toxiceye | hxxp://zx

Analysis

max time kernel
266s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://zx

Score

10^/10

toxiceye rat trojan

Malware Config

Extracted

Family

toxiceye

https://api.telegram.org/bot5687152406:AAFin_LYFhJGLydMgYheeUDec-2orew51aM/sendMessage?chat_id=2024893777

https://api.telegram.org/bot5536756167:AAFMcQrFbMZMBynbrtZUudaOT9ndCJXIqT4/sendMessage?chat_id=2024893777

Signatures

ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wsappx.exewin-xwarm-builder.exeUpdate.exewin-xworm-builder.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	wsappx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	win-xwarm-builder.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	win-xworm-builder.exe

Executes dropped EXE 6 IoCs

Processes:

win-xworm-builder.exewsappx.exewin-xwarm-builder.exewin-xwarm-builder.exexwarm-rat-builder.exeUpdate.exe

pid process

2296 win-xworm-builder.exe
4384 wsappx.exe
3088 win-xwarm-builder.exe
2580 win-xwarm-builder.exe
4244 xwarm-rat-builder.exe
2592 Update.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

250 camo.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid process

5756 schtasks.exe
5396 schtasks.exe
6064 schtasks.exe
3344 schtasks.exe
Delays execution with timeout.exe 3 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exe

pid process

6076 timeout.exe
5152 timeout.exe
5800 timeout.exe
Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exe

pid process

5864 tasklist.exe
6040 tasklist.exe
5688 tasklist.exe

pid	process
2296	win-xworm-builder.exe
4384	wsappx.exe
3088	win-xwarm-builder.exe
2580	win-xwarm-builder.exe
4244	xwarm-rat-builder.exe
2592	Update.exe

flow	ioc
250	camo.githubusercontent.com

pid	process
5756	schtasks.exe
5396	schtasks.exe
6064	schtasks.exe
3344	schtasks.exe

pid	process
6076	timeout.exe
5152	timeout.exe
5800	timeout.exe

pid	process
5864	tasklist.exe
6040	tasklist.exe
5688	tasklist.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133515532736786968"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

Processes:

msedge.exemsedge.exechrome.exechrome.exewsappx.exeUpdate.exe

pid	process
1916	msedge.exe
1916	msedge.exe
3004	msedge.exe
3004	msedge.exe
4116	chrome.exe
4116	chrome.exe
1948	chrome.exe
1948	chrome.exe
4384	wsappx.exe
4384	wsappx.exe
4384	wsappx.exe
4384	wsappx.exe
4384	wsappx.exe
4384	wsappx.exe
4384	wsappx.exe
4384	wsappx.exe
2592	Update.exe
2592	Update.exe
2592	Update.exe
2592	Update.exe
2592	Update.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

msedge.exechrome.exe

pid	process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

wsappx.exeUpdate.exe

pid process

4384 wsappx.exe
2592 Update.exe

pid	process
4384	wsappx.exe
2592	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3004 wrote to memory of 1772	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 1772	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 2216	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 1916	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 1916	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe
PID 3004 wrote to memory of 4428	3004	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82ae46f8,0x7ffc82ae4708,0x7ffc82ae4718
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11450425024497252739,11784210350328099222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc730b9758,0x7ffc730b9768,0x7ffc730b9778
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4900 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3668 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5844 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5980 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5836 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3292 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5232 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2336 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5256 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6240 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6592 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6676 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5512 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5728 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5072 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2400 --field-trial-handle=1932,i,5892076038361341019,12320609602514152560,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-Rat-Remote-Administration-Tool--main.zip\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-Rat-Remote-Administration-Tool--main.zip\XWorm-Rat-Remote-Administration-Tool--main\XWorm-RAT-V2.1-builder.exe"
1⤵
PID:5712
- C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2296
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
    3⤵
    - Creates scheduled task(s)
    PID:3344
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp8F03.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp8F03.tmp.bat
    3⤵
    PID:5168
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 2296"
      4⤵
      Enumerates processes with tasklist
      PID:5864
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:6056
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      Delays execution with timeout.exe
      PID:6076
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 2296"
      4⤵
      Enumerates processes with tasklist
      PID:6040
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:2388
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5152
  - - C:\Users\Static\wsappx.exe
      "wsappx.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "wsappx" /tr "C:\Users\Static\wsappx.exe"
        5⤵
        Creates scheduled task(s)
        
        PID:5756

C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-RAT-main.zip\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_XWorm-RAT-main.zip\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe"
1⤵
PID:5448
- C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe"
  2⤵
  - Executes dropped EXE
  PID:3088

C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe
"C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\Win-XwormRat-builder.exe"
1⤵
PID:5532
- C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe
  "C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2580
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
    3⤵
    - Creates scheduled task(s)
    PID:5396
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp874D.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp874D.tmp.bat
    3⤵
    PID:3448
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 2580"
      4⤵
      Enumerates processes with tasklist
      PID:5688
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:3412
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5800
  - - C:\Users\Static\Update.exe
      "Update.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\Static\Update.exe"
        5⤵
        Creates scheduled task(s)
        
        PID:6064
- C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe
  "C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe"
  2⤵
  - Executes dropped EXE
  PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
24KB

MD5
cfe2d91fd166569359b397da57d9e288

SHA1
b301bbb35e5316bd02997c76ffff2175e19fa196

SHA256
7cada24520ab8dddf58e3b2ce548eddd8dd8cd8bd34345a752207139a7b0ae3d

SHA512
99e5ddb84c466c30f85c729152b64dbb5b89fb0f0f0eea8907bf7b2ae45301eef0732a383ac1c7e51dd8e4147431b69bd5c35c9aed0e99837c0e62359220ef4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
43KB

MD5
26620edcc076cc2fd62492c433a5beb8

SHA1
22a6dc4ee6d78c8a7f25563f090aff42ea044922

SHA256
aab2b198d6c92759e5be4647aed2d3f7e0d581c1e5d5ff58ea99b887f8ee5860

SHA512
1b5a3c8bbc6caf6d12b312a8b693310e4f4416eec4e079a076b966f3036b3a3856f33f46479f91c5605b5248070615321a91fbc70fe20b190da271c1a0347c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

Filesize
49KB

MD5
4b4947c20d0989be322a003596b94bdc

SHA1
f24db7a83eb52ecbd99c35c2af513e85a5a06dda

SHA256
96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180

SHA512
2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

Filesize
25KB

MD5
5c848f21375fca8bdd155347516b2d79

SHA1
f7cbbcbfe3deb43160b60a6a381724d1ad3cce00

SHA256
02f4d8333d1f16ef029c4aa3de40e24972100cfdab823db61a2439378da4804d

SHA512
4c6e175c5a24c12a15337bcb702db15a87aac19f2d3f2cc96be855a756c00b904651ad1472aabf6c669f56c6afa8dada3762febe2c82baaf46782e62b0f042a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
64KB

MD5
7afadf030c3e2dbbd7954a5870ae481b

SHA1
5a8ee92d07ac3cefd06d89d9c2344abc6a76aa76

SHA256
134e987229911d033c7f7b3d8b123f0c48195d94d69cf64337b7d5d254cfc6eb

SHA512
d0798786986e7f2121113e7a8dd3e4248c1ef223f0e22f2776aeb3a7b375780815c4a63b9ee698f52eea0ad59b72ba92918c4ce49e7feef3f226b8b0c7a2deee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
140KB

MD5
74a677f2b142f1b6b4f8cde1c6d49b5e

SHA1
ddd50d3de3b0c849de66d87dc6cafe5cf9fcd7b5

SHA256
c8bd28fb081b3eb04ac62eec7224063aef869281e78d2070b961b2fad2238cd6

SHA512
09715d3767d497ba71aa58f8f6d24e9c47e659f007fc597ed042449d03b15f98450ade90b8ffaa680504f37428823842dc4cd4fc8a1b1ec5a9e5f82e1a289997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
193KB

MD5
7fe2c36271aa8065b034ce9efdbd2a07

SHA1
e22ee654cb122d0d62393dd8d6753d2bcad148a3

SHA256
02cf672988303d8fbdbc7625f54596ece6d83c78152ca6e1aa332fc8c75d5c34

SHA512
45d53a09ced29138e2f99e0e8a293322050f8032e006df06315ac9af2f1ab64d1c767ea5db53289bb5881a4866061299e5a60cd83753fe6ba88e8de7562706ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
82KB

MD5
8b36b954e5a8947dedbc720664fbccb7

SHA1
0310a60a8bbd7ac385b6e94aec8dee9aa05a6d24

SHA256
069b3e224154172e3c385b5ebbdde887253d596776b74b9fb2a326b875fb718e

SHA512
c2827251585fbb5e24bc38ef58822e8892d952c6e2a90743453502254550384cfcc9789858d66706c86f51c483fc28c23c796ba6285747689940460402b30f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
18KB

MD5
5d04a5aed02ac5a2f8a4269a6c2570b5

SHA1
727f0be60a1bd0abfe72a018e5741204006d5f03

SHA256
7d8edeba0329989214034e43d9b5c089bb187c2082dd29a811cc766ad998c258

SHA512
88bcd58efd108cacc3818994606e9fd58f0fdf59e4a0beec4be6081f49d0c236c08168ae9a8b975e7a8955068d4fa2765d68506e5a042bf2a962393aedcf1961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

Filesize
19KB

MD5
ba629950f8ae7f5641c3ab59e68d306a

SHA1
9478d9a6178a603dfb60085366b6091a3e17be86

SHA256
f0d1ed0ede365c19e8283ac1e27caaffa1fa316bb6035ec9a3df76c1b8e6a9bc

SHA512
6922523a24918252000ef64fd8ac1373e704b23d928a7d7c79a21ab1118a0f2847d02765578b9d4f5ff85cb5ae8bf9d80f84142a6b127a164a699cd888132eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000094

Filesize
103KB

MD5
0e411c015dd4f8619ad94213d4a28cac

SHA1
f9e5ce6a933b93085c274cd849e465fb219121b6

SHA256
16baa47b36f047fdd01dba4a2be21c4199ea111c92720d01b847de399acaed26

SHA512
cfc1576c17cc8af4e7cb69d787fe9b92c1ffcee5104bbd6d6800c09bdf46d3db14b8af96e24975c1d58ec10010a524ce049ed276cb736de30d1efce3b03574d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4cdc297cf5e6e47ba4e05f7524fb0f65

SHA1
d97bcc082254d08c26415d4d0ad875c160af4f26

SHA256
dd1c8575c9b4259535314ea722cfbd17a5121b442da7f2c3da6aabeb4ba54971

SHA512
8f84f3a067b9ef392570f0f3ef582f326723012b822c208e6bfaae89cc7e0232a1cf61c4b6326c3b26d0fdb5700a89a0896f13350544fae6aae464b43355f6c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
99fa6ceff3dcb15a1025f246b96bfd10

SHA1
4015cb8ac2cb0e26576de01a09962c4a7c2090c8

SHA256
3e88b7096c9b8782a858c3aac3842415d400236acc7b9896368bcf002979d164

SHA512
64889ae85108cd240830cf0a0acffe3c62ae39b9c2891ede0cc1e4c0d83a6ff25aa051bd6630e1bc73d001745d2ea1ebefd50a9da0a9acf7901b5e37ab5961dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6e1c641f0b95151a59f47480458ede4a

SHA1
4f16cbdc8c76f6e9c0942d1a4e5e1aace00c0a7f

SHA256
bc00bc5d6d94e908bfe97faa27b6190751657c649347deb2a1f8d023f7324a76

SHA512
631de8cb6192e5c968a929a3f713af327249712ed062fd413e0da62493b16a7b50e04a3b9cf1fb7a32e87604c455dbf833a9219816d3d060988432fdbc584ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
037876c0d45ec2cc6e5815582bcbcaf6

SHA1
217443a1d8b5494c24176c0a60b95176a4b14fcf

SHA256
f6957b06fd6fca1dc4af84a89085ff93f61f31969302d18477b74236694feaa9

SHA512
6fb1fd87379c126be3fb157fd68310aade7dcf0718704564a4325ad5f759b95bd593297305582019dc684e5c9e58b245d504cd1da1b37f687af8b83d445e7677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
60e9b2cffde11cb4dc57b6f2f5c637e1

SHA1
0a37fc4e2e5b35d3ac902219eb808efbc9861b01

SHA256
947506e1beeaf1616629ccbd1a93a45ec72d28c59f0069486a173a6bf831b9ee

SHA512
58d862cf0dd2207fd17e26161d65e0516a9d96451efc7e408dfc4e6a34fb7e54e4e9f97e8376ad115b8ad7a27b25c06aabce8d1b2adef22bc0c7361cb5ff5105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a3b7d73d633cfa02ea71463de74635a5

SHA1
efd523e0f7635fe315e725dbf4c4f1696e201a50

SHA256
f9b3608980693058158b9ad63fb6bcd51e129a6e17dd336fbfa0b9c2da3ec15e

SHA512
45657106bf0abc3e8d52e16ad07f70c43951c4506d877f63069aafcb2d60452306f7c3b07c2578477e5a310b0ea81548f0babcea9cf75db77cb29a70ef364687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
d703dc1ec7bab67757fef32e217a7151

SHA1
06816be5fc0417511997471ec45a0a5fe04c30eb

SHA256
99d32f8988e398d48652024d59cf84ede029d4aaf24f15e7c9c3de546716e1b9

SHA512
591478bed59379444106dde90cc98ffda0d2501690833189c5eeecba692ea30c75128ff5d6665f91aa41cceaa9dd6bc8f095358dfbb8c87e4335ba3a14f91ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cfe405d258b9e1ef5e734556f10444f0

SHA1
debe6faba4046240d9951430d34a42073351a274

SHA256
5210654a44d9c4be666684d1828cfe2d1d9831ee65808656c488d06548883f93

SHA512
3857d4766164fda7407fcf09536c6337d02c64fa4cdf07f93c4720cdace335303663a01bd9dec74f9de2ec1e06de1d4bdb6a4bfa25cbaa5051cc1335dd5cd611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a89b7b48f81bf03591b5e30746678d72

SHA1
d3288539342936c865136ba1d3eec78f55db010c

SHA256
e91b5fed771a72293d8c561539cdccb9e77150fa29fb0e58b6e78fbdbc58d21f

SHA512
2e8b2c911cabd5e83e04bb2534410daeb78c7f06e142495a56f19a012a8ba6b1a0b294891975ee27c26df2600c2ed617344f842c2058a70f8e081a80d00ccc46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1a6bd345155b2128be013f4510de0e0

SHA1
cc8513673e1534f2cca5df63a1d47c8cfeb08198

SHA256
5d419212bf3040d0902bd192f47e08414a3eb9ab62c288c15dbaab48f9226414

SHA512
3a07b9be22249ab520a44e8fa093930b06b14409af95e9b0981f53142db1b3ff304da549636cb67a4d25f4ece4c6f56d5ad8525db55127d06f9ba3c4a49d45ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
56cd5fe8e2d9003796553ef2571aed03

SHA1
7cd70a232ff3ca6ba662608f300097ad961120e9

SHA256
4b8191c861df6e038a78af3823e03a7807bfa539b5adf2ff757ef5ebbf898a97

SHA512
f7299370a775f12b893df33ce1bac95b921e9a4e36392d18dcbfec8f54478296134d511a23434988a4f19bcb536b0ddd2de1c41ff41f9ba8cb188d7a2aa5c601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f58cddc194ddf550482bf09782e9877d

SHA1
f735d160ac262a2f1c4b3720132cd6c81979d9ba

SHA256
9c3918cbdea1b1186b3f15631460838181107da2a958f750a61343db351889ef

SHA512
9cf96f47aeef2d294c07ffbbab4aa0ea6637c08fc50409fedc5ef5d632f17ca9d23a71b74bfb60336aae353df2de5d23aee8641492814d7eedee937e2402f5e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b414acd82ffc845a66129df44ad5448f

SHA1
237417cb57095631368aa622eb4b034164f1733e

SHA256
7548fa443cff664149251d56934f50b887042727e63815d89196efaadbd5f2a1

SHA512
24b4f13b9b6fb1f36cf6db2c90fce01b20235090fe0c3fe4b432714ed4fd67de67650e4f5fe0f54ca573ffaca1936fde05a3ade13cbfad7aa687a75293652283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a259f2b02769850bc7a1f3411992442a

SHA1
17f0645fe37b478e455f39bbbf0a2f618d0762f1

SHA256
733a3f5bc84407cd5a7d82c4e1fb6ab1f79b13c2b9f7e2f4052b2495923c55ae

SHA512
0487b3ca30980d70a442d73c9d42e059ef7eaee596a8c813bd5bfa7cbe25debb66e3fe94df3a811cdd6c469a68f6d9663abef117cb8ccfa5891f16d39170c07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a0d30d4e239840242c89efb2036decf

SHA1
547c6d1fcb6e5917699db39f995f7b25bd79e922

SHA256
a96c391742cb9daff55cc4e850589596226e51582d8823abf292e17db2afa4da

SHA512
445380dd96fb8b8027fb1038358b581b23fd1b0af7cf04403120ddefe63511785eac4e540baa2ad8aff5d0d65014a2e466796a049b5ee3b4053636d0b7336b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f47b1a345af6050e6c51844020aea9b8

SHA1
9f9bc035e92ace1d40d9978c603c2206e864d40d

SHA256
d411d7c3dbc28651f4147d4acf95922a50180f6f59b64e65cf1fa69d2bef1a85

SHA512
1f5791e56ea9e266bf9d274139b5163f6f678357a81be3918b33c9a0104cb3f9920170985b9d1a8ebc86a6372b3297309ab2c33075fb130d8d4a7ccb658eaa6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da749764400f765cb51e0fb0bab4d24f

SHA1
eb16ebb89149bc12170281ed33963758c8ddd3b1

SHA256
2fab25e1d5814683c1cfd6ca7036dbba5003fdeb377cff5cb7b11fbf4dbd4a99

SHA512
d0a3d5c5bc64913cb2ce0b6846a6fcb9851fc78df30aafa2ac188c373eebcd02c90036ff038110e99f1bda10e6edaec2fe82874282a7a59aa01d53c7866559c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1a8eacb6c4254d2d654157591a9104e

SHA1
254a7f954e3894aa38235cc7660059966c8a6946

SHA256
4f1e81505b2cd0119a30b373e561033a27effed821e3fc67a90a035ec4fe366b

SHA512
890875a66fcf3a0ce6b29b586d4e36f370340681fee1f622fd7bf134ec8855db64a4d089e8ac513dd2b8292a42c186bd9938bf691c20386faaf5e49ffe338ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3b9648f961660bc9e5e5434a164abc45

SHA1
9db569cb8403be10e1897e33c8f736af74fc6943

SHA256
25fa4ef545884cdcbe8c34de84ac7e005140bc61821efe3521b6ee3f690dadc8

SHA512
524094a16b7151d7090b63de4b5131ee8f41d380ccea58506331440ba2dfc4fab2f800cb2e5674e15d99d23031b597420fba86184a8d10f2209ee0012bc8a451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8d7dfe9b12cfb371b561d41544a1c8bd

SHA1
7bf00396bc2a1ca72b93ae191e5f56b97dd469dd

SHA256
78dbf8099e5f034d1fc103367989907f83871b51039500a4ca1d5b68121a6111

SHA512
33ad6d590c4ca84551cbb363183e53935bb63122b5a71bbec223c92508d9d5d118172d5a06f5cd7be5830544997a0f33b436692573ceafff734a03fd24d8f51e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
1647bd6c8859f20d0ba180e210fac0c3

SHA1
677c0356d60c445d7aaad19d2bed230467b78ee1

SHA256
585a6cf7d10aba30dc50d439c6d455f52089afa38a34fbe3c4322d66584360b0

SHA512
a6c80b4fdabf2aab02d4b1fc5b3ee54dd9ec0840903dee2d6c73f70b5680406c169096c0d3a2dcabaef9f815d11f6e1a5c18bbcfff189279fa71209bb781ad9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ed5cdbe97595aedfc6d7727fc76d62cd

SHA1
9094eadd7564e3fd580db3a7b8b9c5cb03f329eb

SHA256
5d81beca771b3d170647c9e978272d5da1f18c6198a0d160123724a10ea23891

SHA512
20b2f1ee69d26ef19652bdc12945b9423d3d2c089fde1727e6d1bdaf8ccc419944ae40344cb6ccddf109d714d6e1047f7541cb40d59dae5ad443ee3082a43b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
2e4f8d57f9168efe754e5d7633e9e915

SHA1
610adca18162d2f60a475ee21d62d8c4ca75b922

SHA256
8cacdd4dfa85708ff3a3164438c9fc2e985ef12598e819ba7c10c59d3435be25

SHA512
818641b34e3b7268f29fe2563c4186b17f930468aa8e00a238cb40a9c67355ede7c6352429058fd41f1eefe07e7be9f15a2f8c6c3c4da7f48e72c4e5c8c145ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
210e611d718b0ce78a49e86c1e1471ca

SHA1
455999dbe27e0d759ea192dae2a7e7c39afdc73c

SHA256
8ee813d288001bb8641cfaff9f717830c6411866824a4ea90fcb8f851c405054

SHA512
f6360a73ed4cf5987004230ef6757140c0b7f6b0739c1ecc95d7c1b653188f68b98c1accd7ab3ea7a7557a672559646efec6f24ceca5d16a6ea49e689fd9dba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
c110f430f210fc18810234120be62b58

SHA1
a25c71952fff20d944a976513801ced31f4ad4c9

SHA256
03dd34c68800f589913381e4c9e04a60e079b14e884603cc3db2208b7a862bfa

SHA512
35d07ac2be57eaea4dc4f1f72ffd574f5f8bf12d880a41f87cf516eabe460d1752028b350f8b1a4d796abf61e3e5521e04ee5d194839b87e0fdc915bd4b8311a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
72c6bd935a9e4978fbb386b8e07bfcb6

SHA1
9a8ffb0e26b0dcd8fc3d25fd85c27cfa8f004b5e

SHA256
e5c4b22d39e7d513df7600fd83f6478fe9c4e66db05ef513d88fa44569835d86

SHA512
4705949f3677e8975aa9b7ba59b7cbabd88156837e2ce2121524699486c02e80c1568e73f5b084318fc5bead0bd1ef46eadcfa550bbf01b9d8ba310bb3bc6449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
9dd0ae3b7df58cba30ad8ade428aa8e1

SHA1
de7e4b316d118573010ba1a8cd96e287bf2c2f0a

SHA256
b1c63f181e965d9a941b3125a24e666a63cb7323bd7cf4b3b8e727f83786b66f

SHA512
f99d597ae9dae27b72712841ed1390e9c2663746ab1a12421f3fe3409510bdc3cef73151c5be724858ae3d486381c4fc59e871fd278b49fc2a30056fb5038013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592be8.TMP

Filesize
105KB

MD5
335b8624babddbae2af58d2480a801bd

SHA1
aaed67b7df570b7da543a45e28cb46ad17498e92

SHA256
4300a40863fb40468461ec6a329ecdbaa80e3c033ef962ca1e1567088a956b81

SHA512
9da377691e5816abd4ec8e7a9c3348c606871dcbe2173eeabb48ef7184bfcecd9627ff8034f93689ce0db188cf46c930ff103be314c6fce98f5ecc117632517a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bab7ef1aa50157b5ed63bbf5124a1832

SHA1
5580fc358cc4aff25c4d5c1b83b80ff3bed4b225

SHA256
14b0fcb3ff1150b48e22e2640b868bfe8b183e8fc705d4a2f6e0545e4802d629

SHA512
6713ecd5ac5f2c52f421bc9381f9b80fb2aae10ebc018596fd26b4d7da0642d272355e1258bdd9d0f279794e40b0599413b8b10c8b7aa3c4f727f7c67a5e4881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4377706384c06ef6c55e414ee5b6a505

SHA1
58790e34c7d5fa6c594ba40c539627c926d6aa93

SHA256
01854d1b51902159eff72ca548f48dcdb286ef9b31bceb458913b15fa7f2f952

SHA512
b7a57fc6897764336cfd814e9743786867e9a142055cc2cc78c9d9b5c8ca7423912a2be180e563c92dc739d0399b90ee96c06e62634a908fce5a3fc56830dbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e029efe70912cf57d40d04c01776d41d

SHA1
94eba5604a8e4523d23565ac3ebcdcda4005e4eb

SHA256
57cd696aea3594a27f18b3636da302823ca687c6a326ff9ed2b578a23a96ac37

SHA512
3c380b2c1530a103030562135f9b71eb36a15c49ea96082f64f717e7045ea578ecbec2d1f53cd569d720f7e37a3c091f9bc6ff3dfecde6775658c1c51a03f01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7fb8276fba4ee64d7d1c1290938da39e

SHA1
2dcc9fdb686fb407b994a4ab7a6e254afdb9a56d

SHA256
35f824a3970e812f9bc03e68c12753efc031e123d75b5d92a9d5bc7a2cd6e647

SHA512
031c176cf10384d16eecc87e9d5c79b4298f31390bd3587691082aadb53ba3ce4b8ef6c508e9f5696a2798f46b807b9ac99506415e5007061a2420364ca601e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-xwarm-builder.exe

Filesize
127KB

MD5
f6f686df785d0abdc66d1f90fa508c4b

SHA1
75f348132001df30cbad9c7cae2e2072fcaca38e

SHA256
61b52af14fc66126a4e7f09b3cff7d3c09e5ad35acf23fb9ba43293fac0c995f

SHA512
7daa425723caade3ec747fbe6e425e26bc419e1a7dccd6253770fe1a118a8b90e0f40f6cf4bdac259e68a0198a384ed1b5de7515958f5e17e4e35219b9077d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-xworm-builder.exe

Filesize
793KB

MD5
835d21dc5baa96f1ce1bf6b66d92d637

SHA1
e0fb2a01a9859f0d2c983b3850c76f8512817e2d

SHA256
e67f2b34ef647d59eb8ebd4a88f85dc072346ca5c275cba1ee2307b80a560319

SHA512
747a9b6cde0207c722a62904a2c8708188f7c9e65e94cf55667e90096f1d1852e145061bd8e764bf30aaca0fb0f4355668feccc951041af735677c4c644aba87

Download Submit
C:\Users\Admin\Desktop\BlockUnpublish.mpg

Filesize
316KB

MD5
d25183a24f1713bedf04010b0fc2bd38

SHA1
8630628268de2d22a4d78d128682103430eccb13

SHA256
7ddddd24e4da7557853386294b1f864ce46ab95680f3214604f935d668257749

SHA512
cad57fc0eafac5991d890fe23519af07eb713a20639bd3ce790b123a68f20d9f0ad16337639d1af96aa1e4b012907ca93d41e7d26a29696ed6e5deb4dc444de1

Download Submit
C:\Users\Admin\Desktop\CompareConvertTo.mpeg3

Filesize
466KB

MD5
773b5d4c4796a9a780d8991bd0b26232

SHA1
29d3994d079e9858738e89d9d3398523144eaa99

SHA256
104382a32ce1e538c68b34ea8caa8df74ff7ba4a9cd3685873b6ea9288afe5c7

SHA512
c97c61df15de1ecbff25d118da437c214b66d023f3cc158c903b63746c5568a360574da2c0d57e4efc8030b790d83cf435a88b7f8fecba961aaaeac8a4fa1c01

Download Submit
C:\Users\Admin\Desktop\CompareResize.ex_

Filesize
399KB

MD5
b9a6207debfbe93703e1e2a6f98e3611

SHA1
0c6cfa445d4ff05ec4bb89814429c9010b0b775e

SHA256
b98542c3ceadd6b64bd250ce878a98b1db870821376d2d04192e5768a4d294c0

SHA512
6c762afccc9b2848c4511db2b956a0fbe1518dd8d45e2214ec9ed06116dd8f17a9618452260b761fc7b2f4bbb862487a3d7622a6f7dd24e81c14f4de7caf85e4

Download Submit
C:\Users\Admin\Desktop\ConvertFromDisable.mpeg

Filesize
533KB

MD5
c9bb3d777241153c971d4552ba2740a4

SHA1
4275bac97f9fb25b8c33b603e2acb14f82556f09

SHA256
e034c6037809165ebe356721432b88cd9215ee7129bbe9e70c1d6b8899a3496b

SHA512
5ab2e395cd494015d25c574e025cf20d28ef2429eda17c5d6bd2d4c3d4e811ec7d93efb27e14071b1ff2e4919f7f3c8281311e46d4f2b93e91b3013e20b8559a

Download Submit
C:\Users\Admin\Desktop\ConvertFromSet.wvx

Filesize
616KB

MD5
4aa8a0502afa5fc8918d1e91c1e42dd3

SHA1
2dc8af0d93e1d6fd08cd92260e2d1ed83481729f

SHA256
387fdeb5db1a2d761181b88c8bc47bdd3fc3f3e5779aecaacab210dd06404ca3

SHA512
e8defd2d74bb880f0b48b8a2e23f11789436c8f20fda7cdb6b7064fd4dd082866b9fedec278d875c1778b9354089840298abd91bff4d77c56151ba56a4395aa3

Download Submit
C:\Users\Admin\Desktop\DebugCompress.mp4

Filesize
383KB

MD5
22dfb10e6ecd4b7fd3b75e3c16488936

SHA1
8a1005d3ab6991260c3e2b48c42cdcacbc28b15e

SHA256
c905feecdb37a49828d277c2b161421d1b82e13e08c695b5a065984661846f59

SHA512
526b2de0666c6cb6d4c87a3c4194035a889bd8d3e33745ae52dfeec2e5cee8f0c1b41ccb228ac7ac88fffeb18e0bff5e274ec58aea38a000b1a8d1514f0e7861

Download Submit
C:\Users\Admin\Desktop\EnterRequest.wmx

Filesize
483KB

MD5
a25fcd3ba1615a839601604047813e91

SHA1
76efd1e7d08492c8bdc2257255048c407e50f0f5

SHA256
c387f368abc601db0f3fcb3822f92586e178852be6319dd12d039cb23144a364

SHA512
0ff99fc000f793f3c4e9b0348cc66bf36d88f292b45036545d109b836f94c7a42a26102548b60ee0c921429736ad514349e8be5989783c2026ecdad4572bd977

Download Submit
C:\Users\Admin\Desktop\ExpandExit.au

Filesize
416KB

MD5
a27a0c076a36fbf6b00f3b808478a067

SHA1
af173f6db428afa5a4b8e62c23f06194b01a6ace

SHA256
9d3e413188fcbb6bde7ad9c3686625469556ed34246c5e089ce6ce9d366bd1ad

SHA512
537ce5b4e1ce418d842876cc78034c30381edb9f9470a0f9ac545ecb87fc2c25d4e999b050978a03d049927b0b8c5c3eb2b2b50fb8a79d8ec13cfc40a9b3ccd3

Download Submit
C:\Users\Admin\Desktop\GrantPing.mpv2

Filesize
349KB

MD5
0141865a1bc2c1ffe919335f9a13d4b1

SHA1
54c548bdb7ab413d5113a7c98671dbb72bb28cf4

SHA256
dd00c36f69471b80a8d98695556d22f76a00c96ff4c1cc0377004b0de874905a

SHA512
8daea9c09f7232d5dced03614c084fec7b58907a558580aa27c5ae06f2601296ca4ea0d18b468bcc84a0be486589adfc6391874c1df5784a0c90e59fb3f1e95b

Download Submit
C:\Users\Admin\Desktop\JoinCompare.zip

Filesize
249KB

MD5
86bf4a3dba28325915373323a6c430a0

SHA1
f2d574924a3b61a6472254231770ed9510f539ff

SHA256
db6a4e62e450a188cd2dc155cc1e26dad92591f043470604166ab2af58b1423c

SHA512
aab9b0cf03776b31d7f9a84ad268340542ca758a1a2f0dabde01581740ce02de52849f3a6d9fcb9b9576d5d98a476bfdd2f9129610e7396838da23e04b821d95

Download Submit
C:\Users\Admin\Desktop\MeasurePop.potx

Filesize
283KB

MD5
3b118b5ae5c880856c2956b69263b402

SHA1
14ce9450fc2ac0fab32ed65cb888f6c272a8b298

SHA256
74db558a52a17862de5680f028baae76ba9d0a817a81577d616f91b22cf06602

SHA512
c734db5b6b6e539ca9a477d7be23c29d0d9bc09a10f9e0dafd470c8cd583096f72a7025d1f4b8a96c908266484e8dc7007d220f870c157bb38b03fff989502b4

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
2f65c27f586945402bcdce6f7ba6f2b7

SHA1
c6ee7e05cb89a7620de4fcd971a4c1d956bdcc66

SHA256
ebdc4f02a3e6061bb4893d48b10a9d094a4d84103fa4a3ac8e11647998b4e1ea

SHA512
ebf110d71da45c228afb3bbd63912e01b130e21319ebc625f48e42af9eda55bf5029f778d7f21750014cd644ea7926085be59b5627b6dbc32d17268c5ee2a02d

Download Submit
C:\Users\Admin\Desktop\NewResize.ocx

Filesize
216KB

MD5
e2927a274082161da8a6bbcc90f3c5e1

SHA1
4e9a4f15968eb7cd7931125af0f5928f0c1bc1d2

SHA256
d2b6d50a0e29a92b06e9931f86848fcc6ae809f2db6ed4b813fc157ce03bd9be

SHA512
724c6a9b5e69644843506c7b905c68015d26931dabb6a2b5f6662386b9af90d8f68ee7f8b67cb4e5b998f9c4be18448c3ad67ae4ded2951b5e9c22731c0039e7

Download Submit
C:\Users\Admin\Desktop\OpenResolve.ex_

Filesize
333KB

MD5
71bebee7df5ffd494bbd1ebca7b3b449

SHA1
0ee26020bb6ca75ff193f09a2cb56ca46200f907

SHA256
0c2e30828117b904182b6399e32fe74c4c6c81b6f7b0ae24cc1d868b240b950d

SHA512
aaf7bd4ec11a448dd3f10a9cdc2acee30b50fcc7bbe4b2b40417259605e8edf660bd1d93d66624d4d5316c2e4050b6f189e86eae6eed26f5d14af60d36ac85c7

Download Submit
C:\Users\Admin\Desktop\OptimizeSubmit.3gp

Filesize
566KB

MD5
ebc659bf1ff258bc1796078dec75010e

SHA1
96a2fd5307aa3b0749964fd6ea4468b44675e667

SHA256
a2c17daa192c3da500a9d2779d8ceefac5737305e917ff8bc5a95090bfd575aa

SHA512
b2d26bec89802bcfc70ad82a63a212ec7e07394d38a319e63a53978b9b102c6d1f0030aafcc871e6bfd7440f613f5d974f891be98cb9961696d299cc4bf16e99

Download Submit
C:\Users\Admin\Desktop\ProtectUnblock.otf

Filesize
366KB

MD5
40db5c5b89cb53ffa244e3f65aeed353

SHA1
41b49acdb0b1edf970ade58fad6f94542e06ce89

SHA256
f292ee8bc3a2874751891c81d77d04629d4cce483af4f7bfff2a7888373ddf7f

SHA512
9b9e0e8340ebd0564827ab13377be4b793135b37de6733e81c11b71ead02b056aaff0280e1f35d7e30afa447fbe7cae993c53f4366e1889a45720c17237f6506

Download Submit
C:\Users\Admin\Desktop\PushFormat.xla

Filesize
499KB

MD5
114f808e9efe6f7a0fbe8ba87e35b950

SHA1
06072611ffd0446e19eacac4c67e5a1fce50640f

SHA256
dc2c5703a2457b59e27b7aa084d33bdb553f004eb11e7421e17294c162b0452d

SHA512
605c76f52e7cd22627fb4667f813689d1184b2cfb909ffedfd93250db2fea6ee8157bfb6f976504229ea0ba2b23457075496e950677a4e84949c7ffe096a92c2

Download Submit
C:\Users\Admin\Desktop\PushGet.jfif

Filesize
266KB

MD5
afb3ae82882bd3c576b10e4b0ba39eaa

SHA1
4300956623dc4f15a16360449e4f82c2f87bc4ef

SHA256
6c10a2fa41a6ca68ff7cbc9538f3c69fb9b6f44099f591c987c41f7ab61f047c

SHA512
aef73e515ed9e4479a85084f67c85b47fe1b05a7d1c179dd89c837bc09aace49e6e86afa5dffe871d7d8433ca6af67ac82321105f1ac372655ba23fc62ba8878

Download Submit
C:\Users\Admin\Desktop\RemoveGet.eprtx

Filesize
849KB

MD5
5bd88fc6c44b821ef10a6c7cdb940726

SHA1
c20b33b000366dc07a3298fc8864bf3e037de3a7

SHA256
0ef2bc7d68c0b3635c7b907f4c9a1a5c33db5a42f869261e4388643c7e1d2b14

SHA512
5ade0b7d70fe27de3784b2b82d5005158df9d586ad7f9ad26eba62854febd566f988e08d9df241870f9c39b849a18a05dbb96a9e7634e25e2396f2e8c1ded59e

Download Submit
C:\Users\Admin\Desktop\ResumeBackup.ps1xml

Filesize
583KB

MD5
b0bc6c8d72d0f923d0728585abebe3ef

SHA1
b74e684e5772eae65bd9f3eb217a064dc66647f2

SHA256
b6937f0b1d828e97ecc228061b0a1655236d9776c4e142e3a67f341f25700116

SHA512
64fd05bcd7011f8b175704c59a1e00544de450468efa2ab759d8b09dfb01d7ff31de3a5318476c80bc1e662a60cbf65f69552257ec5ae3b009f4d4a38d91008c

Download Submit
C:\Users\Admin\Desktop\SaveRequest.hta

Filesize
599KB

MD5
af3b438725909dd8c86bbd0263b02ddf

SHA1
926994b657aec478a0288c5089587ffde9d5ee0d

SHA256
e0a6974fa732985315fc247299e4c937e2b95c0c17108b4ef47b5bff3fb6b533

SHA512
adac3c80b1732dbe0e1ea51c8345199b947f626e0240bcbe40c990012763656c2615e2bea2d8783126b69b98767ab00f2854cbed69193c9ff070303f06d507ce

Download Submit
C:\Users\Admin\Desktop\ShowSuspend.ppsx

Filesize
299KB

MD5
59455d2fe98a7cb232924a81cf1b0208

SHA1
dad2ee68198a023b640c4dbd8b2d1d23d13da303

SHA256
c4779525013e26dd9863e01fe21168661cab24737bd24a826130b277375afe65

SHA512
d73db1394b057da3152e76832a897186613c43b6206f23f83da454b8398b4d55fd4a0bb9a23819d3530b3b2c0f95b1d5e4bca2be975d19aaa58a5d479a522032

Download Submit
C:\Users\Admin\Desktop\SkipUnlock.potm

Filesize
549KB

MD5
73a92d2c28223957687366fe64708c07

SHA1
0cccc61706d67ec7d40f3f359ecd1c4218f675d2

SHA256
83ff0d1ab0ed090e1814e4dce9fb2648f7a1553284649dc844f9e78b869fdc49

SHA512
445c35c5bcea2b1669e5e42034915aac8db247926a403bf6d43a4d3fd03f3736ee5043883dbb3fd08ce6b898e3e0dc116838b18eaf0aab4ea63827605fed6cb2

Download Submit
C:\Users\Admin\Desktop\SplitSubmit.M2TS

Filesize
449KB

MD5
cd50fe59ef2f7d5c96a740a6a0fb6f62

SHA1
847315ee765fb1ab63d9c2cea7231792bda2ad99

SHA256
1c9d0e2135a98876ebec68ad165478cf4e94348530d9d0565df45227a91ade76

SHA512
e1fe4910d3d169fe88a8a7aafbd416052daf82939046501b1e70eaaf4f9e27b1177cf27383e9f8cd50e78702166f11dd815d1739286bf8fb93857f1de7df9a0a

Download Submit
C:\Users\Admin\Desktop\SyncPop.mpeg3

Filesize
433KB

MD5
4b03acefac18015418035e1b4924aca6

SHA1
38fe2843ce75abc04d10825573af24c841efdedb

SHA256
adb49490ebc8e7f900cdf0c7086ed7caaf1e6792e89c01e9c0d21078c9f02e6d

SHA512
e3537604145296f87d60b7dd75b74d11b1ddbb8f4d7e5c0d3d2662c3dfe6cf89f891a35a28e062d60a79957a032323daebc58bad1882e871cecf08209620cefb

Download Submit
C:\Users\Admin\Desktop\UnlockInstall.vbs

Filesize
516KB

MD5
2bccb6940c6f03511e6cfccb0adc6b30

SHA1
82e7c296f57495f73ece2399aee364a61253a0ab

SHA256
e20aad1f4147472f1d652aca8c0950901023a851ec2b41b6e5a77058b470f9c1

SHA512
2561845dfe67eb066e8b412fda8795580e928d53ffd0cf0508ce2befd948ae50527f36d9e583b4782c953d32b2e8d47ae584c8fc141cff48b63a7d8d5589c946

Download Submit
C:\Users\Admin\Desktop\WaitRedo.ods

Filesize
233KB

MD5
51d740dadb0edfb6c0c71f86f64ee2de

SHA1
43047a97ab0cb04a2ba5944c7446bc775550bc14

SHA256
c87d1c26eabbcb64aa8204bca6f782ea0d6b2a8fcedbf2b6f534b7101fa9d9f8

SHA512
90e17b3e1e3810756fad08fe8523da4052c124c4bef3fab6f25a0191a906ab1b72471e4a7f883ce6dea8b34701559b1f4fd5518b0bb4c7d6436d81fb8c3fce7c

Download Submit
C:\Users\Admin\Desktop\XWorm-RAT-main\XWorm-RAT-main\XWorm RAT V2.1\xwarm-rat-builder.exe

Filesize
6.5MB

MD5
a21db5b6e09c3ec82f048fd7f1c4bb3a

SHA1
e7ffb13176d60b79d0b3f60eaea641827f30df64

SHA256
67d9b4b35c02a19ab364ad19e1972645eb98e24dcd6f1715d2a26229deb2ccf5

SHA512
7caab4f21c33ef90c1104aa7256504ee40ff0a36525b15eb3d48940862346ccf90a16eef87c06d79b0ffd920beb103ed380eae45df8c9286768890b15ed1067c

Download Submit
C:\Users\Admin\Downloads\XWorm-Rat-Remote-Administration-Tool--main.zip.crdownload

Filesize
5.0MB

MD5
ed997c518b1affa39a5db6d5e1e38874

SHA1
d0355de864604e0ba04d4d79753ee926b197f9cf

SHA256
8a7d20fb5bc7ef8b02ab6e11ef78ebc0a31ba5376bd97d40fe5d1da521324556

SHA512
50699cdd035c48e431102c703d7855dc85caa6feb7a7b34bdb23c7ccc298dbcc3ab261690c3dfb078451d3e299a0b037351edcbf54e79b6edaaacbf30ec68cb7

Download Submit
C:\Users\Admin\Downloads\XWorm-Remote-Access-Tool-main.zip.crdownload

Filesize
4.9MB

MD5
c29e5cac95dd0b675f226b0fcfb7fb2c

SHA1
174a1dc6aa9131f31e1be7e79422ca13d2720fb8

SHA256
96f92d251a44edad3994c0bc22bd063124fbdf0c18eae81f2a35119542546f0c

SHA512
65de4c8399601a62b67bc1c85ed202519f9131964049c00d7928402ce69074ab58f787066725c026e470fd1f02ad2066c0b8b62df655cd2c07ce49b3a3bbc877

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
26d55536f576f2b1e3cddd5b6fec75c1

SHA1
cdf9b027a8c2b28b97794e92c046ddc10d079b72

SHA256
a64e2c72f09cff0e7b8c2eba32923d67f0f9a2d7513c5569ccf48ed7379f73a6

SHA512
0441c1848d0bbb7eff82552e388c0c654269b705c7fcc052fc775dd9dca8df46e5f6d2b229027c3a653e3a6b10366ad40d10f088ddb32773cb90760e26c4b033

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
36dceec7f886ff0317ce89eb52d85ac2

SHA1
bcc03df73b5d565242db3c321f2cdbd527a32eb0

SHA256
550584634181162d8f9ea770b827a46c7ae08178b99034a8310050e29554cc30

SHA512
cd3eca63c89e9bd720ef1ec7563bd4b02870e0171636b6d2a1cb1f5496098095f7857295797bede179ca595581c68b47666cadc2b81e97bef43a10d260435468

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
6215122b18d50f648e6a2dbf85eaba84

SHA1
879e3174fa9b449b8d2a5bff891722a8d717a692

SHA256
3f5eef4f36cb76c88811279c2d2af5f5a818fcd4d16d784bf393cc26290e8be6

SHA512
30fcf59259f85982ec8e3f2e170aab23c1e0024838b2dc97cec2863ce28180b3c9333cf9600540821916662c89078273e704e9ff31bda87e46771ee290eb437a

Download Submit
\??\pipe\LOCAL\crashpad_3004_HDVIZKLYSFMSFYMW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2296-1588-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/2296-1587-0x0000019AEB740000-0x0000019AEB80C000-memory.dmp

Filesize
816KB

Download
memory/2296-1589-0x0000019AED5A0000-0x0000019AED5B0000-memory.dmp

Filesize
64KB

Download
memory/2296-1593-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/2580-1654-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/2580-1644-0x000002A9788C0000-0x000002A9788D0000-memory.dmp

Filesize
64KB

Download
memory/2580-1643-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/2592-1657-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/2592-1658-0x0000022D78350000-0x0000022D78360000-memory.dmp

Filesize
64KB

Download
memory/3088-1613-0x000001DD1B4A0000-0x000001DD1B4C6000-memory.dmp

Filesize
152KB

Download
memory/3088-1612-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/3088-1614-0x000001DD1D0F0000-0x000001DD1D100000-memory.dmp

Filesize
64KB

Download
memory/3088-1616-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/4244-1660-0x0000000000850000-0x0000000000EE2000-memory.dmp

Filesize
6.6MB

Download
memory/4244-1659-0x00000000747C0000-0x0000000074F70000-memory.dmp

Filesize
7.7MB

Download
memory/4244-1661-0x0000000005780000-0x000000000581C000-memory.dmp

Filesize
624KB

Download
memory/4384-1598-0x00000163092E0000-0x00000163092F0000-memory.dmp

Filesize
64KB

Download
memory/4384-1619-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/4384-1597-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5448-1603-0x000002114E750000-0x000002114E760000-memory.dmp

Filesize
64KB

Download
memory/5448-1617-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5448-1601-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5448-1600-0x000002114E260000-0x000002114E34E000-memory.dmp

Filesize
952KB

Download
memory/5532-1630-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5532-1651-0x00000276DA5A0000-0x00000276DA5C0000-memory.dmp

Filesize
128KB

Download
memory/5532-1655-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5532-1631-0x00000276F2F50000-0x00000276F2F60000-memory.dmp

Filesize
64KB

Download
memory/5712-1596-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5712-1594-0x0000022C759C0000-0x0000022C759CA000-memory.dmp

Filesize
40KB

Download
memory/5712-1586-0x0000022C75930000-0x0000022C75950000-memory.dmp

Filesize
128KB

Download
memory/5712-1576-0x0000022C75990000-0x0000022C759A0000-memory.dmp

Filesize
64KB

Download
memory/5712-1575-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5712-1574-0x0000022C737D0000-0x0000022C73B0E000-memory.dmp

Filesize
3.2MB

Download
memory/5712-1618-0x00007FFC6E7D0000-0x00007FFC6F291000-memory.dmp

Filesize
10.8MB

Download
memory/5712-1599-0x0000022C75990000-0x0000022C759A0000-memory.dmp

Filesize
64KB

Download