hxxps://lootdest[.]com/s?nGzy

Analysis

max time kernel
242s
max time network
247s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
12-02-2024 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lootdest.com/s?nGzy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2532	main.exe
2132	main.exe

Loads dropped DLL 27 IoCs

pid	Process
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe
2132	main.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
13	pastebin.com
108	pastebin.com
109	pastebin.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5616	msedge.exe
5616	msedge.exe
5244	msedge.exe
5244	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
2324	msedge.exe
2324	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1476	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	3828	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3828	AUDIODG.EXE
Token: SeRestorePrivilege	1476	7zFM.exe
Token: 35	1476	7zFM.exe
Token: SeRestorePrivilege	2944	7zG.exe
Token: 35	2944	7zG.exe
Token: SeSecurityPrivilege	2944	7zG.exe
Token: SeSecurityPrivilege	2944	7zG.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
1476	7zFM.exe
2944	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2132	main.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5244 wrote to memory of 5492	5244	msedge.exe	77
PID 5244 wrote to memory of 5492	5244	msedge.exe	77
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 1400	5244	msedge.exe	78
PID 5244 wrote to memory of 5616	5244	msedge.exe	79
PID 5244 wrote to memory of 5616	5244	msedge.exe	79
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80
PID 5244 wrote to memory of 1384	5244	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lootdest.com/s?nGzy
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd23c53cb8,0x7ffd23c53cc8,0x7ffd23c53cd8
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Valorant Triggerbot.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10424867473636350294,940965853418224279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x0000000000000418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:976

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Valorant Triggerbot\" -ad -an -ai#7zMap10491:100:7zEvent9001
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2944

C:\Users\Admin\Downloads\Valorant Triggerbot\Valorant Triggerbot\main.exe
"C:\Users\Admin\Downloads\Valorant Triggerbot\Valorant Triggerbot\main.exe"
1⤵
- Executes dropped EXE
PID:2532
- C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\main.exe
  "C:\Users\Admin\Downloads\Valorant Triggerbot\Valorant Triggerbot\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1b96fcb1-53d7-4742-9dcf-72341165b21e.tmp

Filesize
11KB

MD5
b835b9803535589a37dc880815e16355

SHA1
f8854d7ccfad4cedd094d7db2765870b89fe162d

SHA256
25fe098f0d090080a043092e2eb2c1f3e9cdfe398e7ed3d770294d2a8b1093c6

SHA512
81d2f419fc49283fca718a00636352878534af868388e2d484338176cbd338155d51da04778faaa225d41f1629adc9f9a882427157fb054f2f1bfbb6232a33b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0307d75488a9def144d0373178e421da

SHA1
1e4351dd4a29b6340913848163b4df62628ad06c

SHA256
9e1bd506806510408dcb9d5e1eab6672d905780282361f2b9974ab9a9ed1ab9e

SHA512
993dbb0491352352ca89542922df735fc7b3cc0d14a4790f106c25ee9fd616d0722151d05e045ed5863e56b128c3308a561b958bbf5fe3bb87498e8a6d12a50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
028ca54e48a31c1831a7e619c5f7c056

SHA1
497dac13988b468641bcce1fd8e65b32d4dbae9f

SHA256
90a3e5f55029d704023f1050102d57455a4099f873f42b8eb45726ea379a7e19

SHA512
08fa763a40c315c079bf30813373d2d01ed95af6e8c4e1b00bc38befded15d87d6801e4650474f25260a930f7016ff09042bef7335e2f7878af9324f011ca35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f45ea54a2fe384e5d1694e056eb35402

SHA1
6d43f39b94c1e59cad41f491c2480c4eb43b7817

SHA256
9e8498b1a8eaa35b9d974c607b9b4ce01243906765ddfa9fdc5da3c95c91b8b1

SHA512
1db643c1d89e4604ab7737ec182731eab78e049ec52ee46aa2344919a018418370f961acb51324b0d02362e99085dbd2e6473545944f82c701a502b4c1d14725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
00da8e51f45b96df0775c061b4824391

SHA1
253691ebdbeedce28c77c359622f094bac8f9e5e

SHA256
4ed01fe718ce953d834a3c2bbd653a31b16587e0e17b050f95ed2eb1bbefd904

SHA512
e591ffb2ad16f87da0156f56755a8941ded5e7e3cff2d115bb2482b4902a34109d80984381c6e291b95a610dd7a79bfee5482c86886a32a15f1c1daa150732df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2bfad4b00061200d7fae241f5a823a99

SHA1
064a36f7387b42c78e297babb7fc7bd30128b073

SHA256
f1d6d90e0263dd7da370ff6e0072e011bba016076f750d65f83dee72319f8b28

SHA512
ce93f6db8ee53e2452361be17e22686c9792d81efb2e644bd15dfce8a9e29458b9388e7fb20208d8206839e90bc9d04f5f571b52c3f469e4bc6dc402d2257d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
29d7572078f9e10a02de531de325b5bb

SHA1
61a2c4d9f648a4604639bf7c2786c238847db1f7

SHA256
f81c7f6f73f92c0fc3d978cccdb910d105691bc4e7ee2b0c2feff8854d024b1e

SHA512
d0639a0bd173e976abdc299a1798827a8b273b0df741ebc49ff4e0b1b4cb63b36e0d00a4774d044310616990159455cc7f8b7f63e84e807c1c5e6df26dc34ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
234550e5ec5424bc24723fcdeaee8ade

SHA1
de1613fc222c290e59b60f0218c75a0180f9e8ff

SHA256
ca03b741940dce827119d77cf61f4167d3a9694269afed38c0127d5002f6e442

SHA512
07dd41c8f4767a2dc65fd28e1bd26c66977c6430437e12ba5840c838923f648c2fcd25222494313d4c76d56516a57e0e0a62763b1ce1644b61a431701b8dc80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04d6f3f1b975219fa5d6745b5a3de94f

SHA1
54b9878dea0a8f51ecffa1e81fe73cb5b46bfac2

SHA256
f025f30b16b341dae6fdf7e7e51b40cf2b94ccfbfd01b5fe52e6111828f8c020

SHA512
cc2eda0b84fff869ee23513b318793dfb9ded2bfa1b73bef98e288cfb96ba0ac6fd138261873c6488b62bb4db9d2540107d364cb63109467a5c281f954f49305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8feea5b9180e654b2168a378c2066ac

SHA1
95e0de371cbbb9b3f27f1fc84a2c2c664da51440

SHA256
eb12ba79cb43c362b42766bcdd7b8d7deca142cd450292fb313b43335da4fe87

SHA512
9c5115d485fac56f327ab5f8c05d4895679a80816ed5d539011fa7d41a00289e084a64304af2fb844b30b388f9ba0c690f0b7bc7231fc35cfaeffab927e4e6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb7b47a1f01639854fe0e6d18acc36b9

SHA1
36f4dfcd44a2c807f6055e68e59dfb7383be4d89

SHA256
e0b18bc71364b2096f198650e3037ac8bacddbc83b37d3bf2e38f9610eb140e5

SHA512
f1fad87b599bad9be60035b2acffe593222f4e5875fb8dc1e6c5dada6d2e62da6f2fbec317b2adc96fa978ac3389e1b6aac5adc6c716cc3a43f8a5fac661c056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d99aa5f672ba48696904e578456c305e

SHA1
424e06b04dc9a26b659f005ada792103a225f039

SHA256
dd92ed01e37d56ee8981847b62a40cdbba30ca804b145f5deb5bd49c6a00b5d3

SHA512
c6bbe1918f6b50d77738a69b30c1c432c8bc2a11773265469441ca30dca28c8ab8087d499a7a9caf367145541e77460ff567b082130e1648cf159ea5547b26bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
779caf43f48606612676f1d37893d9dd

SHA1
b8c49b6ab805507d614a43c5acfa0732c0095d00

SHA256
3c4843b1bff1a7700fb91ba37540abbc6849db8032f8b5dbb6cc1a3d285e2c20

SHA512
dd1c3d30dfeff9abcaed4d033c689fb22a6eb9f82029e2a2fd8a770532413b48767c04620f20c489df686feea7ca3960862ce66424f7e7c82c92bb9e03ff96df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ae9bd45f964af7b10def34189b6648ef

SHA1
f9fb611ad33c34ad739ecbc65929f9673c4fa89c

SHA256
50d49cd512bf6e356916304ef86d9b59f055f3c568afe4713884d825170f4685

SHA512
80d9730f7fce990f66f825d3e00d24a5bafe8227063d64b89be074846154fc6a60b75805729b143a11c640d8395dba76b031ca3f895c6d93ff92c28eca537638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c942c700242f4c41e102bbf53b52c663

SHA1
1a697bb05b904c70b3275300eda50f62f19e65e2

SHA256
b81f9b0a9e3bf87f30f12348e0f064d17019fd050a63427fb16f580fc314931d

SHA512
4a5d9b8586c4bb26b2e821d539ab5ebcde282dc34db2762c76092ff6a3cbc2088fcaee81886170f192dc0174d1b5d63fd7d1f09b9d2b24a0fce670385a63ca72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
50a41ad3540cc93342fb4916e3acbb6e

SHA1
09fb5711df3767b3644cde823d93ba179d7b1e24

SHA256
7f4ea38840fab08c4a1b1b3d74be8229dfa053da8b1f6b098da563408de2abf6

SHA512
0da5f5ad9c049205184368d4098665e797492428075cb542b5b0ada5c0b11afefcaa2c20e83cb33b520cc147027132aed555506874695c463f13552c4cca808c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ace84d2f56d99d6b3318537be8d125b

SHA1
7af20fccd1505637d77a87fec53a4fd8a6f4583b

SHA256
db39a394c432581c6cf5b2d164407cb27af4d998bdf437ca43be05714dd95aa6

SHA512
4317898393123fde58a8604cf19d1156c21e67af8fb152c05a41ac10ae6e26dfd88b856c058a64f57d47be023d7530980f7caeb359e7ffd60a59b83fb3ab0a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
66dbd814ada29fcbfc551ddfe706c953

SHA1
d31f500c9ca2f9ba12cda263eb6ec063d8100199

SHA256
01f59dd6b723af83d9d710c43d7da0a45c1c6465646cc733740efb663472a5cc

SHA512
429db81de7ee8edb132fb1a97f32c4ccc53df54b61e0741160ed6ae5a0e82583dd889db8b440a10c033331068b09d7bc389cca700d7caa9146f9f606cd87f7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4ba1.TMP

Filesize
48B

MD5
025700b2934289e6f3bdc8fe160adafc

SHA1
26fdf7787c60cf8960ba0914520fce4995c91f4c

SHA256
70dbc4585107118ec173c44fbc3870a28598e8454e8e64f0aec45b7264ae6273

SHA512
1d5cf355d716353164d9ca7f064bd16df4b7a3d55dbbf5fb1924b43337cd7e6a3077762c4a63416feeedfba56b0036c075ab59e4289351a52c73f4455c216c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e9605f140dec92b5f680f728f55f603

SHA1
f3b8e33669c2a40adc6625f04ab88229ee4c3d7a

SHA256
1b910eaa7098a94f2cdf9ebc7f5b1529bdf2d341d1a7a0e63f6284dc0da43bf6

SHA512
8c6c551487a980e4081897d734d524560be2337edcea992780bf51e6b2a4e6605a287c796fd1bf9e3ccbb6d589af4f3511611b0a9fb5726b72aac076a0304a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1be6b072cb3f2327de098229f16eb3d

SHA1
e8790070cb02c582343acca2b885effe218d88d3

SHA256
803f815e1d9f08a8baa30a7fde28afab3d25d5aff8fbad104a7f50aa98f4a555

SHA512
815254d9a3c8b5e580d1d59cab6cae15f1cb1ef6b3754baab781724d715ce993d8606f5fedf1b8d3a8af56fd7dc72e97933c8398f96d078299c26d8c8dd684ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f637.TMP

Filesize
706B

MD5
bdc932f41c8b56ba0601818b58d80d91

SHA1
222183855ce54aa3112f12a59666f285b9af0c5f

SHA256
0729dd346550624a946caabe3b75aec1780181d751f722cfa1a55cde39c4d5f9

SHA512
7f42de41dc50d3bbd484c3b6f7b75f9805f3a39f3c54672d445790477ecf86e5cfa4b6efdd7f49b987850ed898f6b31f636dd2ed7203fe1bd0ee70ad18c04417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c7a18b4bbdfce9aba189138e6cf7a492

SHA1
51a245eda67af09493015b3448cd7a0d8df77c34

SHA256
10b20f1cd8560d390efa8159be816bbb977036cc8a4bbc05c4d047c0708bf8f6

SHA512
0d0a1704915290829c7d9e8e6c508b2deca03399bb743d3e4cf77eaf210a9b61e58c77e5fdbba7b6427f4d68dfc74bc1ad28518b180875a70fd64d40e1ea84b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a70af3a27204befb611078d30a06be02

SHA1
32f6b863d0a511cf2ff418575973d64a2aa6a2f9

SHA256
320d83030606f46e89a9567788b4bcc103aab6a9fad8a45c4ea448a5690e8264

SHA512
b8d4a5e77148e5c915acec58636e4a695d5b3bf0452ecc5ef880d5600bb3e47cb5f40737ca779a7b324f0928a56cb99e34a90c4a2cb99f8dda171d3ac06f412a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b40f008ca3e11575a123c3145dfd688a

SHA1
cfe1d4764c5eb17f5d51b2dec27e1165a2c8227c

SHA256
9b0816e0b1c9eca9a03a971a38ab66c468cff248aa4d4645d7cad0b5642d76c0

SHA512
fbee93b00bb20cbc0cee6f51e718e1fa40957add406f1a695716fec01e629b7ca3720bd733f5f26f0fac5bf41489d2a3b3d336f921a2f925714328fa0f83aef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec2edad35e2bca0ea4fa2dfe9dc18eb1

SHA1
cacbe2cc7df896f1ca89f8ae52dc883715a49e4d

SHA256
4f194be9f2281bd8c8fc9949fc0c2613ad6d7fcd59e64a261babc81b95c78e80

SHA512
ae6c994d42bcdf8f8408c088cb88ad61e44fb18eb18e755e81d644602ef1dbc8ae28ed90f8cfe62cf9a9a988719cdac50c6a4466e7f6cee4fd332ab02a320778

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_queue.pyd

Filesize
28KB

MD5
f19d9a56df14aea465e7ead84751ea5f

SHA1
f170ccbeb8fb4a1e0fe56f9a7c20ae4c1a48e4a9

SHA256
17ccd37dfba38bba706189d12ed28ca32c7330cc60db7bf203bf7198287073e4

SHA512
2b69a11026bf4fe3792082d57eaf3b24713e7bd44dfd61ccaa6e5adb6771e49b6c81c1b542fbb159c9055db9739b9c4473a856914c72683a2a4cf658d6d7a469

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

Filesize
512KB

MD5
4413213a284074a0aa5be6df839e3cda

SHA1
2c49f279c07c421f42971d05f4e254cbf399fb74

SHA256
cb77e4ef9818de556c6150e6f8033b6f8dd493f568116b7aa625cfa8e18efebd

SHA512
81e8d4fe67d7b90cb57d77a54d6b4f1eae6dbb4a34d54f8b04414b0670bfe2c42c85a7e21b82ac2dbe0aca7b074a1cef8f014f52308ed63bc1bbda35bc0cc881

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\core\_multiarray_umath.pyd

Filesize
640KB

MD5
85b2a0d5bda0f1a41855368b5f755f99

SHA1
e980a1d8e5031ed2cfab4f52338578a6ff9278d6

SHA256
51077cffc4deba639f8abe0da2d7fc8792df2486049c4a5ef40d5347a086cd39

SHA512
c797ec190352172aca243bea534353ab136a104fe2c5e41caeaa1148d69a3a363cb2ff2569eeb6fd18d72a69fbccad109364be828a9b8300f141648352a095f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\numpy\linalg\_umath_linalg.pyd

Filesize
104KB

MD5
808f3733eef250e5db1e2c54d19b245e

SHA1
09d06dc25ba8e9dc5a40f6412beb809998aefe69

SHA256
1295b5a32f96bac23fa6d8d401f7a2c189671d4e74912f8eb46e31163d7d267f

SHA512
d7de901c55079b23c25fa05c0da555c09756acbd4f4b6997f4a033de50c152ea451c65537735ae28bfeaeff0905d50de9d59607e5e1062ffcabb2137fc08131d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\VCRUNTIME140.dll

Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\_ctypes.pyd

Filesize
124KB

MD5
7322f8245b5c8551d67c337c0dc247c9

SHA1
5f4cb918133daa86631211ae7fa65f26c23fcc98

SHA256
4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

SHA512
52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\_socket.pyd

Filesize
78KB

MD5
478abd499eefeba3e50cfc4ff50ec49d

SHA1
fe1aae16b411a9c349b0ac1e490236d4d55b95b2

SHA256
fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

SHA512
475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\main.exe

Filesize
1.4MB

MD5
b495b78116c97090dfd2cc6b4690c362

SHA1
180bd04ed2307e812998ff4c6c64e89b38923bcd

SHA256
58517d65fea267662a8742a6046c4d62dfd6583d9f142ab299291a2d0fb8389c

SHA512
4f50cd0c0839d481b977957c07354657659a2d7792d2f3ebe3295d18631b0e44ca1f6fdf061206c62893619166938fe30c45c99f8461fcf25dd8aee10d6b5558

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\main.exe

Filesize
1.4MB

MD5
ee1a353419639218aa44f82fa81fdf5a

SHA1
bca1ff8c1555be6045329103f9da0a0bd62761e6

SHA256
405118bce4993fe8d607c68f23a654274e5efa8af86ed80d18608bf23494fe91

SHA512
7be33c4ba761c41b274e43c997d253b7a71ead8120424ff4b20936415b583bd239b80fbce1fcda858821b541137c45cc47e4f88512e2f279287892546bfd6baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

Filesize
338KB

MD5
ee001395eaace086a2c302edba9d8ea2

SHA1
d67f79fe72cd17d4e19c1934fa6dccee00cda24d

SHA256
656c133f6e698480b758923714ee2489162268a0c79dc9851628093a9ff84dc4

SHA512
63045ba150137e08097aac865a680ff8edf1f310542c337e129707c08e2631638633097d53d9b86f87d6bceeb0ca8c0c92e641dd31e5dfa82ff4d2d14e6c8eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

Filesize
320KB

MD5
008059a1648ccbb1d9b9f8251c5a287b

SHA1
e9059b927f5f098449bde19d8c90c3dff80a5384

SHA256
02967c283acd5d0813091cfe21324a915d5801a7ec39db1bc7874642ec56b4bf

SHA512
cdc7e0725e20609dc17de9df27e478657714647c69f1f69b2cac008fd410673fc2f15947691ba076dba3c95c031f4461b55e0b3b7125edf5e7b3321e46ca2dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\numpy\core\_multiarray_tests.pyd

Filesize
63KB

MD5
a8791e0a0ad2e6b46a1970d4055cd2f8

SHA1
fa2b78febaa32aa33f717ec80cf927c1458fee2b

SHA256
60408879cf762580884c394b4d7786bf8f18f707a6ba0587dd91acd1edb377ed

SHA512
643e83ccb1a5c69e9ec80e61e5e39740bbb32bee06d4bba99851f60592d18a17183e100e51f4bcd230a64eea07151c39107f84a444db47d0c8a96dbead1def64

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\numpy\core\_multiarray_umath.pyd

Filesize
576KB

MD5
799c68f72da976e233e509bacb2914d5

SHA1
04582a9666bcd5a15fc0e5af0758b264dcf2e4e7

SHA256
046bd2008800720a0926d06d1a560039685537762da96bece6f0212dda3b83bc

SHA512
a3490a9b6f938542723eef71be267b7d8b1da3f9137cea04e8aba47101cdf0c21a42ba8cf66dd1acb56b07ee1f68c0215d3a6ac8efd2feb6f825d5f610019a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\numpy\fft\_pocketfft_internal.pyd

Filesize
107KB

MD5
2a83ff1140edc69a3601215cb774e2f2

SHA1
d76c5acea12b6d9d6a83ea6bc63776aa20d59fe6

SHA256
109e216ea8b51527f5fbddf50f6a53dcc6cdad1021c9fbb14a845b5bbf48461b

SHA512
13690c0c74a179c54c9ffc1222befd44d197eb5c358dd723a7f63d3111c3a8accefd68b98acbbacea1e46e45eeed076dc0674581eb4449fa3703ae3747b35624

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\python39.dll

Filesize
1.2MB

MD5
73d0fb9075543d4fc5b045353752c190

SHA1
df848f9a24a2143ea10841571120604696aa2255

SHA256
ff43b1370fa66c16934bc2b4f0a1b10a23c3eec49640b6e9a11b589bfaf4fd8d

SHA512
e97fc18b022149424201f948282d1e2fe67ac08841ce234e55eefe8c179ec2fd82728fd43b99d82c971756d091ea0e146eae274d04f47bd59f1ad521e9ca9a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\python39.dll

Filesize
1.1MB

MD5
53b869127ade3fcd377f577d5b6fcd0b

SHA1
85fee34a5f47cfe8ac3bf92a3109591fbb3d36f0

SHA256
3a0d1498ef794044334b38dc7a189c09d27edc2b0d55e6ffa20c5144b7f7e803

SHA512
d2ea0422a31f42a6c36dd60d581c6a8ee8849e0fe7604deff5ebcbcddc89d8b9ab6b35d7c3c94153dd6ee5a7d762e7af7a27b40d6efb43e1a7a8378c61702bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\pywintypes39.dll

Filesize
131KB

MD5
f20fd2e2ac9058a9fd227172f8ff2c12

SHA1
89eba891352be46581b94a17db7c2ede9a39ab01

SHA256
20bde8e50e42f7aabf59106eea238fcc0dece0c6e362c0a7feeb004ab981db8a

SHA512
42a86fa192aea7adb4283dc48a323a4f687dad40060ea3ffddcd8fd7670bb535d31a7764706e5c5473da28399fec048ae714a111ee238bb25e1aad03e12078d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\select.pyd

Filesize
28KB

MD5
fed3dae56f7c9ea35d2e896fede29581

SHA1
ae5b2ef114138c4d8a6479d6441967c170c5aa23

SHA256
d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

SHA512
3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\vcruntime140_1.dll

Filesize
36KB

MD5
6e337d443990274b1e0ed308a1b28622

SHA1
0da718746f6981aae57d7043d87de8eb4c11859c

SHA256
6c1e531c25ab2934a4ea9970598bc751d924d7cc5650df3e1282b61d6cd24f42

SHA512
dcdadb2b763c9d82f26dfe745a6a6477f15bfa512dd34972ded1fb8572df85eae359fc012b2415258470780a5ccdee1eb75ff4153d7784ca9be228b0ed4da292

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2532_133522083969809339\win32api.pyd

Filesize
130KB

MD5
05e4b3b876e5fa6a2b8951f764559623

SHA1
4ad50f70eef4feaa9d051c2f161fbac8a862a4bc

SHA256
a52f8bd28b5b9558cde10333ce452a7d6f338ce1005a2b8451755005868e4a98

SHA512
5648306af7c056c9250731b7d5a508664294bbb8ba865f9dc06fd7216adf7b8cc31b1cfbc0175c7f2752680744f6546a1959e7f7d1ec7a8a845f75642ce034d9

Download Submit
C:\Users\Admin\Downloads\Valorant Triggerbot.rar

Filesize
13.2MB

MD5
3d28084880c166843461e2604cbc0d04

SHA1
cc404298320d67eaf50484f7b92aa4a2ccc8eb8e

SHA256
60a89c47af578eada965f7d5346db82d2e0fa931901f2f285249bc3972b4f4e7

SHA512
e5be07ba490409dff2db66321830cafb2824c81c8e74150d219d63bc809c25209b3bb0fa5a30e6bc38f6fdd79d035d4bc850a5c27ca8f0400ac411c67a762bb1

Download Submit
C:\Users\Admin\Downloads\Valorant Triggerbot\Valorant Triggerbot\main.exe

Filesize
9.9MB

MD5
9aa9b95b9071f279dcb8df598320d2fa

SHA1
be718fa9ef5a97bc1b31a9075427342ad9eba932

SHA256
c5c831bcd8336cbc2344a3913e71b04e2bb78c38ca538af0629ac19731d9524c

SHA512
004b75f4e1dd5494213e89ecc54a9770d07b1e2fa85e201d58799567526fcffb82a5d3395f2e4e32715e8b89ed5d8b69cc7958faf5e39f5351298a0af23d7bd8

Download Submit
C:\Users\Admin\Downloads\Valorant Triggerbot\Valorant Triggerbot\main.exe

Filesize
11.4MB

MD5
2f0fabd72cc5e317ed6b28f307c8e28f

SHA1
b475b45c49d19a346c32efe46d4ab709b983b7ad

SHA256
940f88db38186557c6079347d39d4f616c329349aae55e0a226442dc803d7611

SHA512
dad209f160bdf63a83734af767d17e76c5c03d1e3ad0588535b2cfe227c283a0ae15de8ae434fdf1b270fac3ae876fef144fcc52dcd120ca233c1ece435bde6b

Download Submit
memory/2132-698-0x00000203EF550000-0x00000203F1606000-memory.dmp

Filesize
32.7MB

Download