Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
09/04/2024, 14:05
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1224057074191958058/1227255792533766235/Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_.zip?ex=6627be06&is=66154906&hm=84fed3a83ec419d4f92f4baa3b76f41eead5fdc335f54e3fd43d735bd0a2207e&
Resource
win11-20240221-en
General
-
Target
https://cdn.discordapp.com/attachments/1224057074191958058/1227255792533766235/Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_.zip?ex=6627be06&is=66154906&hm=84fed3a83ec419d4f92f4baa3b76f41eead5fdc335f54e3fd43d735bd0a2207e&
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
pid Process 3780 python-3.12.2-amd64.exe 2408 python-3.12.2-amd64.exe 4984 python-3.12.2-amd64.exe -
Loads dropped DLL 1 IoCs
pid Process 2408 python-3.12.2-amd64.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\{b6178a40-1665-4565-b73e-48dd6e039a65} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{b6178a40-1665-4565-b73e-48dd6e039a65}\\python-3.12.2-amd64.exe\" /burn.runonce" python-3.12.2-amd64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\B: msiexec.exe -
Drops file in Windows directory 36 IoCs
description ioc Process File created C:\Windows\Installer\e59a17b.msi msiexec.exe File created C:\Windows\SystemTemp\~DFB3E2A90805D70E4F.TMP msiexec.exe File created C:\Windows\SystemTemp\~DFDD4D89B85C858FD8.TMP msiexec.exe File opened for modification C:\Windows\Installer\e59a176.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIB185.tmp msiexec.exe File created C:\Windows\Installer\e59a184.msi msiexec.exe File created C:\Windows\Installer\e59a185.msi msiexec.exe File created C:\Windows\Installer\SourceHash{E172CAF3-ABC7-4B62-BA8C-3A2472DE44F6} msiexec.exe File created C:\Windows\SystemTemp\~DFAAC12AABD053F074.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF88ADF87312428F31.TMP msiexec.exe File opened for modification C:\Windows\Installer\e59a180.msi msiexec.exe File created C:\Windows\SystemTemp\~DF90C4CFB4686F74EF.TMP msiexec.exe File created C:\Windows\SystemTemp\~DFCBA7F45497D5D6E0.TMP msiexec.exe File created C:\Windows\Installer\e59a17a.msi msiexec.exe File created C:\Windows\Installer\SourceHash{097D2A37-E94B-4FAD-8C89-D63443BD4D4A} msiexec.exe File opened for modification C:\Windows\Installer\MSIAB99.tmp msiexec.exe File created C:\Windows\Installer\e59a17f.msi msiexec.exe File created C:\Windows\SystemTemp\~DF80182660D9F9EE37.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSIA639.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{4534F2ED-1616-434D-98A6-0DA358DCD466} msiexec.exe File created C:\Windows\SystemTemp\~DFB14D8F67AD7DC381.TMP msiexec.exe File created C:\Windows\Installer\e59a180.msi msiexec.exe File opened for modification C:\Windows\Installer\e59a185.msi msiexec.exe File created C:\Windows\SystemTemp\~DFBA57AABEAAFEC37D.TMP msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\SystemTemp\~DF24B24B7830050A89.TMP msiexec.exe File opened for modification C:\Windows\Installer\e59a17b.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File created C:\Windows\SystemTemp\~DF908C0DF12B5FF98E.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF13963AE0DBE5E7F0.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSIC220.tmp msiexec.exe File created C:\Windows\Installer\e59a176.msi msiexec.exe File created C:\Windows\SystemTemp\~DF288B03F3A54AD7D9.TMP msiexec.exe File created C:\Windows\Installer\SourceHash{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD} msiexec.exe File created C:\Windows\SystemTemp\~DFA0B95F64DDE09F52.TMP msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000707bd4850afa18e80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000707bd4850000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900707bd485000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d707bd485000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000707bd48500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 32 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\DisplayName = "Python 3.12.2 Core Interpreter (64-bit)" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD}\Version = "3.12.2150.0" python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD}\DisplayName = "Python 3.12.2 Development Libraries (64-bit)" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466} python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Dependents python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\Version = "3.12.2150.0" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\Dependents python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD}\ = "{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD}" python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{E172CAF3-ABC7-4B62-BA8C-3A2472DE44F6}\DisplayName = "Python 3.12.2 Standard Library (64-bit)" python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\CPython-3.12\ = "{b6178a40-1665-4565-b73e-48dd6e039a65}" python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\ = "{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD} python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{E172CAF3-ABC7-4B62-BA8C-3A2472DE44F6} python-3.12.2-amd64.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{6F0DA84F-7705-4E0C-A77D-D89682714CBF} msedge.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\DisplayName = "Python 3.12.2 Executables (64-bit)" python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{E172CAF3-ABC7-4B62-BA8C-3A2472DE44F6}\ = "{E172CAF3-ABC7-4B62-BA8C-3A2472DE44F6}" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD}\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD}\Dependents python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{E172CAF3-ABC7-4B62-BA8C-3A2472DE44F6}\Version = "3.12.2150.0" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\CPython-3.12 python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\CPython-3.12\Version = "3.12.2150.0" python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\CPython-3.12\DisplayName = "Python 3.12.2 (64-bit)" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\ = "{4534F2ED-1616-434D-98A6-0DA358DCD466}" python-3.12.2-amd64.exe Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A} python-3.12.2-amd64.exe Set value (str) \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Version = "3.12.2150.0" python-3.12.2-amd64.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 969726.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\python-3.12.2-amd64.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_.zip:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 1440 msedge.exe 1440 msedge.exe 4124 msedge.exe 4124 msedge.exe 1176 msedge.exe 1176 msedge.exe 1404 msedge.exe 1404 msedge.exe 2328 identity_helper.exe 2328 identity_helper.exe 2212 msedge.exe 2212 msedge.exe 940 msedge.exe 940 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 1368 msiexec.exe 1368 msiexec.exe 1368 msiexec.exe 1368 msiexec.exe 1368 msiexec.exe 1368 msiexec.exe 1368 msiexec.exe 1368 msiexec.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeBackupPrivilege 3124 vssvc.exe Token: SeRestorePrivilege 3124 vssvc.exe Token: SeAuditPrivilege 3124 vssvc.exe Token: SeShutdownPrivilege 2408 python-3.12.2-amd64.exe Token: SeIncreaseQuotaPrivilege 2408 python-3.12.2-amd64.exe Token: SeSecurityPrivilege 1368 msiexec.exe Token: SeCreateTokenPrivilege 2408 python-3.12.2-amd64.exe Token: SeAssignPrimaryTokenPrivilege 2408 python-3.12.2-amd64.exe Token: SeLockMemoryPrivilege 2408 python-3.12.2-amd64.exe Token: SeIncreaseQuotaPrivilege 2408 python-3.12.2-amd64.exe Token: SeMachineAccountPrivilege 2408 python-3.12.2-amd64.exe Token: SeTcbPrivilege 2408 python-3.12.2-amd64.exe Token: SeSecurityPrivilege 2408 python-3.12.2-amd64.exe Token: SeTakeOwnershipPrivilege 2408 python-3.12.2-amd64.exe Token: SeLoadDriverPrivilege 2408 python-3.12.2-amd64.exe Token: SeSystemProfilePrivilege 2408 python-3.12.2-amd64.exe Token: SeSystemtimePrivilege 2408 python-3.12.2-amd64.exe Token: SeProfSingleProcessPrivilege 2408 python-3.12.2-amd64.exe Token: SeIncBasePriorityPrivilege 2408 python-3.12.2-amd64.exe Token: SeCreatePagefilePrivilege 2408 python-3.12.2-amd64.exe Token: SeCreatePermanentPrivilege 2408 python-3.12.2-amd64.exe Token: SeBackupPrivilege 2408 python-3.12.2-amd64.exe Token: SeRestorePrivilege 2408 python-3.12.2-amd64.exe Token: SeShutdownPrivilege 2408 python-3.12.2-amd64.exe Token: SeDebugPrivilege 2408 python-3.12.2-amd64.exe Token: SeAuditPrivilege 2408 python-3.12.2-amd64.exe Token: SeSystemEnvironmentPrivilege 2408 python-3.12.2-amd64.exe Token: SeChangeNotifyPrivilege 2408 python-3.12.2-amd64.exe Token: SeRemoteShutdownPrivilege 2408 python-3.12.2-amd64.exe Token: SeUndockPrivilege 2408 python-3.12.2-amd64.exe Token: SeSyncAgentPrivilege 2408 python-3.12.2-amd64.exe Token: SeEnableDelegationPrivilege 2408 python-3.12.2-amd64.exe Token: SeManageVolumePrivilege 2408 python-3.12.2-amd64.exe Token: SeImpersonatePrivilege 2408 python-3.12.2-amd64.exe Token: SeCreateGlobalPrivilege 2408 python-3.12.2-amd64.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeBackupPrivilege 1240 srtasks.exe Token: SeRestorePrivilege 1240 srtasks.exe Token: SeSecurityPrivilege 1240 srtasks.exe Token: SeTakeOwnershipPrivilege 1240 srtasks.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeBackupPrivilege 1240 srtasks.exe Token: SeRestorePrivilege 1240 srtasks.exe Token: SeSecurityPrivilege 1240 srtasks.exe Token: SeTakeOwnershipPrivilege 1240 srtasks.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe Token: SeTakeOwnershipPrivilege 1368 msiexec.exe Token: SeRestorePrivilege 1368 msiexec.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4124 wrote to memory of 1540 4124 msedge.exe 77 PID 4124 wrote to memory of 1540 4124 msedge.exe 77 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1416 4124 msedge.exe 78 PID 4124 wrote to memory of 1440 4124 msedge.exe 79 PID 4124 wrote to memory of 1440 4124 msedge.exe 79 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 PID 4124 wrote to memory of 1476 4124 msedge.exe 80 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1224057074191958058/1227255792533766235/Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_.zip?ex=6627be06&is=66154906&hm=84fed3a83ec419d4f92f4baa3b76f41eead5fdc335f54e3fd43d735bd0a2207e&1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4124 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde6643cb8,0x7ffde6643cc8,0x7ffde6643cd82⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:82⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:12⤵PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5420 /prefetch:82⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4400 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5448 /prefetch:82⤵PID:568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6080 /prefetch:82⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:940
-
-
C:\Users\Admin\Downloads\python-3.12.2-amd64.exe"C:\Users\Admin\Downloads\python-3.12.2-amd64.exe"2⤵
- Executes dropped EXE
PID:3780 -
C:\Windows\Temp\{DCB90424-50E9-447A-BC27-0BD463398F5C}\.cr\python-3.12.2-amd64.exe"C:\Windows\Temp\{DCB90424-50E9-447A-BC27-0BD463398F5C}\.cr\python-3.12.2-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.2-amd64.exe" -burn.filehandle.attached=760 -burn.filehandle.self=7643⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2408 -
C:\Windows\Temp\{A57268FE-F751-40FA-9C2B-0C3944DAFE5B}\.be\python-3.12.2-amd64.exe"C:\Windows\Temp\{A57268FE-F751-40FA-9C2B-0C3944DAFE5B}\.be\python-3.12.2-amd64.exe" -q -burn.elevated BurnPipe.{BB599317-978D-4645-BA1C-72AECF911A0E} {F575B512-1794-4C21-8D26-DF18D93DDF9A} 24084⤵
- Executes dropped EXE
PID:4984
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13922589006177240591,117571022332391299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:2924
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2352
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1336
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2312
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_.zip\Peki old Soft Aim LEAK BY killixcic 2024 !!!\Setup.bat" "1⤵PID:4956
-
C:\Users\Admin\Downloads\Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_\Peki old Soft Aim LEAK BY killixcic 2024 !!!\Peki-Soft-Aim.exe"C:\Users\Admin\Downloads\Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_\Peki old Soft Aim LEAK BY killixcic 2024 !!!\Peki-Soft-Aim.exe"1⤵PID:5024
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Peki_old_Soft_Aim_LEAK_BY_killixcic_2024_\Peki old Soft Aim LEAK BY killixcic 2024 !!!\Setup.bat" "1⤵PID:4088
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3124
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
- Suspicious use of AdjustPrivilegeToken
PID:1240
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5649e28b4ad0cdadacdacf0bfc1bfb74d
SHA1eb8c3f6938b5273eb150e9c20300e77d8764c145
SHA256a3532cda59d3572f33d3832bd8d4a1ad21da697dcc1118606159cca928a7748f
SHA5129fb9f629997734f23d608a2f4740fd2bf7cf182149fcaa9fbd15a58c711b6cff935d8788acf1a96394ab34c7e433f2c647becb924b1156ca6e1fac9d06379a7b
-
Filesize
12KB
MD5b0c720b0572c82b66f918a98d6ed04d5
SHA14284c08ad820da0ca0ce1165d75edfafec98b990
SHA25622cc680553c94062eaaf7fbee283f198251053fadc48597da75b1973c1470368
SHA512dcd5fd8db0349065dbfd6b91df9687da4aa746d15f932be1d39b7867eb6f77754da6f92858908af1db6cd310679ef41dfbd4f16f6b64148d8aaddfd78eb7b124
-
Filesize
50KB
MD55dce514ed9a7b436a66eea58c3523750
SHA175b0130c609d4657d77b301d27d9f46747c27676
SHA256a15461ab4f3088de3c48681602a586cdc94ba5c459654a1ea3acde481fe75cc0
SHA51269db17d99a0cbf2fb0e432d44b94467686c75592e61b639b9bd49b9f4a5638ef4ebb1daaaefbf8257b819f3885d230cf8544e7530086beffd0dca982f23a6cd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize471B
MD500b7674074be6c2eb3b9a2f4bae84b2c
SHA1312797177d3417a1b905e269bc7b9f92e8518976
SHA25698b3c3511bca0472d8935b45e3f7c998411002c1a4179e0b08dcfe9628ff8b79
SHA512fc0b7a7916c470db287ddd8b42b93f132284b44d0afa1476f9771ba00c683b4641d643845cc33c45064492194c59231dd2d45e892e589e5bbfa04f4e3c110584
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_26B14BC5FFF8CCADF0E4994815CF2509
Filesize727B
MD51385f01fe1549503ef6a138d120e1d4a
SHA1d266429e67f9cbe666a8923e568951df736e4f13
SHA256585c99606f30e3920de6b1e53ab94e97ce13ff923bc7f358526b6bc2a4c56b4f
SHA51249917f528aeff2cc49c7326e1c8c3f0d7e4840e850c4268253ca95c0f717fa53fe8f7aca154f0ce2078652b145e7480463a155f05462e17953aca68d1fa4c626
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize727B
MD51337d0647fb4821aeeac9a860e993d0c
SHA18cb3398c89bf78dd007afd85c842998cea2f643e
SHA256a5ad431765318006538d0dfd0de7af76041e6e70b84cdb0830a0211e7e37daad
SHA512900f91ce3430ae1c09f4252908f3a128c7456f6c2c920c54bcb6e2eeaffc788892b2c70722d851fb082df4f0519568bf13d1c45f0dc8e8e1a21a347e510d5573
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize400B
MD5b6b7b3ccecbc5619a250de111317264d
SHA13c1427e595c6bfed92bd298023aa5663a70a5a90
SHA256bc74366d60451ac4693d7573b7e16ae9ce9ffbca5ba7a38de53714e3a3fac41e
SHA512ee1e76d22a424985098d680f9b1bc6ab9a4e1b7bfebed9e0551d1e97b5214b7dbea229a19a841a2dad7574d92de7e7aa943a0fd48c247924ce4b0008bbd6d359
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_26B14BC5FFF8CCADF0E4994815CF2509
Filesize404B
MD509a18b0f227581abf86bd432e76af1b7
SHA11224bee88da6b6cb15d2f0579740234f08ec071b
SHA256f70668119eb45fd0d6cd6f5f5a8ada4ec81dc53444c9d67f70e75866aa0b625f
SHA5121bbeff7b3ab930775abb7f2d04e190fa2c80bcc76b9cd7b188bde373ae268d4921a9d40a81b1eee3cbe6213e18f6d1656d7529ef0f3d99eae00306c2ecd48f67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize412B
MD5aa0695faa90948964438423f4b9be5b7
SHA1a624e9df0cf8fcceb50ca8a23675c4e57c1bd3a7
SHA25626334fb8132fb69de7c35b9d3e596f3c93ef3471f8683bd5fc988b3c57b150f2
SHA51226b734ca82b88060682a644eea324d7246cadc2d1f779dcae7040576777d71d99222143ca5438e6e0fedfdcec6181fb17b0b33e940fa90d4513e9f9c289fb2cf
-
Filesize
152B
MD512b71c4e45a845b5f29a54abb695e302
SHA18699ca2c717839c385f13fb26d111e57a9e61d6f
SHA256c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0
SHA51209f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241
-
Filesize
152B
MD5ce319bd3ed3c89069337a6292042bbe0
SHA17e058bce90e1940293044abffe993adf67d8d888
SHA25634070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3
SHA512d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7
-
Filesize
69KB
MD5aac57f6f587f163486628b8860aa3637
SHA1b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA2560cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA5120622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
35KB
MD5a00ec059636b31e933d573d9eccc88f9
SHA11a1636ea664ca6c86b451c81889e2106d972c446
SHA256afd50b4a126fac0143d8caf48ccd61055fb2379f20bae384ced7b768746c5de5
SHA512735266cb5ff182a88dfd27b8fbec7e3e14fc90cbb48512d60679388d2e6313291bc5d0947b4f9b58a173c055ec5afc704400df4ef029b0a5034edcd419d23c10
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD5b36bf0bc042f10f9061a6f5e555b2dca
SHA176a0b3e1af74adbd78d75d93bc7bf38d4caae779
SHA256db2243add96c4820c823ce724ea39b818179f8b3bd35d5f30830300640a5df5a
SHA512742be95e1469fcf9dd4d3c3a68b9be6c90186f05f04bdc61b9bec4bf20469b1cbe2ca7a2909f661f64ee385837ee31789b98cd6a78fd3f3a1d169ab5d20fb1c3
-
Filesize
2KB
MD5eec89d1e29f981c8e474bfb6c3794004
SHA143a55d1069017b73d962ba0c7917fda68038e565
SHA256ce1e0bcfd0df065be5702a740de776bac07577b56a4470e292ad50c1fcfdc7c8
SHA5122219b05ab19e4e22af295e842d42e800ce7c1ad7a26830dae4f7107128b2177a93b264b60c5d32647702ef17140136cabd5139206390bf202a1a3be739ff61d7
-
Filesize
393B
MD5f26039273ed28d0d7474ee80dd5b37b3
SHA124e61c0e94ba9e4baf4de0de9e14e053b5824c8d
SHA2569d3460188bfde3ef979bc775e8947fcffd0e784896b177be9b667814e3e07abd
SHA512c5ba87f913cb51a2b8a9f4f3911c40d9716080615c92c56c4266b34d436dbc8223c01a3893c8e00d2084bf282505140cdb4526579edbe68f222d7ace6fea25da
-
Filesize
1KB
MD56dc03431a5829e7e3be885240ef57ac4
SHA11fcdd7dbf442336bae6bfda4c24678837d3d860b
SHA256d10b5198f7807285b954366834ec86b84c68bb470b7143da891207f5c213d7a6
SHA5122485cf4d26d9dd93ceb6b66c32b9c9dcc6536a4240e69082766e91135ae6bc02645787b13c0f40a11dfd0ece263409e9a677b6a7066b3b2135a07269f8278375
-
Filesize
5KB
MD5ab3659036bc7383b8a0b7dc62f607201
SHA1535d30a3f92b3d77735c29e6c1ea93a1514b4c4b
SHA2560161007d2546c9d23938baad4ef7870aac44aa5b786077741813974390043557
SHA5123f2ae5d9be4751eefe00fff078c565bb42debce05f99d97bbc21168672f12a6c2139fb5ff6dfa6b9f0faf43112c3ac6c23e1757fb61a62bf765b4e392cc6f188
-
Filesize
6KB
MD5661455b307a657dbcd2f536b39e4f694
SHA19122fff0358a48fa8b4649aa982cd533c73d4884
SHA2560bf68f4ef3f6a5446b60e1c6706ed9f78d5dfae3cd58be27d80a888187a062b5
SHA512a9a4a0cfd20abb240002a3f5113a3b4bd6918ebd929b4768913a242f1faea78218d599f77f5b176213bb498cf9e8dbf9fe16dc1723ecb60b1a42a47d43e5074e
-
Filesize
6KB
MD58d9d9400d5dab4d040ec139f76fe650e
SHA1412c7719ef6ce3631c73e076ded5559cfcfd5a8a
SHA2568165325fe9a2372dbfa85a6f2897bbe4bb887af4fc7d05baa1da67564306f96b
SHA512f6d0f13d6388e5fe62b4811ec987c9ca291f75d3ecd34624a9c7d947e2ef99634c0f53094bbc07bffaf481b53c287006b32f40b55b3d2b0c3891449ef29b8528
-
Filesize
5KB
MD55d57da3dbea66eacf8d35e63f6bd6653
SHA199ee283cbe6db34a4f1b3241f2f31c59e3672cd5
SHA256100e931da68fdfc17b61087e7551c5cb6a94e1c8c7866ead3318bf2ee171a2ce
SHA512e802e1a8375a5a9fb3e2bf8e74796529e0df18327bb628db54b15b2f01458d896f7606906e8ffdeffdb09e434f2fa6846f561db71957fdbe72ee6b698456698d
-
Filesize
1KB
MD529bd41a2aa77e03217175f26384fb5c0
SHA1aa5595ea4f3b5576beb0a038f70698acc4a43f85
SHA25658a0803f2a1bec7c6593a13beba20bbebd79f2143c0b1fc837ca55f955e097d3
SHA5128ba4779b475c8ef2080073055324f4e3829e790a937769ac033ff9b20071e99e6821a57d71ed7269d3b79665518037e78c90ca785ae50ef2870a9f47242d3ed9
-
Filesize
368B
MD5f3d1ceff28aba9910868b482b7d9008b
SHA16ddc24d3d965b914f2d69e36de118cb90de3856b
SHA2564579ef5698fb57176a5e198704d014f045a0916d0ae5a6b0dc1417f416563a75
SHA51237fb3e81f5d17602e9b404451cdd921be571775b2368b7bb9f932d465c35430f63d45126806d310eea52756449301ca272249827fa8c3b09539f2d71dae3ce50
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD529e497b878ed17952650d9958905998c
SHA1dac97883cefa6787ca84ef3ab3a3f4300310d9a9
SHA2566f9efaa68f6219e2c0ad5ba3e47945787c72bab0786a01e71bb054a837302ff9
SHA512f83f4d9adda295c405135b33d365a54285ef819e8b3e1d8172f72697b5dd49fdef693dffd4b51ba132c22089a8352d11727212e839184b7d380adfaabad96e7d
-
Filesize
11KB
MD5faef34b6d4b9b4242f06d3066ca0b709
SHA1cc4c0b9d544c40071e28efe8192e2f0b3f3614d1
SHA256d3d48962ca27e02cbe3542e9618558d9ef32e6f4983625ca64987b1b39b1c407
SHA5123127698893756be040d6ca0b1265793e242638bba3b57bf2e8fea51e6201338b1f76d977d2d461ab7c42e23782a24afa822b8c9ebe5901c6f7e162029de6d81c
-
Filesize
11KB
MD556df05ac89591632458f0563941a0163
SHA1f7235e51321df3d065f05a88f1ffed957d99ee72
SHA2566caa9dd50458ef37dd135868df0c835c40a64cc345fcf83ec43cf63888261a25
SHA51227cc0458788f621fc052e4bca56af896c8417bf2485e364395703885dc333291c05e107aeead5ef2a8f4536cb9dcaeb7d7e30639b27b772a6f2eac88b7e16415
-
Filesize
11KB
MD592d2fec1b3931384a7edc8432ce357c2
SHA12b43f111dcf65deb543cc6280b6120101e34a69a
SHA256d915506c4369b254187bb6f372a30acfd2a16cf0318018cc5787ff87799a4dcf
SHA512eb3086bd8b6110562fdac8bb8c795fe5235fe0e06867b4b543525e49b3358af2c589476fcced082c5178a36f595e67e3450c28718dd52a2fb483cd6bf10289eb
-
Filesize
5.4MB
MD55fc6e030f31d0aae7b95068bf17a72fc
SHA11daa17c033f29c122c76409dd5636716351bf7a2
SHA25602cc5a3a1d6c54390d68ee97f6c08c2a061a457780e48919c29462ef95a92b09
SHA5120fc29106e0263815ee7418a32d8f52c258d0a1378fc6b5e59b68ccef2fa34e2164f4dc9f4b1ba0232497f95155d9e71b6571dea4e8e446af1faf11d194bb94ec
-
Filesize
7.3MB
MD5edcbe1500d9c8cef819eda7f46f5b103
SHA1402d32a0b9049a7dfc6f106b101832fa4c3624dc
SHA256af7b6e1b27c6ee7a2e40b947fda039ad26827ac12ed4d0ffa80a6576f5b5fb8b
SHA51201ed6f251e0dbaa7e52e6f995b85e22a70fcec8b0eb65e6a1022c4017306775f4298f9e9c90702bf42324491f32ccffdbbc80efdee3ad158515f82d5e4a0aab6
-
Filesize
3.4MB
MD5cedd6738fae24edddfff69b10e4f46dd
SHA197538a7df13e0354a5eaccee7057192d10466a9f
SHA256f0d5c603ff7d87412f5a1e45e8ab7bd95d6f40bb90fd107125964421d7f06233
SHA5120c75c2d1263eeb6ed638d49b1cf3c3004353fff8452ed7288a8853133dc2ad32fe913cc7020b864aaf362b5b29be55e4ec0b38ef978a811c6462552c8cf32e1b
-
C:\Users\Admin\AppData\Local\Package Cache\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}v3.12.2150.0\exe.msi
Filesize712KB
MD59245623543644d494cc7ebe9ba4bdf49
SHA1416d483ececc8a6e5ba092d1ae75e7880fa4be36
SHA25691f05b779c2bbeb7a371c2ca24f600d8c21664ad8d2bc464e5565bb90e9405d2
SHA5124946990d92c6dce2da3c9eaf16cfb7e61a8070af11b8ffd67d75e541b6007e4ea459d3b0e27da9d08e39b407fec9ca9da3ea5cad789cad9722f0408d62d02366
-
C:\Users\Admin\AppData\Local\Package Cache\{4534F2ED-1616-434D-98A6-0DA358DCD466}v3.12.2150.0\core.msi
Filesize2.0MB
MD51c1df711824f2575637d68f9e79f0467
SHA128de3cc8ad3d32739a4eb9d93106c18f028aaedd
SHA256e747ceb205400dcdd45cbedc372f9c3cacdd158277e4d27ae1b95d223e323918
SHA5127a9d7d1f5823c36504e645562117cd494f8de79b5c0724326b6cbee7add3c617c7ba1a1a69012646840071ccbc29e8b3ed518875cce8466fb7208fd272de87c5
-
C:\Users\Admin\AppData\Local\Package Cache\{F131E2DD-B8C5-42F3-85B7-3D4BAC9582CD}v3.12.2150.0\dev.msi
Filesize384KB
MD5f7a21ea8323d54f6348c08e185d4a429
SHA14a969a5aa49728821e5b0064ab20e36f8d1825c5
SHA256633283cfcc5e870c6ce19404267a5e0509625b6b106d0c68e7133557d5c1bcb6
SHA512161b3d0392cc0626f222a9d525f9af8cae3184c6c71d9c6e90749f1c6a71df0bf4a130234a50648c63e56099b72a0647c647b57b7ff05db3161cd5fac2c5bdd7
-
Filesize
3KB
MD5abf1c208e73a1e32f7916839fe3aa23c
SHA18d52bba4a5d9c3769b52c2ce29a6c28ef82f9ea4
SHA256e004609f250603667cb5683911da35e4443d0a536a7077b8134b6a9a2cbd296a
SHA512e396886bbe682305117164d141b90a392340f045998cec2bada44a87a6ecd9a60cc1fdadbc38dad63c0661e33d9f9b84ae532e4587cc90483cc8b38c726e83ea
-
Filesize
1KB
MD50a1d0f243dd9b12f6862619413d3d243
SHA13eed412a7898d9bdcf4da37fc35cc9a201ed4b3e
SHA2562ffbd4d742213d533a7e15fcd43bca2d5d7eb2406dfd5591dc121d06775e1229
SHA5128df25f86e1b3a0cfb6f920e319d011df7e2b5e76967a8ffbc62419b622a43caa00d40d772d0be4811f10607829700795c7b05071795cb53a439750c0795a1911
-
Filesize
1KB
MD5c4302a86578397c079353008b08cb366
SHA1e3b00e63400a5e49938528ba92913f808b132d13
SHA25666257be469783998de3fe079c73d15e389a2440a4176f1902fa9071e7da7d629
SHA512af94470fec77cb41729b2a5c1cd8cbd17aaec3bc63a51f4885f88e41f7c4318e94f273a6eedcaa3457a1f487f660fd76c7e0776c2ad18d7ff2577b422c78f1e5
-
Filesize
1KB
MD5f11092487753409c7fb22d3f4eff0b59
SHA19f08a620409b0dcd26c82811c79dda5bfafb2982
SHA25647f746cc3ef02d56a5ac368d596233409b0f6b7cdb1c35847f630d5e7fac6c0c
SHA51278ca868fa55aeed50ef2c432689da8d7dcb3224c9b2372fa553216b50d1e81f1ceb680bf774baae7a12492961eff8539b8b8feef46cd9d78cf686f72136a826c
-
Filesize
140KB
MD524ea9ae69c9f8481d0fe0e9c776d7e7b
SHA1f045744adab94f417195b71b20521eee3e3a7dbd
SHA2563a2e4c332b11d70a27e1689264c4643b4f20ae12e5b72d820de71e3974c6afce
SHA51203fb75b1191971adc008728475918438215c67628e3a60cc513e7861913de7007524b56d7add875fbd51da3280c4bacdcb53aa0c97f8640fbf65f7887fab87d2
-
Filesize
253B
MD55a11df3a32a35cb77131c490babc3775
SHA13d18deb3e3700c49eba0ea8bf167c12b5611c029
SHA2568041353c8abe72a97f882e1edf36ff03bf593ce771a45d3187fb936a0ad05b61
SHA512a4aba027a69abea0f1356790e1cd4b12a04136b218a7ced19c732735c21f32e695ee522d9f56ad623032b8de1de1fbd6ebff1fa811012b2d14517cdfe8a97e02
-
Filesize
25.4MB
MD544abfae489d87cc005d50a9267b5d58d
SHA1af778548383c17cb154530f1c06344c9cced9272
SHA256b9314802f9efbf0f20a8e2cb4cacc4d5cfb0110dac2818d94e770e1ba5137c65
SHA512e955f0bee350cd8f7e4da6a8e8f02db40e477b7465a77c8ecab46a54338c0a9d8acf3d22d524af2c45c25685df2468970ea1b70b83321c7f8e3fae230f3c7f16
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
675KB
MD58294dc8850dd596d0ce8455167496832
SHA15c75c685c95bee8c1a39187da8af46b6c7892757
SHA256565f03893da383e5bec8c6eaa7c8fbb3e6db0b9bddd5a1399b0dec66fa44d64d
SHA51221015ca201b64e3316f3d1ee32e4c562d0142111c1ed576f03aa078619fe656c56848b5998313af23aabb97293c5452be0e27d5c44878be5d90ac2d2d2f05851
-
Filesize
50KB
MD5888eb713a0095756252058c9727e088a
SHA1c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA25679434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA5127c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0
-
Filesize
540KB
MD5787171c1940bc4d251114b07586492e5
SHA1e256a242c1da23ab7cbd5cfa9b70fdd2c65a0233
SHA2566601eff4c1be13cf21106cdd8f041f96e4f1648aa683c73c53dad157ff12676e
SHA5120403d46c69928906f20631041b13aef11f926163e27b16e7e5544c7b85350fa04d796b4e81ff0d7db6a8548af797c2e7879ff480926ec30896c2984e725902d6
-
Filesize
268KB
MD5083842cfa5cb8331820b45599cb883ef
SHA12858179692c35368251f72894a8612db25fecc74
SHA256cfe1f73cd965e2cf1bcb94143fd87b7a6cb0d315977cab1da3002f5029948b98
SHA512e3325c99fc05280dc05d2d458ee942aa406b13b95993d2415817ab3c55752cb66a8d1613514382b092eb55c08c2319b57dd261120db525253398b7a456091229
-
Filesize
858KB
MD5ab21a1bea9e3eaab64a2c062ab613221
SHA1310b1f7921af8edf125eacba71944b6e5356acdf
SHA2561474dbd6a33da8f2f0b50007ba48f0c1ddb3e0e6f8c969722eed1e683a9af68a
SHA512b39b5a24bb7b2d3ead8aed284452c94280398a9e4855f17a8e3593fe718e9b3573e88b15f1dd4659030827e754b17e7f918ba24803e4d522ad9601167fb70df4