Overview

overview

10

Static

static

1

AnyDesk.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 21:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDesk.exe

  • Size

    5.0MB

  • MD5

    a21768190f3b9feae33aaef660cb7a83

  • SHA1

    24780657328783ef50ae0964b23288e68841a421

  • SHA256

    55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

  • SHA512

    ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

  • SSDEEP

    98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score
10/10
quasarvantaspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Vanta

C2

2.tcp.eu.ngrok.io:11346

Mutex

2f626b58-6546-4776-989a-1b970e109b69

Attributes
  • encryption_key

    4811C43E776477A0F19082FD684C2586D1559271

  • install_name

    VantaFN.exe

  • log_directory

    LogsK

  • reconnect_delay

    3000

  • startup_key

    Discord

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Drops file in System32 directory 19 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:3240
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4864
    • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:372
      • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
        3⤵
        • Drops file in System32 directory
        • Suspicious use of SetWindowsHookEx
        PID:64
      • C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
        3⤵
        • Drops file in System32 directory
        • Suspicious use of SetWindowsHookEx
        PID:6072
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffd966246f8,0x7ffd96624708,0x7ffd96624718
      2⤵
        PID:4232
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:2864
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2292
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
          2⤵
            PID:1256
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
            2⤵
              PID:2168
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
              2⤵
                PID:2316
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                2⤵
                  PID:4872
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                  2⤵
                    PID:5000
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
                    2⤵
                      PID:5196
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5216
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
                      2⤵
                        PID:5344
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                        2⤵
                          PID:5332
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                          2⤵
                            PID:5504
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
                            2⤵
                              PID:4016
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4076 /prefetch:8
                              2⤵
                                PID:1532
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                                2⤵
                                  PID:2092
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5076
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18070256570784095342,12284214467728864346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2424
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x2cc 0x304
                                1⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4792
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4872
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3140
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:5972
                                    • C:\Windows\system32\NOTEPAD.EXE
                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\VantaCrack1.7\cracked_by_zerox19.txt
                                      1⤵
                                      • Opens file in notepad (likely ransom note)
                                      PID:6064
                                    • C:\Users\Admin\Downloads\VantaCrack1.7\VantaFN.exe
                                      "C:\Users\Admin\Downloads\VantaCrack1.7\VantaFN.exe"
                                      1⤵
                                      • Drops file in System32 directory
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:3452
                                      • C:\Windows\SYSTEM32\schtasks.exe
                                        "schtasks" /create /tn "Discord" /sc ONLOGON /tr "C:\Windows\system32\SubDir\VantaFN.exe" /rl HIGHEST /f
                                        2⤵
                                        • Creates scheduled task(s)
                                        PID:4568
                                      • C:\Windows\system32\SubDir\VantaFN.exe
                                        "C:\Windows\system32\SubDir\VantaFN.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5140
                                        • C:\Windows\SYSTEM32\schtasks.exe
                                          "schtasks" /create /tn "Discord" /sc ONLOGON /tr "C:\Windows\system32\SubDir\VantaFN.exe" /rl HIGHEST /f
                                          3⤵
                                          • Creates scheduled task(s)
                                          PID:768

                                    Network

                                    • flag-us
                                      DNS
                                      71.31.126.40.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      71.31.126.40.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      9.228.82.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      9.228.82.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      boot.net.anydesk.com
                                      AnyDesk.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      boot.net.anydesk.com
                                      IN A
                                      Response
                                      boot.net.anydesk.com
                                      IN A
                                      57.128.101.75
                                    • flag-us
                                      DNS
                                      relay-d4aa0625.net.anydesk.com
                                      AnyDesk.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      relay-d4aa0625.net.anydesk.com
                                      IN A
                                      Response
                                      relay-d4aa0625.net.anydesk.com
                                      IN A
                                      57.128.141.164
                                    • flag-us
                                      DNS
                                      75.101.128.57.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      75.101.128.57.in-addr.arpa
                                      IN PTR
                                      Response
                                      75.101.128.57.in-addr.arpa
                                      IN PTR
                                      relay-bfa30227netanydeskcom
                                    • flag-us
                                      DNS
                                      173.178.17.96.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      173.178.17.96.in-addr.arpa
                                      IN PTR
                                      Response
                                      173.178.17.96.in-addr.arpa
                                      IN PTR
                                      a96-17-178-173deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      164.141.128.57.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      164.141.128.57.in-addr.arpa
                                      IN PTR
                                      Response
                                      164.141.128.57.in-addr.arpa
                                      IN PTR
                                      relay-d4aa0625netanydeskcom
                                    • flag-us
                                      DNS
                                      41.110.16.96.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      41.110.16.96.in-addr.arpa
                                      IN PTR
                                      Response
                                      41.110.16.96.in-addr.arpa
                                      IN PTR
                                      a96-16-110-41deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      68.30.89.24.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      68.30.89.24.in-addr.arpa
                                      IN PTR
                                      Response
                                      68.30.89.24.in-addr.arpa
                                      IN PTR
                                      dyn-30-68myactvnet
                                    • flag-us
                                      DNS
                                      103.169.127.40.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      103.169.127.40.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      18.31.95.13.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      18.31.95.13.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      28.160.77.104.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      28.160.77.104.in-addr.arpa
                                      IN PTR
                                      Response
                                      28.160.77.104.in-addr.arpa
                                      IN PTR
                                      a104-77-160-28deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      210.178.17.96.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      210.178.17.96.in-addr.arpa
                                      IN PTR
                                      Response
                                      210.178.17.96.in-addr.arpa
                                      IN PTR
                                      a96-17-178-210deploystaticakamaitechnologiescom
                                    • flag-gb
                                      GET
                                      https://www.bing.com/qbox?query=&language=en-US&pt=EdgBox&cvid=2d34ef345425483d8c077657919ac637&oit=0
                                      msedge.exe
                                      Remote address:
                                      92.123.128.133:443
                                      Request
                                      GET /qbox?query=&language=en-US&pt=EdgBox&cvid=2d34ef345425483d8c077657919ac637&oit=0 HTTP/2.0
                                      host: www.bing.com
                                      sec-fetch-site: none
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: empty
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      content-length: 270
                                      content-type: application/json; charset=utf-8
                                      cache-control: public, max-age=300
                                      content-encoding: br
                                      vary: Accept-Encoding
                                      x-eventid: 65d91069ae9947508c0b8be592da967f
                                      useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                      content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-C4jj65HAUHq4k1g/g+bA/3wo886jlDHLJLs8WJv76Zo='; base-uri 'self';report-to csp-endpoint
                                      report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
                                      p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                      date: Fri, 23 Feb 2024 21:38:49 GMT
                                      set-cookie: MUID=1BD8CC43C48365FD2E0CD86DC59964EF; domain=.bing.com; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; secure; SameSite=None
                                      set-cookie: MUIDB=1BD8CC43C48365FD2E0CD86DC59964EF; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; HttpOnly
                                      set-cookie: _EDGE_S=F=1&SID=33FD66DCA2D0631235EA72F2A3CA62C6; domain=.bing.com; path=/; HttpOnly
                                      set-cookie: _EDGE_V=1; domain=.bing.com; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; HttpOnly
                                      set-cookie: USRLOC=HS=1; domain=.bing.com; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; secure; HttpOnly; SameSite=None
                                      set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; secure; SameSite=None
                                      set-cookie: SRCHUID=V=2&GUID=AA3071A12531422898C5424CF205B663&dmnchg=1; domain=.bing.com; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; secure; SameSite=None
                                      set-cookie: SRCHUSR=DOB=20240223; domain=.bing.com; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; secure; SameSite=None
                                      set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Wed, 19-Mar-2025 21:38:49 GMT; path=/; secure; SameSite=None
                                      set-cookie: _SS=SID=33FD66DCA2D0631235EA72F2A3CA62C6; domain=.bing.com; path=/; secure; SameSite=None
                                      alt-svc: h3=":443"; ma=93600
                                      x-cdn-traceid: 0.85777b5c.1708724329.42432518
                                    • flag-us
                                      DNS
                                      133.128.123.92.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      133.128.123.92.in-addr.arpa
                                      IN PTR
                                      Response
                                      133.128.123.92.in-addr.arpa
                                      IN PTR
                                      a92-123-128-133deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      175.178.17.96.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      175.178.17.96.in-addr.arpa
                                      IN PTR
                                      Response
                                      175.178.17.96.in-addr.arpa
                                      IN PTR
                                      a96-17-178-175deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      43.229.111.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      43.229.111.52.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      filebin.net
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      filebin.net
                                      IN A
                                      Response
                                      filebin.net
                                      IN A
                                      88.99.137.18
                                    • flag-de
                                      GET
                                      https://filebin.net/5y6xwclmpg0qbg6s/VantaCrack1.7.zip
                                      msedge.exe
                                      Remote address:
                                      88.99.137.18:443
                                      Request
                                      GET /5y6xwclmpg0qbg6s/VantaCrack1.7.zip HTTP/1.1
                                      Host: filebin.net
                                      Connection: keep-alive
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      DNT: 1
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 302 Found
                                      Cache-Control: max-age=0
                                      Content-Encoding: gzip
                                      Location: https://s3.filebin.net/filebin/a32b037b2adb7ab152cb9c1d98aa6c729e1610790a145a90a9ba2f4eed5ccc09/adba21ed6c1bf7dd63a4ce41e14b5929822ba1fb5c032810221b66875c6e73a0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=7pMj6hGeoKewqmMQILjm%2F20240223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240223T213908Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&response-cache-control=max-age%3D300&response-content-disposition=filename%3D%22VantaCrack1.7.zip%22&response-content-type=application%2Fzip&X-Amz-Signature=6068d7d29f5d4160ddf8ed1994704f36928741591d4a6c198d1212885e174689
                                      Vary: Accept-Encoding
                                      X-Robots-Tag: noindex
                                      Date: Fri, 23 Feb 2024 21:39:09 GMT
                                      Content-Length: 23
                                      X-Varnish: 986629722
                                      Age: 0
                                      Via: 1.1 varnish (Varnish/6.0)
                                      Access-Control-Allow-Origin: *
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Referrer-Policy: origin
                                      X-Content-Type-Options: nosniff
                                      X-Frame-Options: deny
                                      Connection: keep-alive
                                    • flag-us
                                      DNS
                                      apps.identrust.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      apps.identrust.com
                                      IN A
                                      Response
                                      apps.identrust.com
                                      IN CNAME
                                      identrust.edgesuite.net
                                      identrust.edgesuite.net
                                      IN CNAME
                                      a1952.dscq.akamai.net
                                      a1952.dscq.akamai.net
                                      IN A
                                      96.17.179.184
                                      a1952.dscq.akamai.net
                                      IN A
                                      96.17.179.205
                                    • flag-gb
                                      GET
                                      http://apps.identrust.com/roots/dstrootcax3.p7c
                                      msedge.exe
                                      Remote address:
                                      96.17.179.184:80
                                      Request
                                      GET /roots/dstrootcax3.p7c HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      User-Agent: Microsoft-CryptoAPI/10.0
                                      Host: apps.identrust.com
                                      Response
                                      HTTP/1.1 200 OK
                                      X-XSS-Protection: 1; mode=block
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      X-Robots-Tag: noindex
                                      Referrer-Policy: same-origin
                                      Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
                                      ETag: "37d-6079b8c0929c0"
                                      Accept-Ranges: bytes
                                      Content-Length: 893
                                      X-Content-Type-Options: nosniff
                                      X-Frame-Options: sameorigin
                                      Content-Type: application/pkcs7-mime
                                      Cache-Control: max-age=3600
                                      Expires: Fri, 23 Feb 2024 22:39:08 GMT
                                      Date: Fri, 23 Feb 2024 21:39:08 GMT
                                      Connection: keep-alive
                                    • flag-us
                                      DNS
                                      184.179.17.96.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      184.179.17.96.in-addr.arpa
                                      IN PTR
                                      Response
                                      184.179.17.96.in-addr.arpa
                                      IN PTR
                                      a96-17-179-184deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      18.137.99.88.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      18.137.99.88.in-addr.arpa
                                      IN PTR
                                      Response
                                      18.137.99.88.in-addr.arpa
                                      IN PTR
                                      pongfilebinnet
                                    • flag-us
                                      DNS
                                      s3.filebin.net
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      s3.filebin.net
                                      IN A
                                      Response
                                      s3.filebin.net
                                      IN CNAME
                                      pong.filebin.net
                                      pong.filebin.net
                                      IN A
                                      88.99.137.18
                                    • flag-de
                                      GET
                                      https://s3.filebin.net/filebin/a32b037b2adb7ab152cb9c1d98aa6c729e1610790a145a90a9ba2f4eed5ccc09/adba21ed6c1bf7dd63a4ce41e14b5929822ba1fb5c032810221b66875c6e73a0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=7pMj6hGeoKewqmMQILjm%2F20240223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240223T213908Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&response-cache-control=max-age%3D300&response-content-disposition=filename%3D%22VantaCrack1.7.zip%22&response-content-type=application%2Fzip&X-Amz-Signature=6068d7d29f5d4160ddf8ed1994704f36928741591d4a6c198d1212885e174689
                                      msedge.exe
                                      Remote address:
                                      88.99.137.18:443
                                      Request
                                      GET /filebin/a32b037b2adb7ab152cb9c1d98aa6c729e1610790a145a90a9ba2f4eed5ccc09/adba21ed6c1bf7dd63a4ce41e14b5929822ba1fb5c032810221b66875c6e73a0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=7pMj6hGeoKewqmMQILjm%2F20240223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240223T213908Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&response-cache-control=max-age%3D300&response-content-disposition=filename%3D%22VantaCrack1.7.zip%22&response-content-type=application%2Fzip&X-Amz-Signature=6068d7d29f5d4160ddf8ed1994704f36928741591d4a6c198d1212885e174689 HTTP/1.1
                                      Host: s3.filebin.net
                                      Connection: keep-alive
                                      DNT: 1
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200 OK
                                      Accept-Ranges: bytes
                                      Cache-Control: max-age=300
                                      Content-Disposition: filename="VantaCrack1.7.zip"
                                      Content-Length: 1260991
                                      Content-Type: application/zip
                                      ETag: "43b8cca39d98016c0c741241df57acd0"
                                      Last-Modified: Fri, 23 Feb 2024 19:17:31 GMT
                                      Vary: Origin, Accept-Encoding
                                      X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
                                      X-Amz-Request-Id: 17B69BBE3778DB85
                                      X-Xss-Protection: 1; mode=block
                                      Date: Fri, 23 Feb 2024 21:39:09 GMT
                                      X-Varnish: 986111013
                                      Age: 0
                                      Via: 1.1 varnish (Varnish/6.0)
                                      Access-Control-Allow-Origin: *
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                      Referrer-Policy: origin
                                      X-Content-Type-Options: nosniff
                                      X-Frame-Options: deny
                                      Content-Security-Policy: script-src 'none'; script-src-elem 'none'; script-src-attr 'none'
                                      Connection: keep-alive
                                    • flag-us
                                      DNS
                                      2.tcp.eu.ngrok.io
                                      VantaFN.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      2.tcp.eu.ngrok.io
                                      IN A
                                      Response
                                      2.tcp.eu.ngrok.io
                                      IN A
                                      3.126.37.18
                                    • 57.128.101.75:443
                                      boot.net.anydesk.com
                                      tls
                                      AnyDesk.exe
                                      1.9kB
                                       3.3kB
                                       9
                                      9
                                    • 57.128.141.164:443
                                      relay-d4aa0625.net.anydesk.com
                                      tls
                                      AnyDesk.exe
                                      19.4kB
                                       433.1kB
                                       309
                                      399
                                    • 192.168.1.112:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 192.168.1.112:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 24.89.30.68:51267
                                      tls
                                      AnyDesk.exe
                                      259.6kB
                                       7.1kB
                                       265
                                      101
                                    • 24.89.30.68:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 24.89.30.68:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 192.168.1.112:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 192.168.1.112:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 24.89.30.68:51276
                                      tls
                                      AnyDesk.exe
                                      1.0MB
                                       186.1kB
                                       2388
                                      2390
                                    • 24.89.30.68:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 24.89.30.68:7070
                                      AnyDesk.exe
                                      52 B
                                       1
                                    • 92.123.128.133:443
                                      https://www.bing.com/qbox?query=&language=en-US&pt=EdgBox&cvid=2d34ef345425483d8c077657919ac637&oit=0
                                      tls, http2
                                      msedge.exe
                                      1.6kB
                                       7.3kB
                                       14
                                      17

                                      HTTP Request

                                      GET https://www.bing.com/qbox?query=&language=en-US&pt=EdgBox&cvid=2d34ef345425483d8c077657919ac637&oit=0

                                      HTTP Response

                                      200
                                    • 88.99.137.18:443
                                      https://filebin.net/5y6xwclmpg0qbg6s/VantaCrack1.7.zip
                                      tls, http
                                      msedge.exe
                                      1.8kB
                                       6.2kB
                                       11
                                      12

                                      HTTP Request

                                      GET https://filebin.net/5y6xwclmpg0qbg6s/VantaCrack1.7.zip

                                      HTTP Response

                                      302
                                    • 88.99.137.18:443
                                      filebin.net
                                      tls
                                      msedge.exe
                                      989 B
                                       5.1kB
                                       9
                                      10
                                    • 96.17.179.184:80
                                      http://apps.identrust.com/roots/dstrootcax3.p7c
                                      http
                                      msedge.exe
                                      376 B
                                       1.6kB
                                       5
                                      5

                                      HTTP Request

                                      GET http://apps.identrust.com/roots/dstrootcax3.p7c

                                      HTTP Response

                                      200
                                    • 88.99.137.18:443
                                      https://s3.filebin.net/filebin/a32b037b2adb7ab152cb9c1d98aa6c729e1610790a145a90a9ba2f4eed5ccc09/adba21ed6c1bf7dd63a4ce41e14b5929822ba1fb5c032810221b66875c6e73a0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=7pMj6hGeoKewqmMQILjm%2F20240223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240223T213908Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&response-cache-control=max-age%3D300&response-content-disposition=filename%3D%22VantaCrack1.7.zip%22&response-content-type=application%2Fzip&X-Amz-Signature=6068d7d29f5d4160ddf8ed1994704f36928741591d4a6c198d1212885e174689
                                      tls, http
                                      msedge.exe
                                      34.4kB
                                       1.3MB
                                       598
                                      948

                                      HTTP Request

                                      GET https://s3.filebin.net/filebin/a32b037b2adb7ab152cb9c1d98aa6c729e1610790a145a90a9ba2f4eed5ccc09/adba21ed6c1bf7dd63a4ce41e14b5929822ba1fb5c032810221b66875c6e73a0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=7pMj6hGeoKewqmMQILjm%2F20240223%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240223T213908Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&response-cache-control=max-age%3D300&response-content-disposition=filename%3D%22VantaCrack1.7.zip%22&response-content-type=application%2Fzip&X-Amz-Signature=6068d7d29f5d4160ddf8ed1994704f36928741591d4a6c198d1212885e174689

                                      HTTP Response

                                      200
                                    • 3.126.37.18:11346
                                      2.tcp.eu.ngrok.io
                                      VantaFN.exe
                                      260 B
                                       200 B
                                       5
                                      5
                                    • 3.126.37.18:11346
                                      2.tcp.eu.ngrok.io
                                      VantaFN.exe
                                      260 B
                                       200 B
                                       5
                                      5
                                    • 3.126.37.18:11346
                                      2.tcp.eu.ngrok.io
                                      VantaFN.exe
                                      260 B
                                       200 B
                                       5
                                      5
                                    • 8.8.8.8:53
                                      71.31.126.40.in-addr.arpa
                                      dns
                                      71 B
                                       157 B
                                       1
                                      1

                                      DNS Request

                                      71.31.126.40.in-addr.arpa

                                    • 8.8.8.8:53
                                      9.228.82.20.in-addr.arpa
                                      dns
                                      70 B
                                       156 B
                                       1
                                      1

                                      DNS Request

                                      9.228.82.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      boot.net.anydesk.com
                                      dns
                                      AnyDesk.exe
                                      66 B
                                       82 B
                                       1
                                      1

                                      DNS Request

                                      boot.net.anydesk.com

                                      DNS Response

                                      57.128.101.75

                                    • 8.8.8.8:53
                                      relay-d4aa0625.net.anydesk.com
                                      dns
                                      AnyDesk.exe
                                      76 B
                                       92 B
                                       1
                                      1

                                      DNS Request

                                      relay-d4aa0625.net.anydesk.com

                                      DNS Response

                                      57.128.141.164

                                    • 8.8.8.8:53
                                      75.101.128.57.in-addr.arpa
                                      dns
                                      72 B
                                       116 B
                                       1
                                      1

                                      DNS Request

                                      75.101.128.57.in-addr.arpa

                                    • 8.8.8.8:53
                                      173.178.17.96.in-addr.arpa
                                      dns
                                      72 B
                                       137 B
                                       1
                                      1

                                      DNS Request

                                      173.178.17.96.in-addr.arpa

                                    • 8.8.8.8:53
                                      164.141.128.57.in-addr.arpa
                                      dns
                                      73 B
                                       117 B
                                       1
                                      1

                                      DNS Request

                                      164.141.128.57.in-addr.arpa

                                    • 8.8.8.8:53
                                      41.110.16.96.in-addr.arpa
                                      dns
                                      71 B
                                       135 B
                                       1
                                      1

                                      DNS Request

                                      41.110.16.96.in-addr.arpa

                                    • 8.8.8.8:53
                                      68.30.89.24.in-addr.arpa
                                      dns
                                      70 B
                                       104 B
                                       1
                                      1

                                      DNS Request

                                      68.30.89.24.in-addr.arpa

                                    • 8.8.8.8:53
                                      103.169.127.40.in-addr.arpa
                                      dns
                                      73 B
                                       147 B
                                       1
                                      1

                                      DNS Request

                                      103.169.127.40.in-addr.arpa

                                    • 8.8.8.8:53
                                      18.31.95.13.in-addr.arpa
                                      dns
                                      70 B
                                       144 B
                                       1
                                      1

                                      DNS Request

                                      18.31.95.13.in-addr.arpa

                                    • 224.0.0.251:5353
                                      578 B
                                       9
                                    • 8.8.8.8:53
                                      28.160.77.104.in-addr.arpa
                                      dns
                                      72 B
                                       137 B
                                       1
                                      1

                                      DNS Request

                                      28.160.77.104.in-addr.arpa

                                    • 8.8.8.8:53
                                      210.178.17.96.in-addr.arpa
                                      dns
                                      72 B
                                       137 B
                                       1
                                      1

                                      DNS Request

                                      210.178.17.96.in-addr.arpa

                                    • 8.8.8.8:53
                                      133.128.123.92.in-addr.arpa
                                      dns
                                      73 B
                                       139 B
                                       1
                                      1

                                      DNS Request

                                      133.128.123.92.in-addr.arpa

                                    • 8.8.8.8:53
                                      175.178.17.96.in-addr.arpa
                                      dns
                                      72 B
                                       137 B
                                       1
                                      1

                                      DNS Request

                                      175.178.17.96.in-addr.arpa

                                    • 8.8.8.8:53
                                      43.229.111.52.in-addr.arpa
                                      dns
                                      72 B
                                       158 B
                                       1
                                      1

                                      DNS Request

                                      43.229.111.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      filebin.net
                                      dns
                                      msedge.exe
                                      57 B
                                       73 B
                                       1
                                      1

                                      DNS Request

                                      filebin.net

                                      DNS Response

                                      88.99.137.18

                                    • 8.8.8.8:53
                                      apps.identrust.com
                                      dns
                                      msedge.exe
                                      64 B
                                       165 B
                                       1
                                      1

                                      DNS Request

                                      apps.identrust.com

                                      DNS Response

                                      96.17.179.184
                                      96.17.179.205

                                    • 8.8.8.8:53
                                      184.179.17.96.in-addr.arpa
                                      dns
                                      72 B
                                       137 B
                                       1
                                      1

                                      DNS Request

                                      184.179.17.96.in-addr.arpa

                                    • 8.8.8.8:53
                                      18.137.99.88.in-addr.arpa
                                      dns
                                      71 B
                                       101 B
                                       1
                                      1

                                      DNS Request

                                      18.137.99.88.in-addr.arpa

                                    • 8.8.8.8:53
                                      s3.filebin.net
                                      dns
                                      msedge.exe
                                      60 B
                                       95 B
                                       1
                                      1

                                      DNS Request

                                      s3.filebin.net

                                      DNS Response

                                      88.99.137.18

                                    • 8.8.8.8:53
                                      2.tcp.eu.ngrok.io
                                      dns
                                      VantaFN.exe
                                      63 B
                                       79 B
                                       1
                                      1

                                      DNS Request

                                      2.tcp.eu.ngrok.io

                                      DNS Response

                                      3.126.37.18

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      d4c957a0a66b47d997435ead0940becf

                                      SHA1

                                      1aed2765dd971764b96455003851f8965e3ae07d

                                      SHA256

                                      53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

                                      SHA512

                                      19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      343e73b39eb89ceab25618efc0cd8c8c

                                      SHA1

                                      6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

                                      SHA256

                                      6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

                                      SHA512

                                      54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      8fcf533cc39a60bd0d82356dcb670327

                                      SHA1

                                      55f068c355b09baad916c474694ee7c8b45f5440

                                      SHA256

                                      84dc7b0589d86b3f9ecffbee6663d46fde4a59a9ac375cc6fd042d4c749a43b1

                                      SHA512

                                      1349cd5465d3f06d6a85ade56560b242566bde644177e2349065041033b02df6bfc0c327f056ab19b2b516973cbb4c40799ce589f54776d9a96eef10c71eec59

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      765f07e07a632eb3361873f3bdda5343

                                      SHA1

                                      f892421650f49fcda5331d28c3a7e4989e67ecc3

                                      SHA256

                                      868bdd54e6ba7c4e7395ba04b28f53083b8d77bf72547ebf1251257ab333de09

                                      SHA512

                                      adf485400bc698ca36a33693ec91af42890244c78c2d9064759feb8e9768d7acadce0e1b017b1782525860dba5fffa40b06d58cfb740e718cce656561f9afc7d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      94894cd87008f9a8594fae02aae2ac99

                                      SHA1

                                      8bc703195068579e5c306de0bc960b60456e88ae

                                      SHA256

                                      871e33cbda44496ab9c32a9605208241305150362e8a74a8dc695810c899a19d

                                      SHA512

                                      26dd7b11269de843f96a432620e8fb2424c6c99fe4ad9485b224d8f2b7a4bd61e2dbe24e5878b63fe82bb4b38ae7b0b0ae399ca10a2bb8baa1c12ed94c0cdd8a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      c2ac0477060a394779da45cf5edc30f1

                                      SHA1

                                      4a9fe2266b645eb464b19b17e04b58d0f138e651

                                      SHA256

                                      dbca9685551e2f7600e9499df46313235e0063710b9a5bb1a56a167093841464

                                      SHA512

                                      5a3365bc0e24c283aa7793c6953c1d966cf1f87315382c68b083c0ca30a37cb7bb0229482217067de75bae9ad6420d6497f6f23b1c41ad1c43349e50f77b0cfa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      12KB

                                      MD5

                                      522f88c596de26ae7d87c0aadafa0f9c

                                      SHA1

                                      eb4ad865c03716cb0aed9fd86e5e2cb18b48de7b

                                      SHA256

                                      e472a590a120c9e54055889f2403c02c7328dddd898ccddbeec55244644aa074

                                      SHA512

                                      3704e34e2d9f6f0f8b68805fd4d0d32da42476a4e893a77803def6fbd0fadc7b1b0e9715b68a6d16ee05b21ec7964a5f95420daa2c20b87f5973a955ad1428d0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      c8772fffd3194de628f1b61c216721eb

                                      SHA1

                                      c75bcaec5c45ed6638da379dd2064c0609bfc745

                                      SHA256

                                      de9e30ddc6a0c9c443b036f6ade0bd940934fd336d2430de1c2942d2cac03ee5

                                      SHA512

                                      2c63154885471bdbd2ade4170804ba86113b96843b9ef930cea0d904a5900af906355bd32d3d76218b28045a5a66dd7e21e93886502a697402397672393a7478

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      ace63f9cba0077dd3cd49383ff06ebd7

                                      SHA1

                                      f2315e69c58d77a82af3fa84abddc5ed992aa4be

                                      SHA256

                                      b082dc43be58e6604ab36b3060ba42bff155533ce6e4652ce5c2856475de5a94

                                      SHA512

                                      5d6e9d3fa733cf55ec7dab65c213f3b622ace2716d0cf308fcd4548bbc11890929d9e84e11b34ecdb69b55b9be61e267b8217233eb16e8acca1a422fc9302d8b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\gcapi.dll
                                      Filesize

                                      385KB

                                      MD5

                                      1ce7d5a1566c8c449d0f6772a8c27900

                                      SHA1

                                      60854185f6338e1bfc7497fd41aa44c5c00d8f85

                                      SHA256

                                      73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

                                      SHA512

                                      7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
                                      Filesize

                                      5KB

                                      MD5

                                      636f5e52f839b691c75f165ecf94c192

                                      SHA1

                                      01539fdf62bf4b7b245c0f443e2054431ef7f722

                                      SHA256

                                      b948b5cae8b5596f008dd347305b46c422b4ff81b0d187e9c730cea03fc67f0c

                                      SHA512

                                      51959c312d2ed374108abe83b02cd8e92781181f4b2cd3f609434d2eb42656511efb78fa15de49e2a0d37f408c04e64980aab15cefd11267abb2407e3b4fd95b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
                                      Filesize

                                      39KB

                                      MD5

                                      5867d9179c08cc71c2fc991fe09b6683

                                      SHA1

                                      a3efbf2410496ffcd3b8ef63366b9f7226b653c9

                                      SHA256

                                      25f455db9927a2b32995ad9c02f64bc944b3869fe150d8dbf4378657dfe2d897

                                      SHA512

                                      021ed74ccf1f62fba627748dd3a5e0f01b0909dedfca5df6a032285d7a7fcd19a0b235a2cc07ee5a47c6a0c4a7a8f204fbf63a63aca4d16b93b35c9e702d9385

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
                                      Filesize

                                      79KB

                                      MD5

                                      4a6f528dfd6cda8c08debcf6dd7835b8

                                      SHA1

                                      a3b6fd862baf6c517cffb8bb033d71d0efe1f4d1

                                      SHA256

                                      00355cb3fd9440ddcaadcab0a16e6f6bafe81b467dd5bd3479b1c3255f313edf

                                      SHA512

                                      0a72d3b1f39287d7ecda04b5593aa7aa576b9e68c0acfb625279412fa4a5509e1aba8068e067fd217c7f4719499f38c98488adee8b62f7b247dcd028b474ea2d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
                                      Filesize

                                      2KB

                                      MD5

                                      0b6578f39088293ab050e6eb2c76adb5

                                      SHA1

                                      037b39add39729212478001456695290bbbcfd3d

                                      SHA256

                                      998f26993d03d037397f3d13b1aecb7fc247d6ffa6c43ea05c4f7d997f4da292

                                      SHA512

                                      9e0896ceb0b38ff0f082a3910ca852d4b0d2795e13ae1bfb37bc830089857820acf2d36a30111c2d415a1cc29abf4897ab2fff1e1f4c374404107cd9159341ea

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
                                      Filesize

                                      2KB

                                      MD5

                                      0cfe15c24805e59d07f95310372fc4ce

                                      SHA1

                                      3e0aba95c1c76b7a4f2816e4decf971f769d7ad2

                                      SHA256

                                      078ba9a2c47869d7b788a59615585fcadb8d110895901c2fd1f241cbd7212039

                                      SHA512

                                      0e84e74ce2eb00a2f659952a64ad3f2405777cc22eae8693fcd7d9e97d1f8f92e6dce3f3f1d2b6b053cfed0c8bef86dc3f090ac7d804b0a486c6f78397b5f9f5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
                                      Filesize

                                      2KB

                                      MD5

                                      c181b896c516219a9582c9426c9f6a73

                                      SHA1

                                      cd12ac364a89b9350a61ce8260d332c409918152

                                      SHA256

                                      78ed9bd901010cc517595ebb7b7f6942c48702263c5a6db9dfd42858db19e4ee

                                      SHA512

                                      d542925060cbbbe705229b4c2affbcd50ff805d3e86f1ff5fd869c1858b3509c250ae791cf4821e08c8621214f74f46291fed114196af2592be4c5928f81813a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
                                      Filesize

                                      681B

                                      MD5

                                      b5e9de8c2032c788b401469ed6fbf1d9

                                      SHA1

                                      3de8ef667460e340393e7e5a84f98605f190ac6f

                                      SHA256

                                      9f42cf2b72dedca9bda52657236b222d16131ba0b27deb2f5cbdbc73f76de432

                                      SHA512

                                      6208aa8da58618c4edeab90551a39e2da3f3537da76b11d57d097dcc4bc422bff43cf227e721dd1289beca0cce88a897ae437b724744be59e7e694750ec66b9d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
                                      Filesize

                                      802B

                                      MD5

                                      98d1df94cbfe0614db4956e985106e6f

                                      SHA1

                                      4288bd009b58018a4cdfbef749fe5f6f302f4530

                                      SHA256

                                      9e8260ed3253d81f14e15aad01e388c24d551a73a53232ddd51c429ae6753104

                                      SHA512

                                      516db9c727df107863da61e9f0f6be2497716e8d0456b50c67ab3381f9ebf853f81b95ff9d0a3edf86cb76c6d2f9d456018ffddaadc9a86695f370e639795ef7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
                                      Filesize

                                      424B

                                      MD5

                                      c527a38a58563f8f5ddf18e241a5fd64

                                      SHA1

                                      00b5e4df6b3fb437b0d6ba01ed91a1f377b3fd2d

                                      SHA256

                                      cdfc35c6bfcf442deb7f92d5e30aba281d1422e5c2989ed969e4b893e938cedb

                                      SHA512

                                      bcb56b4fed3c9519c24695652cf442487cb71b656d7442fea27cdbe924f3643a8052e394426bd4be598fd210ec23160fb2fb09fc51646bce93ae63ae88cdd57b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      2KB

                                      MD5

                                      feaa71aa72d19731613c90fb517a0f9e

                                      SHA1

                                      7043cf14f612eff019df60f3135020313472c1fd

                                      SHA256

                                      512dd2fda11cfce313ccc03a5f6afae57ee9566840d541d425d4df8540307066

                                      SHA512

                                      7fc75fd638b4c9b54672dfa45d07bc2f94dd88a34d4ddb4ad1c8efa445584e9f7d2eb0bfaf77f3cb102c61eb3b1291a533d3927219be420fa5b53b0a0043d2f8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      3KB

                                      MD5

                                      0b5f865c97b920f99bb2c3aed19076d6

                                      SHA1

                                      f046e88c8f17c0adb32be48d4940a112637ce85a

                                      SHA256

                                      691e3c9d7aa608fe1055cf4ec021aae0aa9070e1fc754a13a347b8f90bc25e57

                                      SHA512

                                      1380e29502c80a0d26008cc3dd1eafdb5a9fddd771e9001843f6391a0b776c30f79ec54ab658bc017a9a5641cacf7d877ab62d820890f1c47a6ddb6329f941e7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      1KB

                                      MD5

                                      3c171eb94756f2e010995e6dbcdae069

                                      SHA1

                                      6c08c1569f14f2627d3502afa0d2817f2eede46e

                                      SHA256

                                      02b02dd7ed5342c4642e266bf890097cc132007c2fb53f4d68142b014d82c948

                                      SHA512

                                      744a3dc29779c0fda1025845a3ac54ba0b294eb54796281756922b15c774517bf3549ddf25662fc3ff14bb529d0008c5d7e573a43467a7271912a48565ead73b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      6KB

                                      MD5

                                      929eb7aa37884c1a9bf65b4a439cc591

                                      SHA1

                                      12b929e76def0f5aa7a5f57660cb097ae3d6553e

                                      SHA256

                                      f109bfc35b3e18992378152fd36016f5755b74b7134295ff3c86686e16056956

                                      SHA512

                                      b833caf69d42671c7d6b5e4e5a6257d01fd39607fab3210f4ef75bc7d712c49f78200828045e0105351debb26df1c3e60073b4252ba50cae4eb93e6b89b467dd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      6KB

                                      MD5

                                      e1987393a66b2ae6d927a1075c9441e1

                                      SHA1

                                      ae314109f3b129aaec4d5549dbb4cfb7214f334a

                                      SHA256

                                      b0daf9820c9090a55c0bb229f8453257c5ff186053df8bf357d577d6298d3bc6

                                      SHA512

                                      44a1cd2515a1bef5a28c527193a54ad25cae1f9e912656db4348d8539b0f5ba47318316558d152580fe021025d5904f87a05f3329d6cd96fd4233ad49447605e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      6KB

                                      MD5

                                      f7cccaf8c27db3240606078ba5db3038

                                      SHA1

                                      c4f3ee1d78bc66416809362ddc25e571c2746e0c

                                      SHA256

                                      3a89e59f11293282f41d94649e339a2b5181f490ff62268b5bba19b64fcfeff6

                                      SHA512

                                      bea8be080ffe7bc7eaed5575d289fa8880c7b23a667fb5359cbbf5a973a714417a5a0725ce1f2182aae5ade61139e5de3a2db2ebab4562648c21a6ff7bd8c4a9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      1KB

                                      MD5

                                      66ecf46eae05e34bd91d5e18bd02ccb3

                                      SHA1

                                      3ede66a0c4533f9f904be7942a8c0e96b9231fc8

                                      SHA256

                                      38500feddaa7e129aaf9aba64cb4519f58f2e17bb45b4f9ab5b8592c8e10db4b

                                      SHA512

                                      9d18adda07bb47e9512faa2cc138519ac514f3dd7335a56bf74ffd8cdef9c805a6df92ae5ca131498e28cecb06bad31dc565a538ff9c38ff91699469dbc7d945

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      1KB

                                      MD5

                                      0fd8dae8c62e7619c781758e446dc060

                                      SHA1

                                      8afa342d687a634b471e53fa737f8c3e4e630659

                                      SHA256

                                      5ba3a806873780e65c21c909d41988cad3dccdbf52ef96b7561b62c992d73eeb

                                      SHA512

                                      221185a69c1814adff8cf584dd8fa5aa0031418c6715cb43299936cc2584f490e68e73831609ace834301238ddd292e364b671eb32013fec318344e18cd7ef1b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      7KB

                                      MD5

                                      e082e0ae8a8d184a32f984525c8ad0e3

                                      SHA1

                                      6d87ddca3a9d33f1d6a873df51b75c9be2edd662

                                      SHA256

                                      e1cb77827ded634605a59728934ee296d35f85fe0dbe47e0cc1bf3eef10bd30e

                                      SHA512

                                      d764dc622766e4b727f5bbfe1f96d830831b285b961ed36f2609f77b105cf8992da82fd8d8202503f37e4732909ec66a124e6dcf8390c28615d019931ff844cb

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      7KB

                                      MD5

                                      9c103052e87f9048b9e000931984a403

                                      SHA1

                                      870aec8841666f42c3753210ba6d03642f8f532d

                                      SHA256

                                      201a214e11cb869a1520f361cfe39d1005670c95f32a4fa1a6d1034401acf1b6

                                      SHA512

                                      4c7a1c924f31b80237c996e37efeb5cc6df3ded7d6007d0ea77aa4ecefe0a74b56af219bf9107fb5f977efb458c4609c364b5c38048fec8669665d87cd31565f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      7KB

                                      MD5

                                      8f093d1d22defa70d9f2ba62bb5d07cc

                                      SHA1

                                      45bd06373ad5ae3b5693e50b91580d97c0c25654

                                      SHA256

                                      b6770eba0af0cf0955afe98941fb2980fde2211886707cea5979e6a07719d582

                                      SHA512

                                      3754de10f0f2b67bad450ffe270649e1be91f14b9960fc800cd9d760bd045a3676c85742ad759d01c8bf4fba3e6fcf599d0c676c7735076d1e2ebc0b3e13c130

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      7KB

                                      MD5

                                      5e36853ee1f8f38601e0aceb44f04a73

                                      SHA1

                                      cdcb07b43cce9c719236cd159b59dc6ab858b576

                                      SHA256

                                      2bcec8a7f6fd0133152acf0580d587d858ed11ec586c8dd657ab0971d114ba16

                                      SHA512

                                      02d11c20d10361f517143e73b9ca634e58aaf12ae029a980fda739100ec098c5dca4218ba94ddd16c191eb9473f04b65d96e01cdc7f8bb86f2add89a3a220061

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
                                      Filesize

                                      1KB

                                      MD5

                                      b945d21443f810ce96a1ad66ad597d72

                                      SHA1

                                      1a5db6304e5fd1bbb51bd4325cd488efb7d4bfa2

                                      SHA256

                                      328284d207b2cf852a8894f450d84389d1a0a29b65ea11611a3fda58020e12ad

                                      SHA512

                                      12a4930edbfc9acd51d9b08037480a45c5107e54a9f59dbaf194f742e7a17b7868a7435265ccf5d46d2e697cba94d96b0ac8ca2a622103ac464a18f8ddd24d50

                                      Download Submit

                                    • C:\Users\Admin\Downloads\VantaCrack1.7.zip
                                      Filesize

                                      1.2MB

                                      MD5

                                      43b8cca39d98016c0c741241df57acd0

                                      SHA1

                                      a794a597598bb35d21e49a792863deb898fe4cf0

                                      SHA256

                                      708c4c0f8426f2f2c6aaaf2ab850bb9a35ab39ee2461d43ced1eaeac82dbf724

                                      SHA512

                                      164faa55c067a87d80e810c371033b11d6d8c332b81cd027e74dde8d00a4ed7a7d47e236b0a65c18c8da239847f65d24340f3831d06ccccc66096e246d947975

                                      Download Submit

                                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
                                      Filesize

                                      1024KB

                                      MD5

                                      5120931921bffd1031ce80023e6bacca

                                      SHA1

                                      14f04720e68c9feb3c9bedfaaf2b44e33994f358

                                      SHA256

                                      766cec83331fb9a964881dba8a4d6f764e7fbb05f73d1f6ba73257ec9bfc8312

                                      SHA512

                                      ccd7bd8e8eaa6afba4caf95056d29ec4716aa7870384da4b56c81a2ecfc378bb106677d0bec937adf9cd43502f746090b82f2e3bd5b6ae3cc3aa0b553fa52df3

                                      Download Submit

                                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                      Filesize

                                      7KB

                                      MD5

                                      14bda2f1ac3ff6639c3c240fbfca881a

                                      SHA1

                                      5850f40a49e51fccfd4c45fc251b6e76d1d91d44

                                      SHA256

                                      13530fe3ccbf7c3e7e3f57932e2d86174041250362f350f87f9ebcc1a8a16eeb

                                      SHA512

                                      f2ccbb9706ae08e591c2dbd21c5c5bd289ca3772be1dc7bf970bac6fc31dd5aa283d66425cd1ce04d01a80ac9f50e1315f0700878fd35387bc97dd791c9b7993

                                      Download Submit

                                    • C:\Windows\System32\SubDir\VantaFN.exe
                                      Filesize

                                      3.2MB

                                      MD5

                                      d56023f4312f45812b358ee694603c17

                                      SHA1

                                      e9559cbb4964ecd13705e6e03ca638258695eaa3

                                      SHA256

                                      ccb211135aad7dc5820840db5cb4c098ce12b27cd601fe29254ee2817b04e6cf

                                      SHA512

                                      e7e033f185ecbfd52353c5c8dd1bb3f41ef60fa11293a761436488b4299d9e5b6d9f5f043b115367fa96ded636d99f9e135445a80ac16016afdce92977322d60

                                      Download Submit

                                    • memory/64-254-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/64-268-0x0000000005960000-0x0000000005961000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-269-0x0000000005980000-0x0000000005981000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-270-0x0000000005990000-0x0000000005991000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-274-0x00000000059E0000-0x00000000059E1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-272-0x00000000059D0000-0x00000000059D1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-276-0x0000000005A00000-0x0000000005A01000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-271-0x00000000059A0000-0x00000000059A1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-275-0x00000000059F0000-0x00000000059F1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-278-0x0000000005A20000-0x0000000005A21000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-277-0x0000000005A10000-0x0000000005A11000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-279-0x0000000005A30000-0x0000000005A31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-280-0x0000000005A40000-0x0000000005A41000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-281-0x0000000005A50000-0x0000000005A51000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-282-0x0000000005A60000-0x0000000005A61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-283-0x0000000005A70000-0x0000000005A71000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-284-0x0000000005A80000-0x0000000005A81000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-265-0x0000000005780000-0x0000000005781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-285-0x0000000005A90000-0x0000000005A91000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-292-0x0000000005AB0000-0x0000000005AB1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-293-0x00000000057C0000-0x00000000057C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-291-0x0000000005AA0000-0x0000000005AA1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-294-0x00000000059C0000-0x00000000059C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-267-0x0000000005950000-0x0000000005951000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-266-0x00000000057A0000-0x00000000057A1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-259-0x0000000001C90000-0x0000000001C91000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/64-255-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/64-345-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/64-393-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-249-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-434-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-330-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-486-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-494-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-20-0x0000000001F90000-0x0000000001F91000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/372-395-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-529-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/372-12-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/3240-86-0x00000000080A0000-0x00000000080A1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3240-237-0x0000000007120000-0x0000000007121000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3240-91-0x0000000007110000-0x0000000007111000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3240-32-0x0000000005980000-0x0000000005981000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3240-0-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/3240-248-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/3240-33-0x0000000005990000-0x0000000005991000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3240-3-0x0000000001F50000-0x0000000001F51000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3240-1-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/3452-581-0x0000000000E30000-0x0000000001174000-memory.dmp

                                      Filesize

                                      3.3MB

                                      Download

                                    • memory/4864-559-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/4864-531-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/4864-396-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/4864-11-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/4864-331-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/4864-23-0x00000000020A0000-0x00000000020A1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/4864-487-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/4864-250-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/6072-441-0x0000000003840000-0x0000000003841000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-460-0x0000000005950000-0x0000000005951000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-461-0x0000000005960000-0x0000000005961000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-462-0x0000000005980000-0x0000000005981000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-463-0x0000000005990000-0x0000000005991000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-464-0x00000000059A0000-0x00000000059A1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-466-0x00000000059C0000-0x00000000059C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-465-0x00000000059B0000-0x00000000059B1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-467-0x00000000059D0000-0x00000000059D1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-468-0x0000000005780000-0x0000000005781000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-469-0x00000000057F0000-0x00000000057F1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-470-0x0000000005970000-0x0000000005971000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-471-0x00000000059E0000-0x00000000059E1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-459-0x0000000005940000-0x0000000005941000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-485-0x0000000007F10000-0x0000000007F11000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-458-0x0000000005930000-0x0000000005931000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-457-0x0000000005920000-0x0000000005921000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-488-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/6072-456-0x0000000005910000-0x0000000005911000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-496-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/6072-506-0x0000000005C10000-0x0000000005C11000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-455-0x0000000005900000-0x0000000005901000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-519-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/6072-454-0x00000000057D0000-0x00000000057D1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-453-0x00000000057C0000-0x00000000057C1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-451-0x0000000005790000-0x0000000005791000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-536-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    • memory/6072-452-0x00000000057B0000-0x00000000057B1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-450-0x00000000056F0000-0x00000000056F1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-449-0x00000000056D0000-0x00000000056D1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-448-0x00000000056B0000-0x00000000056B1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/6072-437-0x0000000000060000-0x0000000001797000-memory.dmp

                                      Filesize

                                      23.2MB

                                      Download

                                    We care about your privacy.

                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.