb86d62d97c09b29464155bf6fc1a707

SHA256
8d72a90c72badb76227dbbe734c8c7b81b57ee2abae176200e0ebd7769ccf59b

SHA512
4572130146308cbe9ff3782367bbdd6b39fcec7dd5aab50eb1f08ed77b3fb1bfc96c7846d720dccc6a6c6c9fd0a63be410260df83d528c3505e10198bb6cfd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
62KB

MD5
ac9573363b80736d22596e4ea62c681e

SHA1
0a03922c03d871de2187c559a270edbeeb991051

SHA256
b2924ecc58ac0c97c295f358df679f2efbb3449d3e1d34e5b904efb71e2847b8

SHA512
b207476fd34e20753941d07418c762a91cc1e908637f0291924155513f1570c0c666529dca1ced992ed525db232ef6740bd2bfcad660ea035068e0779ba6dfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
bf9c425480326d8930a12f333e2b5e02

SHA1
75d22d3ff05d1d28d5830c3648f6aaff5a929b88

SHA256
5ae74e1c949bbfe585222c0e6230c3a2e51adbe15804907c00b55dcfdf1b9682

SHA512
8bd83a62119f4e3c89b1ff1961368f363a74f545a638c2391f38f1ef4f0a7c35710e258aa81b5cb1b500d10bf4b2aaf4bf7b45db70514c402070e03ea3dd13fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
67KB

MD5
ee11b1449b494a831ae892f5ff16f9bf

SHA1
4ca20e305eaee9e2113f19aece994ec306c39657

SHA256
e7832de62f70543ecac1f9a4fe8cb09a46e4484fa6fd35f09d5e24381cf9f2c7

SHA512
bb18afe830aef0cb71960d5ba3d64627670681f97725720b458a8a42f5e32fa429c06551f12aa8f7ffc0e5f6ae125daa189113652c25954abe0481c55b9cca9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
c707e700bb52b7a4836f9a730c12c538

SHA1
80527ac5d175ae4592a33ddf22a70653de6d397e

SHA256
4f9006f726430170385bc241368f11d3301e06b08a85fb445cd5559e2ed29722

SHA512
9c056ab204a55fe161f84350ed334646d007999a4def6c3cdd4a5d76a00a22994fe07d5a09d091af8a0a827979c453bfcb3254b9fdc060e14488669023c9050e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
22KB

MD5
f865fbdb24fd57a28763cde8fac745a6

SHA1
4544e6cdec049c9521fc1ce28e4c06fe7c4c1de8

SHA256
0119d383478652bda08c52c233ac36fa911e3ba33d91849269e7cf1dbbf16393

SHA512
5fde702542012b93b4380dfe0445476529a857db5141a368bb3e7cf30a6549e782f2aed50512b277761a3e9e3b1b93bbcfca0cd078dc74d1539cb0fd63b2df86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
67KB

MD5
6786af6a3f1b0ee314dd2867045ee1c0

SHA1
3e72c1d00788e24a2bd95153bb2524ec10074cf6

SHA256
968baef8357e68050372c12f4c8abbcab1f12d6b25cdf367c19fad2ed1e2e329

SHA512
d1167d19263e0d97304b8a9bc5a1f8323112f99f935dce31467ae70bb3cb8bf7ec51f64ae7c12a91bb32472722817a6ef4b010aad5f761f82f16f423cc13ec18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
92KB

MD5
6ec612e45027d056689234ed8236f95b

SHA1
0220850f563693757a5f5823ed7fae43ac72ba1d

SHA256
faf08320f0a358a2decfaaba71ce2791fbc321e6c327cc87984dddc58fb56339

SHA512
d20701b55413ccea40b58ae512bbda94ade1dccdd6b2431c8c9adc8327b3379d98169bf115c83d157cafabcc9f470bcd04df4fc986883af7a858fcc020e896fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
62KB

MD5
e3fdef1f1a2509e4a9cdc2148f751322

SHA1
62520e5b88856a3328931138a12c5013271ea659

SHA256
bf23cf1a0c5f51fa6fa8970b364e8db18572b201b0df4ee571b86e4e728573de

SHA512
fa44fbab1e80aabf2d4783c11d5ea3621f63f9910c1987f2b04f702fb5a2cced4e7bbc53b29a42f0f91339519a220ba47fa6117d3900a92509a577798a0b787d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
31KB

MD5
9c7ea200afb2dcee2da5233f1c55e97a

SHA1
ab32e8f411407c2fcbb115d785e8c4d905ee0247

SHA256
17d6efe2bac1da8ade273d0ece69aa09de79305f405e045e9413dea1b3f022e4

SHA512
da3dc551c7794552514b378d8cbae9fd0c32712663b947654967987b530707c82dcbbcd6c56662411cfc59da453861807ca5a527c980ce35534b495c15b88271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
63KB

MD5
8edb759bfdcc3114a4f8216e1c7dd5c4

SHA1
fe4b43eca82cd5fa5be69767e5d79406d83aeb41

SHA256
49ffb76589c1ad70745710486e8b35f7ee9c5f28d391ba699de71b6ea49d4ef7

SHA512
261727f576e806a3b4001c8b1d75d2cfcb8be9b0d3e5acdd3e3aa9e959eb068d9c9749f058dea2390586c130722ee622dededebdfffe70fa375c0fdff0754f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
23KB

MD5
b2cf3200e831a2cb05925a765ef7446f

SHA1
ecda76641b2280214d119d45ab0f98bcb6cdd463

SHA256
044652a36153ec8b6d137aba8e6c067a6b245f7dbe8adaa95eef29780fa60ac0

SHA512
02fcdf3ed888a64cebc7ef2e19f44410a0a0fd3908a2bfebb27e7d2f657c9f3bb5d51787553f407c405097bfd8c3e103c9cd75cc1b176bb6b35833f2d57612d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
4a3e191281ad4350033c6cf2cc94036c

SHA1
68e39278b88df798abb18a06e02550b54120dd48

SHA256
a4f7b87212ea2ffb5a9f909cca135d96ff5772b25fe7e1ed23ba5ba910c05e4f

SHA512
09d3d1d5647d0d3cd0b07142fcd6053608b304d8695f326d46983fff4628371bd53a2b03100e4f1c5069d4db618548b3c1156aeecb019e44998a67972ae5c243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
820085e9cfc0738ba56cde1326896de1

SHA1
380d94e6d3f9129b64e50bef0178c6ca6854147e

SHA256
626c05564767531f5c771aceff82e8dc5ff67589920a4cb85055bf838d5fc5a4

SHA512
32cf535deafda913d76ca483dcb3bb6b7fd0463b3d2b0d3d04ba3051d01b562b9123f6994896aada1536a85ec6d2da6742dd705c0077ebc9d1ed0c227c2cb5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
67b37f8ef3ec2b16866fd217eccd8ac0

SHA1
6df42b06c75ce1f53e6c5f1d2e39b08099f1d4e1

SHA256
ff23ad6159ea36aa45e35f3f468714356192105ff5abe10219b3662102fcbbdf

SHA512
e7da8242b388ff00614efdbcab601d88b865a779a863b656063ed6b9148b6bd39258b616894c7ae02b59fc6951d59594ff8185a3d357615f0a22f50fddbb73e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
06dd09a5b193f0405502d4bda90ca7b3

SHA1
b89e842ffcccff7750ac53e04fea2433b72ce018

SHA256
7d7ef081a960e0a948a19a5a9a6ab4d3c9b913b01ee3d8a9553b88efa98de513

SHA512
2ec36d93cd9064bef1dabd641c9ae138846afb5c8414f6e2f844ca12f178e6e1949abe84b72c9f6b786841f0874f70f238a2df251b619b2a0787f09ea38e71b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
33d1707c43b93bfd62397f51ad5e1fb8

SHA1
cd9396fa120ac9880ff952b5d497d788301d1b86

SHA256
d8662c9724271658156e5f45f9249104abb2691f03f28759f34902646f3b3d9f

SHA512
37b7c86f66500cf51a9a6ecb893b577efb38555a6c1cc5e3deb7fd8a0e62a09b44906c15ac7d79ba8633cb2b7cd62ff7a50755ae0fe1d85bd2734e330c9b7056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c7565e3be8aa6fceabf8127ccf6c3395

SHA1
08ac969b40295ba88302087aa955e1a309392f03

SHA256
444b529503184c56018e99f2605f174ed68f977aa0d2b23d565e7229c9891b10

SHA512
76c3b36eda5019746c2a7ad4ef414df7d43236140dce34552721a9483e54f297807e56a1555366d94a3c76b940dce028906f79f6bbff299cedcf74ef5817d010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d3a5ec00f1753a03ad6ec67cb3d13f07

SHA1
f0e34fcac84b08570be69d680165e2aa306f26f5

SHA256
533f92aa2995245b6b778b42e497b62992a0f74d0a03a02e2d42395339d3ddf9

SHA512
aa424524d7774ac1fb4d954f40c580d1c1ed8a4a74fc76374346373e852ab298c513e0abe1adac966eeb2245463e66407feda38ca9c39f539665c9c6c82a966b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
29f5bf585fbc648febb371ca5219a08e

SHA1
e2cc473c2cb8441d10841c3202210ce9cc8e9065

SHA256
fba3ea2b6c081beeafffb3423ec57f82a2f3e8cc5b729c46817830a9633bd0cc

SHA512
39f8400fb395daaeef7ba6fe46de7b9db12f5bfdfc0aebe590cc8da830ffb5194e692cce87cdf4087733613bf1204e931091ec1fcc7f90dfa24c90db49e4d755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
2268e2d5bec6a6ab9d84bc118a74e089

SHA1
cf9e505ee49b5643daaa815fb87b8baffd9af3ba

SHA256
0fc315890c1d207d11b805fc9fd9e72b523a08478a96065e0fdd4dcbd808f922

SHA512
c8e816bec0479c4e1bc45c2d35db9c3910e77ba6c01183f58dec1007fa35081088f0afd24246163cfe4c9a2a12f676a7a11bbaac829c923e5106ff12f6f1d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82f5b167eadb2da7c8d6308b8b914ba8

SHA1
3871fa3267540c184e8cf98f74bbb9dfe1a10119

SHA256
3d8b8cc43816f8cd071e5ea303355924bd2e80f287d3d10695c596a31bb25a9b

SHA512
18cce80afa012f9c35615eb263a80feddd4a22ce318cee29606472ce8ad6be1091cb8b73d7ffb9bd1c622ce48cea0e220c639e63e5700d78e54e9391615f0851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6099eab363a6d63fbc4b9b89cc1c2965

SHA1
8e5d7887decf4117f2c82f0ae3871b4bce21cfdf

SHA256
b1e738c669630114d7343ce5ec89dededc9c1ba79dccbc4796182083b01b94ec

SHA512
4d6c363f0a15d1172d99d2c344bafd3935ef14fb0c03b77c52f06afcb37158d01e8dbd729b4ee0203885cc01e048ddcee27ba0d939549493ed84c1c3f7fab5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b74d090b80e0c626a879fc33d34ebd78

SHA1
b0053ed6dee25d2d576df0b5312cfd5026a12b2c

SHA256
8eb5baa7a1a294df9b99cee5d282cfb4a5d5af74ef7d6bf9d8f08118a323bcfa

SHA512
181e023bd35437e9b1dbf1d8e9e58c9600c99b8b1623a5da30d94aebab01149f38fd17363ea92dd4d945c5a9dd8574d70104901e9464521505f54ff55a814cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5f5304b2ccbfc3c8b83b8f2acc35e75

SHA1
a3122074d316e9a1e6bd2da946b62bc594827f10

SHA256
e94f132149c8df956a5daa1cb5d1103b541015d4dae27b2aa3695de5e8762f41

SHA512
90d56076cc13d19d3727ad4683e4dde13d6dbf661dfcd652ff5b6e53bd41a7c8251cc8cfd87b10ad47d11762c0e474d7ab2b3bc279dd09bc374b79b8f3b69ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
760e29ed6c7e641fc76c82152a4766e2

SHA1
395a6a388c2c091e41e8730cfb7aa51a276595ab

SHA256
255658210383ae903bc981469e7434ae962c9220332561cd5d6d2877676529af

SHA512
4db6b9d4932de4185c5e4c142f7b910bad3d8858163dbebe156e48152fdce0589e5828825f9cd85d79e160d4af987fd705f4cfac2a75bfb28c20bdb9dcab614e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
80e3f4d414b595ee8142445e90ea1adb

SHA1
e31b4e9809b919afae27ce4a64aea93e995aef05

SHA256
d56740222daff909987065da45f5c3406ebf0bea1e5bffe58a2d2c338730d877

SHA512
6d4ab4a2c19623515a5651992da7f2c932141dea946c9795c79d30beed536d56576a6b823ee647697355e6efd45bb72e79e85e37833162bab0394b648695a81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
12f94248430bc1f246810dbccd81be84

SHA1
1740ff73c8c2faa1f5849b83193508fbaa00e501

SHA256
329c091027eb2fe6935ee6a9e50657d3a2a5370f0b960765176f1cf0fd399342

SHA512
4d480882745827acf19e852184460f829d4ce66dfc4993b82e3b5bb94be8ba8a674fba798986d7c82edec0ecbb2c8270cd53a80afaffc01b85eeef94f92307bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ab27f696f53e87101e4cc4f3368f7a0d

SHA1
1b9d4ff9c3ba6de10906bf89c77bd42cff03f31b

SHA256
aba91902fe6c2b8c839fc885749b4b2025c147408221ea20edd29ac6d676ffb4

SHA512
d142ea32074e91b4def218a752440f5f42be6cf268d723af025dfc5b0408e036a63548564b47650f33b181b6a4e3a0cf84093efbc1442d7487474c225e97c532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
528a094975527883bdd05142599faf9b

SHA1
e639e959a0d896ec6a1d892f5be0303630871b46

SHA256
edb68239fa36f2744de13defb45f4bf52df3231b78f2ff985e92eaae4f565920

SHA512
896c673b4b6778fcec5702fbf23caefb6fa28b253a4ddfe2b9a782c66af0a99ea365a5218fc9e93d3f5cd88848b069c7e196a1b19cf2530b3bceb3954c6c2583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0b609540a808a9a7562fe91f1c2c864

SHA1
cf5d2a63902d80937bdc5eb251fb3b0450162a56

SHA256
ff05af53690aa5c877ffbc32201a5e3b95c4c1ee49839cc43cc8f01802900195

SHA512
dca061391e5a8bdcec5e85a6ef696b21bc9a082afb90ae9734fc410db4876728623c3e2b97bce166028e07809cf0dfb1f7ee149d3110b1b095bccb504afe8123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ef516223d0fad3f9e1b948edaf08cab

SHA1
a7caffb7e14fd9c8a370996e629735a6b85ed498

SHA256
f94c36ae73ef44166e75712b5b4ea3e6b513d1f87c49e97616bdd02b8b020642

SHA512
c4a7799e3bfc52519260d6bbdbf5dc67b05870aedb345c446f83ecb806a1595416f89a35778873b3c8832d6630697897b1e09d446dc6b152271d239774e26ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
36c595ba84bcf37eb631cd671d166383

SHA1
b768fd5de52c5681130d432f3a60c6633114e16c

SHA256
6e0123a320877afe7f3881e8b4cd791fb6cbfb1b14fe082a808f5538ead84a23

SHA512
144370616411f734a74e964788b1a2e150cab4a4f05f3aace061e3dc9762a0f8078000ad7de8cdfcaa5deed336183c12d3a70f6114ff286dd48d8d7657eba2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
eb06f81fd8c4867cdcf6eb32bd711075

SHA1
85e85eaf49af3aa280cc8729759fed12d9a63d9e

SHA256
eb79eef4e2f0d0983a9c8caa2430067b08f818560be434990902f6a1add4f598

SHA512
4f9f513f258a40a40135d1cad91bace1b2199b48c48246f30b083b9bb6c6ab5d10f06dac5911f094d068cc1d4b3f7f285716ad8c8c4f896e55ea8f481a79c3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c04c414b7d31e9ae86da1d9546a2ec9c

SHA1
3bd781cf18833a3dcb0160c876faf9db373d0aaf

SHA256
d64cdc6ea09e20247158f479befafecf30707594e2fcc823d5aefa839bbdb2d4

SHA512
7914a214583b508eadf8abc1a83f7d3d7bb3ba1f1eb09bbcd6bcf1d3bc3930362a5d4744afe835036a73f914cb373985d7b33a78a1dc991b927f88ee9f98d1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1aadac6ebb5a38066af574685ae61dab

SHA1
191c9b5060c864a7bc5473f9bf3448e35e1477a6

SHA256
acc0ea0ea2c3678ca6138fc66a2423e1d3fc96daba8239bc5da80506e89731d6

SHA512
7c4215da7110bd36ff4d9bd28d01267cd3385364a3206cecf41338890f182d984ccec5b539f92d70e7c65a41b9bd093201a206246d352b90ed18f04ec05d8d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
38b893f1cb04f2000d6a4e3c15e2bb06

SHA1
6b92b3c0e6187dbfb77e89bff0f84ed84e907286

SHA256
6450c452dd48a8963c9db9a9cc1935879df6294ce332035fbc95f05c3eb6f678

SHA512
9e73562c3bd34250a9bfb998c9b4cdd80b6bddbf40bdddc6cd36ae90b25fff206b185fcccee38e118d6e0ba41b78b8bfacb369c0ea9544ec83a20315161067a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f82505ecc1a1ca6fcedbb691c27ddb1d

SHA1
98d31d9ebb7587a4fe61e478c297cc5adabaa23b

SHA256
69787760d6ee90738821d1b5e7b80fd49e4a928011bd9be6c8f790e6164b0d9f

SHA512
8eea558983dc6a655459ff572329f0f3c3ef30eda78cd24064f9fddaa95484f16d80da75a8565bb8e8a1408508286cf3be9231a0df6a49d5c3d70f3e78e6e820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0effda62065927bb0e88113dea0a7e62

SHA1
619cf442f7c35e3cbb5f20895cf22acdaa6aeb01

SHA256
ded5e1755a7045061b140293387a839dd1676dc3b9b46ef32d2e684a45930eff

SHA512
efe2671ab377e549129b52ab37e0f781b86af4068681c8d6b20973633e9aa7e4a63e3d8c870b407fd50973fa588bf8a3a99d9712d8c16af9dd029d320bb84cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58600d.TMP

Filesize
538B

MD5
06f9cccbd85b1e80d5f39abf19fe0bd6

SHA1
b31fb0a9552ca66d0f7dbec51695e4d5459a8ac9

SHA256
cd884c3bf6258ea50bf9ac4adb18c99b7d011825fd5b207a4fcc57df866497cc

SHA512
3c959e49d45f36ef25973b0046aa9645343dbda3f9d39dbb356bc0c9e99cf9d0adea63b69748da1dd3de8fdd8ff0d49facddf8f4a69b65a881edfea9dd5624f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
385383870118a59a792a9b8f8d0ee64d

SHA1
a9ffaeaca9ca4326a1f3edf52235ff5a28aa91cc

SHA256
9e9e11bcdefcc22ea3f937ff9963c39b148c34965bf092d686a2e33637c1bf6b

SHA512
5cd9a3454c3723a4dc28676f0ef57aac309cfd948fcda3e5106674e447bbaea859f024a297a03bd64663b578665cdc5c43a8ecdee82caffaf97899b0f2a6a11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5fd54ca44580f1c12f041f483c92f143

SHA1
fa00d75c212ccb2ebf0eff1ad89a37874229ffc5

SHA256
477bb50216afda1bcd82ac130855238bcd715c88c5a4f4cebbe3ea5d7311f8f0

SHA512
bfe04e677bb97d64aeb390081b554b1f1ce0bbdcf443cb32aadbc1043f789011b8a3c4be5f60d3b76fbbd98bd59cce41852700a0ede137ef39cc0ff600ed3467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e4d852ffaeedb1b0fb9477fdee215f30

SHA1
9a2b3240a3020a62749ffed8a5c4869eb1e7f533

SHA256
0ef4cbbfa20e576c87a90ef203880cbe04b302199ee845899807686a55583855

SHA512
89e60ad0e2cfc1f7733d62307bd4b3535880679d22362c2b8bdb89ad695261fe8de78ef6ad36de3ae15a1d474949c3b9203e5b1a51148b394864ff09692f74c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2857a1d0ac38d377f1796d3bab19f4b9

SHA1
220a9f138b465078b7ab9f001ab6dd3ca9740d30

SHA256
c05997924736119c0bb10bd5eb67851f522226e9647c3f48620d81f829f80771

SHA512
63408dd596c078ac553e86e1ab407a7951a598b0afaf972dd627287b7860ee9e24f517a4f936619c060b1f7dd492f859b53c3f39824cc5ae7adaedcbd981e3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c36d3ce51ceb51b31e81914049591bbf

SHA1
f378b598634cd238d6846d7439b300c4f9772153

SHA256
2bcb0bbf76a48a751d0a64d2a38b81be7de481fa5460436c23ed5cbb69bef8d9

SHA512
ca630cec3cc4d526f2255b6de1e07df0955afac58a48f1b543304f2638f16694d76b788e210847ba27c38a4cb7fc396f1e4b11fc38f901e2772a322627bc4a94

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2).zip

Filesize
7.0MB

MD5
f08975b594cdc83c38c73e294861662f

SHA1
1ff6f379e27598fef18db79db3ef49ee53a286eb

SHA256
f45280a0c8ecae1daeaffb981bfba9b01bed54bbadff78af92cc058720fa0d59

SHA512
038b169382971143510be3f442314d4abc394148031c545512356510b91af8e0e222bd269cf2d22f1f4761bf8aa018b05ac22fdd747315dd7298eda8253677ea

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader.exe

Filesize
7.1MB

MD5
5e1562d1efe1595fc89f0ffa2a17da42

SHA1
cdef3ab6b5425453bd102f898e68a010ed36a623

SHA256
1f33ada2b746e6fcdd1c8bba3536fe83ba3535c12b15cf14fad1aacc1ee39948

SHA512
bba9fbb4ec4e857c93dfb3316db9466d9dd407715bc154e71b8aa1a52325d6b6b2288a11af1b68e543fa359aa9bdf0f13028d388740c6aa82ad9ce8529b190de

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Compiled.exe

Filesize
3.1MB

MD5
c3a4376177eb53ff2eef83653178f0bc

SHA1
8948139922629bc2cae4e0ca59ea97fbfee0858c

SHA256
d3537b821cb072c194ff5cbdd49284d5e821bfe8411dcd27d6d53f703a162ec5

SHA512
f9838cc665c2a77d7facb15241b26291422eccb50e97616a415841d76ebd11ea3a1165713d55552edfc4c4c02c176c202ac7aae319e87dd9527173dd2e46e3d3

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Compiled.exe

Filesize
3.1MB

MD5
c3a4376177eb53ff2eef83653178f0bc

SHA1
8948139922629bc2cae4e0ca59ea97fbfee0858c

SHA256
d3537b821cb072c194ff5cbdd49284d5e821bfe8411dcd27d6d53f703a162ec5

SHA512
f9838cc665c2a77d7facb15241b26291422eccb50e97616a415841d76ebd11ea3a1165713d55552edfc4c4c02c176c202ac7aae319e87dd9527173dd2e46e3d3

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Compiled.exe

Filesize
3.1MB

MD5
c3a4376177eb53ff2eef83653178f0bc

SHA1
8948139922629bc2cae4e0ca59ea97fbfee0858c

SHA256
d3537b821cb072c194ff5cbdd49284d5e821bfe8411dcd27d6d53f703a162ec5

SHA512
f9838cc665c2a77d7facb15241b26291422eccb50e97616a415841d76ebd11ea3a1165713d55552edfc4c4c02c176c202ac7aae319e87dd9527173dd2e46e3d3

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\PersianXloader.exe

Filesize
13.5MB

MD5
85b82f2333b7f9b8c0e12ac86e136c67

SHA1
084270a306e14db5cc8540f3adc8ea1ffa511ba5

SHA256
4d978a6f806a95c5ee89f8a394ad2a2e4336ad6554922fcde38c46311ac17874

SHA512
875209286306e53fa829566d329ccbe97ccabc653301ed88ee2d08c17efc55307fb181fafdc6ee5bc511a2e30549f0218feada1550c8b197f9be537820b00dd3

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\PersianXloader.exe

Filesize
13.5MB

MD5
85b82f2333b7f9b8c0e12ac86e136c67

SHA1
084270a306e14db5cc8540f3adc8ea1ffa511ba5

SHA256
4d978a6f806a95c5ee89f8a394ad2a2e4336ad6554922fcde38c46311ac17874

SHA512
875209286306e53fa829566d329ccbe97ccabc653301ed88ee2d08c17efc55307fb181fafdc6ee5bc511a2e30549f0218feada1550c8b197f9be537820b00dd3

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Stub.exe

Filesize
3.1MB

MD5
c3a4376177eb53ff2eef83653178f0bc

SHA1
8948139922629bc2cae4e0ca59ea97fbfee0858c

SHA256
d3537b821cb072c194ff5cbdd49284d5e821bfe8411dcd27d6d53f703a162ec5

SHA512
f9838cc665c2a77d7facb15241b26291422eccb50e97616a415841d76ebd11ea3a1165713d55552edfc4c4c02c176c202ac7aae319e87dd9527173dd2e46e3d3

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\Stub.exe

Filesize
3.1MB

MD5
c3a4376177eb53ff2eef83653178f0bc

SHA1
8948139922629bc2cae4e0ca59ea97fbfee0858c

SHA256
d3537b821cb072c194ff5cbdd49284d5e821bfe8411dcd27d6d53f703a162ec5

SHA512
f9838cc665c2a77d7facb15241b26291422eccb50e97616a415841d76ebd11ea3a1165713d55552edfc4c4c02c176c202ac7aae319e87dd9527173dd2e46e3d3

Download Submit
C:\Users\Admin\Downloads\PersianXloader(2)\PersianXloader\PersianXloader\notify.mp3

Filesize
149KB

MD5
307644ab0a55d1b6d660e3bbf4305e8e

SHA1
19c19d73d74b08ba3dc6176918d8d31b83aa7785

SHA256
e8a322adc28dd7b7dd7865e19f528f67d748479c233cc9be3e471c8576d57877

SHA512
58cda2f14384667f4d5b6bc3b3d01113af55bd3d91551992919fee08240b2d50c8aba6d67f494e79f67ea05e08d63aad5f38f89b573fed2a443e697d178bcb77

Download Submit
memory/2032-1260-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2032-1257-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2032-1290-0x0000000000400000-0x0000000001233000-memory.dmp

Filesize
14.2MB

Download
memory/2032-1268-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2032-1265-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2032-1262-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2032-1264-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2032-1259-0x0000000004960000-0x0000000004970000-memory.dmp

Filesize
64KB

Download
memory/2032-1255-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/2032-1289-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/2032-1313-0x0000000000400000-0x0000000001233000-memory.dmp

Filesize
14.2MB

Download
memory/2032-1270-0x0000000000400000-0x0000000001233000-memory.dmp

Filesize
14.2MB

Download
memory/2032-1269-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2032-1320-0x0000000000400000-0x0000000001233000-memory.dmp

Filesize
14.2MB

Download
memory/2032-1258-0x0000000004950000-0x0000000004960000-memory.dmp

Filesize
64KB

Download
memory/2080-1358-0x0000000000D70000-0x000000000108F000-memory.dmp

Filesize
3.1MB

Download
memory/2080-1318-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/2080-1384-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/2316-1322-0x0000000000B90000-0x0000000000EAF000-memory.dmp

Filesize
3.1MB

Download
memory/2316-1314-0x0000000001030000-0x0000000001031000-memory.dmp

Filesize
4KB

Download