discordrat | hxxps://mega[.]nz/folder/4zkUCBrA#W1jc-wZGaAHyvSmCnivWDw

Analysis

max time kernel
711s
max time network
717s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-05-2024 12:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://mega.nz/folder/4zkUCBrA#W1jc-wZGaAHyvSmCnivWDw

Score

10^/10

discordrat persistence rat rootkit stealer upx

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzNTU2MDUxNjY3MjU1NzA1Ng.GZDFBY.fzBUGyBQFSJ9PEG02ojzoc_vkiKee7lffNWj3Q
server_id
1175458472670801940

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation	cmd.exe

Loads dropped DLL 64 IoCs

pid	Process
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe
1232	Yargi Hack FiveM+Spoofer.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5132-4633-0x00007FFA5CD20000-0x00007FFA5D309000-memory.dmp	upx
behavioral1/memory/5132-4724-0x00007FFA76750000-0x00007FFA7675F000-memory.dmp	upx
behavioral1/memory/5132-4723-0x00007FFA729F0000-0x00007FFA72A13000-memory.dmp	upx
behavioral1/memory/5132-4726-0x00007FFA71C90000-0x00007FFA71CBD000-memory.dmp	upx
behavioral1/memory/5132-4725-0x00007FFA729D0000-0x00007FFA729E9000-memory.dmp	upx
behavioral1/memory/5132-4735-0x00007FFA71850000-0x00007FFA7187E000-memory.dmp	upx
behavioral1/memory/5132-4734-0x00007FFA73A40000-0x00007FFA73A4D000-memory.dmp	upx
behavioral1/memory/5132-4736-0x00007FFA6FE10000-0x00007FFA6FECC000-memory.dmp	upx
behavioral1/memory/5132-4737-0x00007FFA71490000-0x00007FFA714BB000-memory.dmp	upx
behavioral1/memory/5132-4733-0x00007FFA76280000-0x00007FFA7628D000-memory.dmp	upx
behavioral1/memory/5132-4732-0x00007FFA72110000-0x00007FFA72129000-memory.dmp	upx
behavioral1/memory/5132-4731-0x00007FFA714C0000-0x00007FFA714F6000-memory.dmp	upx
behavioral1/memory/5132-4738-0x00007FFA71400000-0x00007FFA71433000-memory.dmp	upx
behavioral1/memory/5132-4739-0x00007FFA5C800000-0x00007FFA5CD20000-memory.dmp	upx
behavioral1/memory/5132-4741-0x00007FFA61850000-0x00007FFA6191D000-memory.dmp	upx
behavioral1/memory/5132-4740-0x00007FFA5CD20000-0x00007FFA5D309000-memory.dmp	upx
behavioral1/memory/5132-4742-0x00007FFA71B30000-0x00007FFA71B45000-memory.dmp	upx
behavioral1/memory/5132-4744-0x00007FFA70DF0000-0x00007FFA70E13000-memory.dmp	upx
behavioral1/memory/5132-4745-0x00007FFA5C680000-0x00007FFA5C7F7000-memory.dmp	upx
behavioral1/memory/5132-4743-0x00007FFA70E20000-0x00007FFA70E32000-memory.dmp	upx
behavioral1/memory/5132-4754-0x00007FFA70DD0000-0x00007FFA70DE8000-memory.dmp	upx
behavioral1/memory/5132-4753-0x00007FFA72110000-0x00007FFA72129000-memory.dmp	upx
behavioral1/memory/5132-4756-0x00007FFA71850000-0x00007FFA7187E000-memory.dmp	upx
behavioral1/memory/5132-4759-0x00007FFA70DB0000-0x00007FFA70DC4000-memory.dmp	upx
behavioral1/memory/5132-4762-0x00007FFA6F600000-0x00007FFA6F626000-memory.dmp	upx
behavioral1/memory/5132-4761-0x00007FFA71480000-0x00007FFA7148B000-memory.dmp	upx
behavioral1/memory/5132-4760-0x00007FFA6FE10000-0x00007FFA6FECC000-memory.dmp	upx
behavioral1/memory/5132-4755-0x00007FFA6D870000-0x00007FFA6D8F7000-memory.dmp	upx
behavioral1/memory/5132-4784-0x00007FFA5C560000-0x00007FFA5C67C000-memory.dmp	upx
behavioral1/memory/5132-4810-0x00007FFA71490000-0x00007FFA714BB000-memory.dmp	upx
behavioral1/memory/5132-4815-0x00007FFA713F0000-0x00007FFA713FB000-memory.dmp	upx
behavioral1/memory/5132-4823-0x00007FFA70D30000-0x00007FFA70D3C000-memory.dmp	upx
behavioral1/memory/5132-4864-0x00007FFA5C310000-0x00007FFA5C555000-memory.dmp	upx
behavioral1/memory/5132-4877-0x00007FFA5C2E0000-0x00007FFA5C309000-memory.dmp	upx
behavioral1/memory/5132-4876-0x00007FFA71B30000-0x00007FFA71B45000-memory.dmp	upx
behavioral1/memory/5132-4837-0x00007FFA6B210000-0x00007FFA6B21C000-memory.dmp	upx
behavioral1/memory/5132-4836-0x00007FFA6B220000-0x00007FFA6B232000-memory.dmp	upx
behavioral1/memory/5132-4835-0x00007FFA6B240000-0x00007FFA6B24D000-memory.dmp	upx
behavioral1/memory/5132-4834-0x00007FFA6B250000-0x00007FFA6B25C000-memory.dmp	upx
behavioral1/memory/5132-4833-0x00007FFA6B260000-0x00007FFA6B26C000-memory.dmp	upx
behavioral1/memory/5132-4832-0x00007FFA6B270000-0x00007FFA6B27B000-memory.dmp	upx
behavioral1/memory/5132-4831-0x00007FFA6B280000-0x00007FFA6B28B000-memory.dmp	upx
behavioral1/memory/5132-4830-0x00007FFA6B290000-0x00007FFA6B29C000-memory.dmp	upx
behavioral1/memory/5132-4829-0x00007FFA6B780000-0x00007FFA6B78E000-memory.dmp	upx
behavioral1/memory/5132-4828-0x00007FFA6F5F0000-0x00007FFA6F5FC000-memory.dmp	upx
behavioral1/memory/5132-4827-0x00007FFA6F660000-0x00007FFA6F66C000-memory.dmp	upx
behavioral1/memory/5132-4826-0x00007FFA6F670000-0x00007FFA6F67B000-memory.dmp	upx
behavioral1/memory/5132-4825-0x00007FFA6FCC0000-0x00007FFA6FCCC000-memory.dmp	upx
behavioral1/memory/5132-4824-0x00007FFA6FE00000-0x00007FFA6FE0B000-memory.dmp	upx
behavioral1/memory/5132-4822-0x00007FFA70DA0000-0x00007FFA70DAB000-memory.dmp	upx
behavioral1/memory/5132-4821-0x00007FFA61850000-0x00007FFA6191D000-memory.dmp	upx
behavioral1/memory/5132-4814-0x00007FFA71400000-0x00007FFA71433000-memory.dmp	upx
behavioral1/memory/5132-4813-0x00007FFA6C3E0000-0x00007FFA6C418000-memory.dmp	upx
behavioral1/memory/5132-4812-0x00007FFA5C800000-0x00007FFA5CD20000-memory.dmp	upx
behavioral1/memory/5132-4915-0x00007FFA70DF0000-0x00007FFA70E13000-memory.dmp	upx
behavioral1/memory/3944-4921-0x00007FFA5B2B0000-0x00007FFA5B899000-memory.dmp	upx
behavioral1/memory/5132-4935-0x00007FFA5C680000-0x00007FFA5C7F7000-memory.dmp	upx
behavioral1/memory/3944-4940-0x00007FFA5C2B0000-0x00007FFA5C2D3000-memory.dmp	upx
behavioral1/memory/3944-4945-0x00007FFA5C260000-0x00007FFA5C28D000-memory.dmp	upx
behavioral1/memory/5132-4944-0x00007FFA6D870000-0x00007FFA6D8F7000-memory.dmp	upx
behavioral1/memory/3944-4943-0x00007FFA5C290000-0x00007FFA5C2A9000-memory.dmp	upx
behavioral1/memory/5132-4942-0x00007FFA70DD0000-0x00007FFA70DE8000-memory.dmp	upx
behavioral1/memory/3944-4941-0x00007FFA64170000-0x00007FFA6417F000-memory.dmp	upx
behavioral1/memory/3944-5201-0x00007FFA5BF50000-0x00007FFA5BF86000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Windows\CurrentVersion\Run\visuals = "reg add \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" /v visuals /t REG_SZ /d \"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows-Updater.exe\" /f"	Yargi Hack FiveM+Spoofer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Windows\CurrentVersion\Run\visuals = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows-Updater.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 29 IoCs

Web Service

T1102

flow	ioc
87	discord.com
144	discord.com
106	discord.com
59	discord.com
65	discord.com
73	discord.com
150	discord.com
82	discord.com
102	discord.com
151	discord.com
104	discord.com
165	discord.com
77	discord.com
103	discord.com
166	discord.com
60	discord.com
62	discord.com
66	discord.com
148	discord.com
167	discord.com
76	discord.com
97	discord.com
147	discord.com
83	discord.com
91	discord.com
192	discord.com
61	discord.com
74	discord.com
75	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
88	api.ipify.org
89	api.ipify.org

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\421858948\2704036608.pri	LogonUI.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates processes with tasklist 1 TTPs 4 IoCs

Process Discovery

T1057

pid	Process
4372	tasklist.exe
5320	tasklist.exe
536	tasklist.exe
1344	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591282981044036"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{159D49A7-1025-4F37-B727-B2C161D52249} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "753"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packag = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e3e9ed78919cda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{C95A4C9C-0D24-4F4E-A533-47A54FB29810} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 06e66631919cda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\discord.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "644"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "543"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "420817265"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify.	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5048	PaintStudio.View.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
2988	chrome.exe
2988	chrome.exe
5132	Eulen-Crack.exe
5132	Eulen-Crack.exe
5132	Eulen-Crack.exe
5132	Eulen-Crack.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
204	mspaint.exe
204	mspaint.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe
5048	PaintStudio.View.exe

Suspicious behavior: MapViewOfSection 30 IoCs

pid	Process
5736	MicrosoftEdgeCP.exe
5736	MicrosoftEdgeCP.exe
5736	MicrosoftEdgeCP.exe
5736	MicrosoftEdgeCP.exe
2368	MicrosoftEdgeCP.exe
2368	MicrosoftEdgeCP.exe
2368	MicrosoftEdgeCP.exe
2368	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2988	chrome.exe
2988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe
Token: SeShutdownPrivilege	2988	chrome.exe
Token: SeCreatePagefilePrivilege	2988	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
2988	chrome.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe
1060	taskmgr.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2128	Yargi Hack FiveM+Spoofer.exe
3592	MicrosoftEdge.exe
5736	MicrosoftEdgeCP.exe
3104	MicrosoftEdgeCP.exe
5736	MicrosoftEdgeCP.exe
204	mspaint.exe
5048	PaintStudio.View.exe
6124	MicrosoftEdge.exe
2368	MicrosoftEdgeCP.exe
2368	MicrosoftEdgeCP.exe
2848	MicrosoftEdgeCP.exe
3200	MicrosoftEdge.exe
3912	MicrosoftEdgeCP.exe
3912	MicrosoftEdgeCP.exe
828	LogonUI.exe
828	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 4120	2988	chrome.exe	72
PID 2988 wrote to memory of 4120	2988	chrome.exe	72
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 1860	2988	chrome.exe	74
PID 2988 wrote to memory of 2416	2988	chrome.exe	75
PID 2988 wrote to memory of 2416	2988	chrome.exe	75
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76
PID 2988 wrote to memory of 2164	2988	chrome.exe	76

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
708	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/4zkUCBrA#W1jc-wZGaAHyvSmCnivWDw
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa73939758,0x7ffa73939768,0x7ffa73939778
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:2
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5116 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=1848,i,10919585125562443922,10263419171377848646,131072 /prefetch:8
  2⤵
  PID:4016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec
1⤵
PID:2840

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4552

C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
"C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
1⤵
PID:2612
- C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
  "C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
  2⤵
  - Loads dropped DLL
  - Adds Run key to start application
  PID:1232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v visuals /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Microsoft\Windows-Updater.exe" /f"
    3⤵
    PID:2288
  - - C:\Windows\system32\reg.exe
      reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v visuals /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Microsoft\Windows-Updater.exe" /f
      4⤵
      Adds Run key to start application
      PID:192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows-Updater.exe""
    3⤵
    PID:2196
  - - C:\Windows\system32\attrib.exe
      attrib +h "C:\Users\Admin\AppData\Roaming\Microsoft\Windows-Updater.exe"
      4⤵
      Views/modifies file attributes
      PID:708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:2528
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:4372

C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
"C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
1⤵
PID:5564
- C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
  "C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
  2⤵
  PID:5136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:5280
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:5320

C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Set-Up.exe
"C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Set-Up.exe"
1⤵
PID:5600

C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe
"C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe"
1⤵
PID:4684
- C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe
  "C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:5896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
    3⤵
    PID:2780
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
      4⤵
      PID:5160

C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
"C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
1⤵
PID:3280
- C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
  "C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:5296
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start pornhub.com
    3⤵
    PID:5504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.underical.support/
    3⤵
    - Checks computer location settings
    PID:2200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://discord.gg/2x7wRD98
    3⤵
    - Checks computer location settings
    PID:6056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.underical.support/
    3⤵
    - Checks computer location settings
    PID:4384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c shutdown /p
    3⤵
    PID:2312
  - - C:\Windows\system32\shutdown.exe
      shutdown /p
      4⤵
      PID:1732

C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe
"C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe"
1⤵
PID:5996
- C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe
  "C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Eulen-Crack.exe"
  2⤵
  PID:3944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2404

C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
"C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
1⤵
PID:4992
- C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe
  "C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Yargi Hack FiveM+Spoofer.exe"
  2⤵
  PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:4988
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:1344

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3592

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5736

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5716

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5436

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\Hack FiveM+Spoofer\Photo.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:204

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5048

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6124

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4168

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3200

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1544

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3912

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:692

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a4d055 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:828

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:756

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
33732af33cfac3c2a79f649c8651c9bc

SHA1
75d49f73d3a824aa662bd446e96bc9a0195ce5cf

SHA256
b147ba86bc4087ba1f527fb5e07f42d2c10c073ef660548c3654e0978122f7ae

SHA512
fe1e63cfcb1ce643f7b2c788f8f10375d44b7dadb7d257ca200d09c5b0ee0768efb3b1ac9effb7ba9b9584982ca7cfa15c05f21193b7386e7f3d21b00fbde2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cb7b1166583aa2a170c9fc9c8f0c23eb

SHA1
8c4e9dce383b120853699bd81c7d278c74bc6ad6

SHA256
e3a1cbf2d63f0d30c1776c761ea2d7b477f670a702e91e21d26fc1b25bface2c

SHA512
58848c0319d2dd9f4f6052298a14f1b19d32f5ade48fe15a379937aeca091d5f355ebeada532948f16f3839fd6be1ed761ec335cb3452425913d028c28f8c9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
f4540f9722d14e7aba10f6fadfc0e2e3

SHA1
a64dfe7b1aa51b944553350e8884c8016cbe7ffd

SHA256
0adb08a6913ed770c94240f977057df61da5f977d49b9b382999f5e5d27b2796

SHA512
abfbb1e3c2b23a8d6282faf073fd2264d1ada631233096c7773ac5480df4817a1a5ca8e7353d675a81e47859312d8f6b8adf5658dce9a57961595de534d6145e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a32c8aa31cbb1e38ac8f126ac638d4f

SHA1
f2c1f79be5f36f7306337b668f26984e08b9ea6d

SHA256
bab97658c88d8733f1dd263a359a1d064ae1301764b4d8f8c4ac8d05767928cb

SHA512
09ad3600ada9d93ca2795ca515435f51d047e06801fd01b2d4af89a7735459ffca0e0d2c8af348cfdcf3c922707edba27e828f0cb0bb3e5d12a051bd9016309e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
96e567242eef7d8f69a9d414f0d49abb

SHA1
7cf211438c72d65d93f1af1271c9585511f3fde6

SHA256
d35584853cb51e9d406a2af6dd145180bcbbb1151639a81f889d106ae7cb811d

SHA512
91319670d47d02eaa93564ab94b4ed75625b8fea6b04777f2ad8c075d605bb23f94b60160732a1132ff52995624c54ebfc8dca619a3e919ac9d50a2296ca5fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1b3e687c322b79bcf65dd4867ef58f48

SHA1
90bcdcdbf978d3a7d07612763a80d97f26649603

SHA256
31e4a72ff94b65731902f9b221060d1c50dc54e6a583d8e5ca8e44ee01457ea3

SHA512
8036b8884ec90e720011403fbd252bd644c6acb8737f95439ef1f830d6ba0a50cd003567753c25c2ed0c71b3beea086d4b7ddc35cb853a1ead0ca3cda3a2f711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d8c00762df73752619fbc852a381bf4

SHA1
518ef044338dfe38592bbf207c5a4903d55fa3c9

SHA256
0a7ce60cb66b3f3f982f07dba423e9c37aea5d4d3168248e3d934a18a31907cd

SHA512
074dcb99806114d7f56065f50aa41617343e4e9c79d2370e54d5d768080337d9a406473f40e204547b31a9363efdc212f2749bc80879747d98429c0d95537710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ae5f83ffe5dbe5f018c25ff225524cee

SHA1
2667941055ade3b0613c4abb4d8b9d8b02bd07ea

SHA256
009ea7a3740a759fe8d4c4b9da853fde2e1ecc8db2b67a809f0c7b73a11d9af6

SHA512
5fcee38342b43f7b1ffdfb2743f953f924f6189d9cd168da137e2a0e590feb5885506b044114689386a8149cbd0543b6f99f34f1ef9953b8982d98cb732471a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582f0a.TMP

Filesize
48B

MD5
9cc8cc3b684bef3b9e11f4a76cd7a542

SHA1
8b2b84fe8fb9249be43671541de9aee23266d849

SHA256
535a39fb4ba15480213456fbafaa4429b261b0ca2d1cc2f06909ad129d21f705

SHA512
b491a390e44f4c6a018fa8fcee50a904a3f4e7a31f483b14347747aa81c5fbb1954ba4f031b2d499ed03e72bc0afd79c8f2ff512e86f8ef0e3c62491821f9df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
3b0fbee4d526c813792787c67496d656

SHA1
a0cbb286e6ba277be234b4e4d48eefab4724cfc7

SHA256
503c68dc094fb7d42398fb241a34c93d69710c54e621fdb074d4afc131cfac00

SHA512
0a339a8c7bb31aee82705bdb6cee620289c27de9d24c5e5a7aea443de816f2d5db606024e32816140dceeb64be96c6e1539f64d7a504cf7e89a1cd87fb9d3340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
e81e7d2fe2257a4d53cf32e79ad65df9

SHA1
74c0b7ea17a42c8039da05d03ff905fbf43e6a76

SHA256
8f6297141bfc96b04e30ba6fc3ddb766e5d9c3138918b475cec6dd055dbe1b8a

SHA512
4afc8d34d489b488f673399d74708d8a883499859fa1dd6b325c13d9e73070e272288040099a040d8b1bfa9c9238d698d3b77393479ca3337025e66bb6f1a64c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6d649c14e9e61b34a2c1b7c01d8fd71c

SHA1
69145e3d9ddde9cd0b00722e9f956415b9203a34

SHA256
ea54815c5c0497785512115c495e6c6edd6f6433721885135c23457f3c2ad9da

SHA512
7c94f988045928023ac111207f1ace8e8457d5e64eb4f9f6ed87f81675b794ac4de20415c372d59c3e041717199989a90e06b73d1e5bf0962243ca34379b0ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2TT8RSZ7\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
234B

MD5
34d7ef3f5dfe342784475f77b069a30f

SHA1
72d73e26f0a2f35924c37c58297e3f9b5cd338e6

SHA256
ff62bf3c682ca3b48e374361aef4c0d3827863ccc86cf2d3aaf319bf8548ae47

SHA512
fe1b04d5b13edc96228a79042b1f3da306c762d9f949ade6f6e8f44f9c0bebc52b0095115f933fdbfc4c0079090546a23dd045e967197589b1a84cb0dfa5b405

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AYGKDDGZ\favicon[1].htm

Filesize
9KB

MD5
d23e2693103e1ac1f45c18a5c4c12fe0

SHA1
f7a46e2b81bfe7b999d2b7d67b682a18713f6767

SHA256
53f829ee2eb2af2e261d9e0366a20acd70c20b99a706f8afb6d4d68c7e58d2a0

SHA512
6130538aecf72bdee35c2ab0e2d3b286350bda4f64ff4b7a040e5526c21c6bb06c32396efa18963efea74b5607856ecb1596bab7afdc775129f5535aa35ff872

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AYGKDDGZ\favicon[1].ico

Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KUA8XU2O\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
8568bf32f32d15dc9637010793dd1471

SHA1
183f0fc93a47ec7973df822e2f78727be4cf7466

SHA256
f579072c90d13ab2fff41885b1a6a13b6decc4933a1d56fe75a78ec5fe596499

SHA512
96f86ad28b0aeb86d59b23803c82860bd245b2c5af0ad5b3345698fe17e7b1aa6a6df1048111b4f9a55615e25cd331bc0c180991d64c321ec92f2d926ca9e70d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\st3tqex\imagestore.dat

Filesize
24KB

MD5
66f58c6086afa7ad28a8cbb7eddb091d

SHA1
6549a445b4c71ff6a749ba997cbaf0e221aad162

SHA256
20b309de1b8f2b69b2d2e938aeaa4f6b7e28af5c226b4667e6d4cb4e26ae1182

SHA512
1a7287946f6adfe3816fac4358d8abc67b36632070083839da10cea23c88dc1a17e0d6bd11f3216efaf7210d315b949710a636ac2a1fc8e8b0b40751f5641315

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9B2A8EF5DA1A3510.TMP

Filesize
16KB

MD5
4d20221702c474c8abb1f419669d0faf

SHA1
d313eb6c0e179e861f68c465df044c73c53d5c17

SHA256
688f5a76f0d667edd270daddefc877ee9fe56dd788395a0395f756f6881e6b44

SHA512
53af37bf73ad0ab1c44639d60964fdce95502c7e95fbbe75308e460c80cb8cc22ddf839e9aadc9e4eaf078f675a6dffc9cf77f20574009c328f9d4e9fb705130

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_asyncio.pyd

Filesize
69KB

MD5
209cbcb4e1a16aa39466a6119322343c

SHA1
cdcce6b64ebf11fecff739cbc57e7a98d6620801

SHA256
f7069734d5174f54e89b88d717133bff6a41b01e57f79957ab3f02daa583f9e2

SHA512
5bbc4ede01729e628260cf39df5809624eae795fd7d51a1ed770ed54663955674593a97b78f66dbf6ae268186273840806ed06d6f7877444d32fdca031a9f0da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_brotli.cp312-win_amd64.pyd

Filesize
802KB

MD5
9ad5bb6f92ee2cfd29dde8dd4da99eb7

SHA1
30a8309938c501b336fd3947de46c03f1bb19dc8

SHA256
788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8

SHA512
a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_ctypes.pyd

Filesize
122KB

MD5
2a834c3738742d45c0a06d40221cc588

SHA1
606705a593631d6767467fb38f9300d7cd04ab3e

SHA256
f20dfa748b878751ea1c4fe77a230d65212720652b99c4e5577bce461bbd9089

SHA512
924235a506ce4d635fa7c2b34e5d8e77eff73f963e58e29c6ef89db157bf7bab587678bb2120d09da70594926d82d87dbaa5d247e861e331cf591d45ea19a117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_decimal.pyd

Filesize
246KB

MD5
f930b7550574446a015bc602d59b0948

SHA1
4ee6ff8019c6c540525bdd2790fc76385cdd6186

SHA256
3b9ad1d2bc9ec03d37da86135853dac73b3fe851b164fe52265564a81eb8c544

SHA512
10b864975945d6504433554f9ff11b47218caa00f809c6bce00f9e4089b862190a4219f659697a4ba5e5c21edbe1d8d325950921e09371acc4410469bd9189ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_hashlib.pyd

Filesize
64KB

MD5
b0262bd89a59a3699bfa75c4dcc3ee06

SHA1
eb658849c646a26572dea7f6bfc042cb62fb49dc

SHA256
4adfbbd6366d9b55d902fc54d2b42e7c8c989a83016ed707bd7a302fc3fc7b67

SHA512
2e4b214de3b306e3a16124af434ff8f5ab832aa3eeb1aa0aa9b49b0ada0928dcbb05c57909292fbe3b01126f4cd3fe0dac9cc15eaea5f3844d6e267865b9f7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_multiprocessing.pyd

Filesize
34KB

MD5
4ccbd87d76af221f24221530f5f035d1

SHA1
d02b989aaac7657e8b3a70a6ee7758a0b258851b

SHA256
c7bbcfe2511fd1b71b916a22ad6537d60948ffa7bde207fefabee84ef53cafb5

SHA512
34d808adac96a66ca434d209f2f151a9640b359b8419dc51ba24477e485685af10c4596a398a85269e8f03f0fc533645907d7d854733750a35bf6c691de37799

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_overlapped.pyd

Filesize
54KB

MD5
61193e813a61a545e2d366439c1ee22a

SHA1
f404447b0d9bff49a7431c41653633c501986d60

SHA256
c21b50a7bf9dbe1a0768f5030cac378d58705a9fe1f08d953129332beb0fbefc

SHA512
747e4d5ea1bdf8c1e808579498834e1c24641d434546bffdfcf326e0de8d5814504623a3d3729168b0098824c2b8929afc339674b0d923388b9dac66f5d9d996

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_queue.pyd

Filesize
31KB

MD5
f3eca4f0b2c6c17ace348e06042981a4

SHA1
eb694dda8ff2fe4ccae876dc0515a8efec40e20e

SHA256
fb57ee6adf6e7b11451b6920ddd2fb943dcd9561c9eae64fdda27c7ed0bc1b04

SHA512
604593460666045ca48f63d4b14fa250f9c4b9e5c7e228cc9202e7692c125aacb0018b89faa562a4197692a9bc3d2382f9e085b305272ee0a39264a2a0f53b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_sqlite3.pyd

Filesize
121KB

MD5
506b13dd3d5892b16857e3e3b8a95afb

SHA1
42e654b36f1c79000084599d49b862e4e23d75ff

SHA256
04f645a32b0c58760cc6c71d09224fe90e50409ef5c81d69c85d151dfe65aff9

SHA512
a94f0e9f2212e0b89eb0b5c64598b18af71b59e1297f0f6475fa4674ae56780b1e586b5eb952c8c9febad38c28afd784273bbf56645db2c405afae6f472fb65c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_ssl.pyd

Filesize
173KB

MD5
ddb21bd1acde4264754c49842de7ebc9

SHA1
80252d0e35568e68ded68242d76f2a5d7e00001e

SHA256
72bb15cd8c14ba008a52d23cdcfc851a9a4bde13deee302a5667c8ad60f94a57

SHA512
464520ecd1587f5cede6219faac2c903ee41d0e920bf3c9c270a544b040169dcd17a4e27f6826f480d4021077ab39a6cbbd35ebb3d71672ebb412023bc9e182a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_tkinter.pyd

Filesize
62KB

MD5
a7929fd434e8803dde0951e6aa306d6a

SHA1
b0cb108be0616678d68eb8328c065aa1fd38e563

SHA256
5c400b4bc0367e1eff93955973efb3f85ce5970080bb1953f4e80bdf6f23c5c7

SHA512
b8a83fd831ae393ae7bc23d86af79d224142af41837002883296d62b3fdc059a3794f1bb2ecd7714ca75003bd07cb3fc0617d99ffa3867068bfb3a44bf5cf215

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_uuid.pyd

Filesize
24KB

MD5
7a00ff38d376abaaa1394a4080a6305b

SHA1
d43a9e3aa3114e7fc85c851c9791e839b3a0ee13

SHA256
720e9b68c41c8d9157865e4dd243fb1731f627f3af29c43250804a5995a82016

SHA512
ce39452df539eeeff390f260c062a0c902557fda25a7be9a58274675b82b30bddb7737b242e525f7d501db286f4873b901d94e1cd09aa8864f052594f4b34789

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\_wmi.pyd

Filesize
35KB

MD5
c1654ebebfeeda425eade8b77ca96de5

SHA1
a4a150f1c810077b6e762f689c657227cc4fd257

SHA256
aa1443a715fbf84a84f39bd89707271fc11a77b597d7324ce86fc5cfa56a63a9

SHA512
21705b991e75efd5e59b8431a3b19ae5fcc38a3e7f137a9d52acd24e7f67d61758e48abc1c9c0d4314fa02010a1886c15ead5bca8dca1b1d4ccbfc3c589d342e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\base_library.zip

Filesize
1.3MB

MD5
630153ac2b37b16b8c5b0dbb69a3b9d6

SHA1
f901cd701fe081489b45d18157b4a15c83943d9d

SHA256
ec4e6b8e9f6f1f4b525af72d3a6827807c7a81978cb03db5767028ebea283be2

SHA512
7e3a434c8df80d32e66036d831cbd6661641c0898bd0838a07038b460261bf25b72a626def06d0faa692caf64412ca699b1fa7a848fe9d969756e097cba39e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\python3.DLL

Filesize
66KB

MD5
6271a2fe61978ca93e60588b6b63deb2

SHA1
be26455750789083865fe91e2b7a1ba1b457efb8

SHA256
a59487ea2c8723277f4579067248836b216a801c2152efb19afee4ac9785d6fb

SHA512
8c32bcb500a94ff47f5ef476ae65d3b677938ebee26e80350f28604aaee20b044a5d55442e94a11ccd9962f34d22610b932ac9d328197cf4d2ffbc7df640efba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\python312.dll

Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\sqlite3.dll

Filesize
1.4MB

MD5
c1161c1cec57c5fff89d10b62a8e2c3a

SHA1
c4f5dea84a295ec3ff10307a0ea3ba8d150be235

SHA256
d1fd3040acddf6551540c2be6ff2e3738f7bd4dfd73f0e90a9400ff784dd15e6

SHA512
d545a6dc30f1d343edf193972833c4c69498dc4ea67278c996426e092834cb6d814ce98e1636c485f9b1c47ad5c68d6f432e304cd93ceed0e1e14feaf39b104a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\tcl86t.dll

Filesize
1.7MB

MD5
b0261de5ef4879a442abdcd03dedfa3c

SHA1
7f13684ff91fcd60b4712f6cf9e46eb08e57c145

SHA256
28b61545d3a53460f41c20dacf0e0df2ba687a5c85f9ed5c34dbfc7ed2f23e3e

SHA512
e39a242e321e92761256b2b4bdde7f9d880b5c64d4778b87fa98bf4ac93a0248e408a332ae214b7ffd76fb9d219555dc10ab8327806d8d63309bf6d147ebbd59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\tk86t.dll

Filesize
1.5MB

MD5
ef0d7469a88afb64944e2b2d91eb3e7f

SHA1
a26fd3de8da3e4aec417cebfa2de78f9ba7cf05b

SHA256
23a195e1e3922215148e1e09a249b4fe017a73b3564af90b0f6fd4d9e5dda4da

SHA512
909f0b73b64bad84b896a973b58735747d87b5133207cb3d9fa9ce0c026ee59255b7660c43bb86b1ddeef9fbb80b2250719fd379cff7afd9dbec6f6a007ed093

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\unicodedata.pyd

Filesize
1.1MB

MD5
04f35d7eec1f6b72bab9daf330fd0d6b

SHA1
ecf0c25ba7adf7624109e2720f2b5930cd2dba65

SHA256
be942308d99cc954931fe6f48ed8cc7a57891ccbe99aae728121bcda1fd929ab

SHA512
3da405e4c1371f4b265e744229dcc149491a112a2b7ea8e518d5945f8c259cad15583f25592b35ec8a344e43007ae00da9673822635ee734d32664f65c9c8d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\zlib1.dll

Filesize
141KB

MD5
b4a0b3d5abc631e95c074eee44e73f96

SHA1
c22c8baa23d731a0e08757d0449ca3dd662fd9e6

SHA256
c89c8a2fcf11d8191c7690027055431906aae827fc7f443f0908ad062e7e653e

SHA512
56bafd1c6c77343f724a8430a1f496b4a3160faa9a19ea40796438ae67d6c45f8a13224dcf3d1defb97140a2e47a248dd837801a8cb4674e7890b495aeec538e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32802\tcl\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55642\cryptography-42.0.2.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI59962\certifi\cacert.pem

Filesize
285KB

MD5
d3e74c9d33719c8ab162baa4ae743b27

SHA1
ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b

SHA256
7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92

SHA512
e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI59962\cryptography-42.0.5.dist-info\LICENSE

Filesize
197B

MD5
8c3617db4fb6fae01f1d253ab91511e4

SHA1
e442040c26cd76d1b946822caf29011a51f75d6d

SHA256
3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb

SHA512
77a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI59962\cryptography-42.0.5.dist-info\LICENSE.APACHE

Filesize
11KB

MD5
4e168cce331e5c827d4c2b68a6200e1b

SHA1
de33ead2bee64352544ce0aa9e410c0c44fdf7d9

SHA256
aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe

SHA512
f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI59962\cryptography-42.0.5.dist-info\LICENSE.BSD

Filesize
1KB

MD5
5ae30ba4123bc4f2fa49aa0b0dce887b

SHA1
ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8

SHA256
602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb

SHA512
ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI59962\cryptography-42.0.5.dist-info\WHEEL

Filesize
100B

MD5
c48772ff6f9f408d7160fe9537e150e0

SHA1
79d4978b413f7051c3721164812885381de2fdf5

SHA256
67325f22d7654f051b7a1d92bd644f6ebaa00df5bf7638a48219f07d19aa1484

SHA512
a817107d9f70177ea9ca6a370a2a0cb795346c9025388808402797f33144c1baf7e3de6406ff9e3d8a3486bdfaa630b90b63935925a36302ab19e4c78179674f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI59962\cryptography-42.0.5.dist-info\top_level.txt

Filesize
13B

MD5
e7274bd06ff93210298e7117d11ea631

SHA1
7132c9ec1fd99924d658cc672f3afe98afefab8a

SHA256
28d693f929f62b8bb135a11b7ba9987439f7a960cc969e32f8cb567c1ef79c97

SHA512
aa6021c4e60a6382630bebc1e16944f9b312359d645fc61219e9a3f19d876fd600e07dca6932dcd7a1e15bfdeac7dbdceb9fffcd5ca0e5377b82268ed19de225

Download Submit
C:\Users\Admin\Downloads\Hack FiveM+Spoofer.zip.crdownload

Filesize
512KB

MD5
0c995cfb34652ed451d7ccd5cfa5c7f9

SHA1
f3f4ea1a5a0b606302f303f64b8f13b87436d46a

SHA256
415221e80ecff5b766049fe909efe8ff37178b5f660523c7a99f069e5eb09770

SHA512
40bd70ea82ed6fa7d00c5bafc0f9e6152b83242b5fe0c70c2680a86f369cc0b7fcd6ec77b819d2bd39402773f0892a1a0db353fb634fd7b7ba5e41e8580489ef

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26122\_bz2.pyd

Filesize
82KB

MD5
59d60a559c23202beb622021af29e8a9

SHA1
a405f23916833f1b882f37bdbba2dd799f93ea32

SHA256
706d4a0c26dd454538926cbb2ff6c64257c3d9bd48c956f7cabd6def36ffd13e

SHA512
2f60e79603cf456b2a14b8254cec75ce8be0a28d55a874d4fb23d92d63bbe781ed823ab0f4d13a23dc60c4df505cbf1dbe1a0a2049b02e4bdec8d374898002b1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26122\_lzma.pyd

Filesize
155KB

MD5
b71dbe0f137ffbda6c3a89d5bcbf1017

SHA1
a2e2bdc40fdb83cc625c5b5e8a336ca3f0c29c5f

SHA256
6216173194b29875e84963cd4dc4752f7ca9493f5b1fd7e4130ca0e411c8ac6a

SHA512
9a5c7b1e25d8e1b5738f01aedfd468c1837f1ac8dd4a5b1d24ce86dcae0db1c5b20f2ff4280960bc523aee70b71db54fd515047cdaf10d21a8bec3ebd6663358

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26122\_socket.pyd

Filesize
81KB

MD5
9c6283cc17f9d86106b706ec4ea77356

SHA1
af4f2f52ce6122f340e5ea1f021f98b1ffd6d5b6

SHA256
5cc62aac52edf87916deb4ebbad9abb58a6a3565b32e7544f672aca305c38027

SHA512
11fd6f570dd78f8ff00be645e47472a96daffa3253e8bd29183bccde3f0746f7e436a106e9a68c57cc05b80a112365441d06cc719d51c906703b428a32c93124

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26122\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26122\pyexpat.pyd

Filesize
194KB

MD5
f179c9bdd86a2a218a5bf9f0f1cf6cd9

SHA1
4544fb23d56cc76338e7f71f12f58c5fe89d0d76

SHA256
c42874e2cf034fb5034f0be35f7592b8a96e8903218da42e6650c504a85b37cc

SHA512
3464ece5c6a0e95ef6136897b70a96c69e552d28bfedd266f13eec840e36ec2286a1fb8973b212317de6fe3e93d7d7cc782eb6fc3d6a2a8f006b34f6443498de

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26122\select.pyd

Filesize
29KB

MD5
8a273f518973801f3c63d92ad726ec03

SHA1
069fc26b9bd0f6ea3f9b3821ad7c812fd94b021f

SHA256
af358285a7450de6e2e5e7ff074f964d6a257fb41d9eb750146e03c7dda503ca

SHA512
7fedae0573ecb3946ede7d0b809a98acad3d4c95d6c531a40e51a31bdb035badc9f416d8aaa26463784ff2c5e7a0cc2c793d62b5fdb2b8e9fad357f93d3a65f8

Download Submit
memory/1232-1485-0x00007FFA72AC0000-0x00007FFA72AEA000-memory.dmp

Filesize
168KB

Download
memory/1232-1486-0x00007FFA5EA10000-0x00007FFA60AC6000-memory.dmp

Filesize
32.7MB

Download
memory/1232-1490-0x00007FFA72AC0000-0x00007FFA72AEA000-memory.dmp

Filesize
168KB

Download
memory/1232-1491-0x00007FFA5EA10000-0x00007FFA60AC6000-memory.dmp

Filesize
32.7MB

Download
memory/2128-6218-0x00007FFA57050000-0x00007FFA59106000-memory.dmp

Filesize
32.7MB

Download
memory/2128-6217-0x00007FFA71400000-0x00007FFA7142A000-memory.dmp

Filesize
168KB

Download
memory/3944-5855-0x00007FFA6B240000-0x00007FFA6B252000-memory.dmp

Filesize
72KB

Download
memory/3944-6014-0x00007FFA5C260000-0x00007FFA5C28D000-memory.dmp

Filesize
180KB

Download
memory/3944-6023-0x00007FFA5A1C0000-0x00007FFA5A6E0000-memory.dmp

Filesize
5.1MB

Download
memory/3944-6029-0x00007FFA5C240000-0x00007FFA5C258000-memory.dmp

Filesize
96KB

Download
memory/3944-6012-0x00007FFA64170000-0x00007FFA6417F000-memory.dmp

Filesize
60KB

Download
memory/3944-6013-0x00007FFA5C290000-0x00007FFA5C2A9000-memory.dmp

Filesize
100KB

Download
memory/3944-6016-0x00007FFA5BF30000-0x00007FFA5BF49000-memory.dmp

Filesize
100KB

Download
memory/3944-6015-0x00007FFA5BF50000-0x00007FFA5BF86000-memory.dmp

Filesize
216KB

Download
memory/3944-6017-0x00007FFA64160000-0x00007FFA6416D000-memory.dmp

Filesize
52KB

Download
memory/3944-6018-0x00007FFA61840000-0x00007FFA6184D000-memory.dmp

Filesize
52KB

Download
memory/3944-6019-0x00007FFA5BF00000-0x00007FFA5BF2E000-memory.dmp

Filesize
184KB

Download
memory/3944-6020-0x00007FFA5A6E0000-0x00007FFA5A79C000-memory.dmp

Filesize
752KB

Download
memory/3944-6021-0x00007FFA5B250000-0x00007FFA5B27B000-memory.dmp

Filesize
172KB

Download
memory/3944-6022-0x00007FFA6B260000-0x00007FFA6B293000-memory.dmp

Filesize
204KB

Download
memory/3944-6024-0x00007FFA5C130000-0x00007FFA5C1FD000-memory.dmp

Filesize
820KB

Download
memory/3944-6025-0x00007FFA6F660000-0x00007FFA6F675000-memory.dmp

Filesize
84KB

Download
memory/3944-6026-0x00007FFA6B240000-0x00007FFA6B252000-memory.dmp

Filesize
72KB

Download
memory/3944-6027-0x00007FFA6B210000-0x00007FFA6B233000-memory.dmp

Filesize
140KB

Download
memory/3944-6028-0x00007FFA5BFB0000-0x00007FFA5C127000-memory.dmp

Filesize
1.5MB

Download
memory/3944-6030-0x00007FFA5AAF0000-0x00007FFA5AB77000-memory.dmp

Filesize
540KB

Download
memory/3944-6031-0x00007FFA5C220000-0x00007FFA5C234000-memory.dmp

Filesize
80KB

Download
memory/3944-6032-0x00007FFA713F0000-0x00007FFA713FB000-memory.dmp

Filesize
44KB

Download
memory/3944-6033-0x00007FFA5A190000-0x00007FFA5A1B6000-memory.dmp

Filesize
152KB

Download
memory/3944-6011-0x00007FFA5C2B0000-0x00007FFA5C2D3000-memory.dmp

Filesize
140KB

Download
memory/3944-5854-0x00007FFA6F660000-0x00007FFA6F675000-memory.dmp

Filesize
84KB

Download
memory/3944-5856-0x00007FFA6B210000-0x00007FFA6B233000-memory.dmp

Filesize
140KB

Download
memory/3944-5858-0x00007FFA5C240000-0x00007FFA5C258000-memory.dmp

Filesize
96KB

Download
memory/3944-5859-0x00007FFA5AAF0000-0x00007FFA5AB77000-memory.dmp

Filesize
540KB

Download
memory/3944-5860-0x00007FFA5C220000-0x00007FFA5C234000-memory.dmp

Filesize
80KB

Download
memory/3944-5861-0x00007FFA713F0000-0x00007FFA713FB000-memory.dmp

Filesize
44KB

Download
memory/3944-5862-0x00007FFA5A190000-0x00007FFA5A1B6000-memory.dmp

Filesize
152KB

Download
memory/3944-5863-0x00007FFA5A070000-0x00007FFA5A18C000-memory.dmp

Filesize
1.1MB

Download
memory/3944-5857-0x00007FFA5BFB0000-0x00007FFA5C127000-memory.dmp

Filesize
1.5MB

Download
memory/3944-5625-0x00007FFA6B260000-0x00007FFA6B293000-memory.dmp

Filesize
204KB

Download
memory/3944-5643-0x00007FFA5A1C0000-0x00007FFA5A6E0000-memory.dmp

Filesize
5.1MB

Download
memory/3944-5658-0x00007FFA5C130000-0x00007FFA5C1FD000-memory.dmp

Filesize
820KB

Download
memory/3944-5355-0x00007FFA5B250000-0x00007FFA5B27B000-memory.dmp

Filesize
172KB

Download
memory/3944-5238-0x00007FFA5BF30000-0x00007FFA5BF49000-memory.dmp

Filesize
100KB

Download
memory/3944-5278-0x00007FFA5BF00000-0x00007FFA5BF2E000-memory.dmp

Filesize
184KB

Download
memory/3944-5279-0x00007FFA5A6E0000-0x00007FFA5A79C000-memory.dmp

Filesize
752KB

Download
memory/3944-5277-0x00007FFA61840000-0x00007FFA6184D000-memory.dmp

Filesize
52KB

Download
memory/3944-5239-0x00007FFA64160000-0x00007FFA6416D000-memory.dmp

Filesize
52KB

Download
memory/3944-5201-0x00007FFA5BF50000-0x00007FFA5BF86000-memory.dmp

Filesize
216KB

Download
memory/3944-4941-0x00007FFA64170000-0x00007FFA6417F000-memory.dmp

Filesize
60KB

Download
memory/3944-4943-0x00007FFA5C290000-0x00007FFA5C2A9000-memory.dmp

Filesize
100KB

Download
memory/3944-4945-0x00007FFA5C260000-0x00007FFA5C28D000-memory.dmp

Filesize
180KB

Download
memory/3944-4940-0x00007FFA5C2B0000-0x00007FFA5C2D3000-memory.dmp

Filesize
140KB

Download
memory/3944-4921-0x00007FFA5B2B0000-0x00007FFA5B899000-memory.dmp

Filesize
5.9MB

Download
memory/4508-7181-0x00007FFA5B370000-0x00007FFA5B39A000-memory.dmp

Filesize
168KB

Download
memory/4508-7182-0x00007FFA54430000-0x00007FFA564E6000-memory.dmp

Filesize
32.7MB

Download
memory/5132-5613-0x00007FFA71B30000-0x00007FFA71B45000-memory.dmp

Filesize
84KB

Download
memory/5132-5626-0x00007FFA729D0000-0x00007FFA729E9000-memory.dmp

Filesize
100KB

Download
memory/5132-4944-0x00007FFA6D870000-0x00007FFA6D8F7000-memory.dmp

Filesize
540KB

Download
memory/5132-4813-0x00007FFA6C3E0000-0x00007FFA6C418000-memory.dmp

Filesize
224KB

Download
memory/5132-4942-0x00007FFA70DD0000-0x00007FFA70DE8000-memory.dmp

Filesize
96KB

Download
memory/5132-4814-0x00007FFA71400000-0x00007FFA71433000-memory.dmp

Filesize
204KB

Download
memory/5132-4733-0x00007FFA76280000-0x00007FFA7628D000-memory.dmp

Filesize
52KB

Download
memory/5132-5236-0x00007FFA6F600000-0x00007FFA6F626000-memory.dmp

Filesize
152KB

Download
memory/5132-4821-0x00007FFA61850000-0x00007FFA6191D000-memory.dmp

Filesize
820KB

Download
memory/5132-4822-0x00007FFA70DA0000-0x00007FFA70DAB000-memory.dmp

Filesize
44KB

Download
memory/5132-4824-0x00007FFA6FE00000-0x00007FFA6FE0B000-memory.dmp

Filesize
44KB

Download
memory/5132-4825-0x00007FFA6FCC0000-0x00007FFA6FCCC000-memory.dmp

Filesize
48KB

Download
memory/5132-5276-0x00007FFA6C3E0000-0x00007FFA6C418000-memory.dmp

Filesize
224KB

Download
memory/5132-4826-0x00007FFA6F670000-0x00007FFA6F67B000-memory.dmp

Filesize
44KB

Download
memory/5132-5237-0x00007FFA5C560000-0x00007FFA5C67C000-memory.dmp

Filesize
1.1MB

Download
memory/5132-5609-0x00007FFA71490000-0x00007FFA714BB000-memory.dmp

Filesize
172KB

Download
memory/5132-5354-0x00007FFA5C310000-0x00007FFA5C555000-memory.dmp

Filesize
2.3MB

Download
memory/5132-5610-0x00007FFA71400000-0x00007FFA71433000-memory.dmp

Filesize
204KB

Download
memory/5132-5627-0x00007FFA71C90000-0x00007FFA71CBD000-memory.dmp

Filesize
180KB

Download
memory/5132-4828-0x00007FFA6F5F0000-0x00007FFA6F5FC000-memory.dmp

Filesize
48KB

Download
memory/5132-4829-0x00007FFA6B780000-0x00007FFA6B78E000-memory.dmp

Filesize
56KB

Download
memory/5132-5611-0x00007FFA5C800000-0x00007FFA5CD20000-memory.dmp

Filesize
5.1MB

Download
memory/5132-4830-0x00007FFA6B290000-0x00007FFA6B29C000-memory.dmp

Filesize
48KB

Download
memory/5132-5624-0x00007FFA76750000-0x00007FFA7675F000-memory.dmp

Filesize
60KB

Download
memory/5132-5623-0x00007FFA729F0000-0x00007FFA72A13000-memory.dmp

Filesize
140KB

Download
memory/5132-5622-0x00007FFA71850000-0x00007FFA7187E000-memory.dmp

Filesize
184KB

Download
memory/5132-5621-0x00007FFA6F600000-0x00007FFA6F626000-memory.dmp

Filesize
152KB

Download
memory/5132-4831-0x00007FFA6B280000-0x00007FFA6B28B000-memory.dmp

Filesize
44KB

Download
memory/5132-4832-0x00007FFA6B270000-0x00007FFA6B27B000-memory.dmp

Filesize
44KB

Download
memory/5132-5865-0x00007FFA5C560000-0x00007FFA5C67C000-memory.dmp

Filesize
1.1MB

Download
memory/5132-4833-0x00007FFA6B260000-0x00007FFA6B26C000-memory.dmp

Filesize
48KB

Download
memory/5132-4935-0x00007FFA5C680000-0x00007FFA5C7F7000-memory.dmp

Filesize
1.5MB

Download
memory/5132-4835-0x00007FFA6B240000-0x00007FFA6B24D000-memory.dmp

Filesize
52KB

Download
memory/5132-4836-0x00007FFA6B220000-0x00007FFA6B232000-memory.dmp

Filesize
72KB

Download
memory/5132-4837-0x00007FFA6B210000-0x00007FFA6B21C000-memory.dmp

Filesize
48KB

Download
memory/5132-4732-0x00007FFA72110000-0x00007FFA72129000-memory.dmp

Filesize
100KB

Download
memory/5132-4736-0x00007FFA6FE10000-0x00007FFA6FECC000-memory.dmp

Filesize
752KB

Download
memory/5132-4731-0x00007FFA714C0000-0x00007FFA714F6000-memory.dmp

Filesize
216KB

Download
memory/5132-5620-0x00007FFA71480000-0x00007FFA7148B000-memory.dmp

Filesize
44KB

Download
memory/5132-5619-0x00007FFA70DB0000-0x00007FFA70DC4000-memory.dmp

Filesize
80KB

Download
memory/5132-5617-0x00007FFA70DD0000-0x00007FFA70DE8000-memory.dmp

Filesize
96KB

Download
memory/5132-5616-0x00007FFA5C680000-0x00007FFA5C7F7000-memory.dmp

Filesize
1.5MB

Download
memory/5132-5615-0x00007FFA70DF0000-0x00007FFA70E13000-memory.dmp

Filesize
140KB

Download
memory/5132-5614-0x00007FFA70E20000-0x00007FFA70E32000-memory.dmp

Filesize
72KB

Download
memory/5132-4834-0x00007FFA6B250000-0x00007FFA6B25C000-memory.dmp

Filesize
48KB

Download
memory/5132-4737-0x00007FFA71490000-0x00007FFA714BB000-memory.dmp

Filesize
172KB

Download
memory/5132-4827-0x00007FFA6F660000-0x00007FFA6F66C000-memory.dmp

Filesize
48KB

Download
memory/5132-5608-0x00007FFA6FE10000-0x00007FFA6FECC000-memory.dmp

Filesize
752KB

Download
memory/5132-5606-0x00007FFA73A40000-0x00007FFA73A4D000-memory.dmp

Filesize
52KB

Download
memory/5132-5605-0x00007FFA76280000-0x00007FFA7628D000-memory.dmp

Filesize
52KB

Download
memory/5132-5604-0x00007FFA72110000-0x00007FFA72129000-memory.dmp

Filesize
100KB

Download
memory/5132-5603-0x00007FFA714C0000-0x00007FFA714F6000-memory.dmp

Filesize
216KB

Download
memory/5132-5618-0x00007FFA6D870000-0x00007FFA6D8F7000-memory.dmp

Filesize
540KB

Download
memory/5132-5612-0x00007FFA61850000-0x00007FFA6191D000-memory.dmp

Filesize
820KB

Download
memory/5132-5598-0x00007FFA5CD20000-0x00007FFA5D309000-memory.dmp

Filesize
5.9MB

Download
memory/5132-4738-0x00007FFA71400000-0x00007FFA71433000-memory.dmp

Filesize
204KB

Download
memory/5132-4740-0x00007FFA5CD20000-0x00007FFA5D309000-memory.dmp

Filesize
5.9MB

Download
memory/5132-4739-0x00007FFA5C800000-0x00007FFA5CD20000-memory.dmp

Filesize
5.1MB

Download
memory/5132-4876-0x00007FFA71B30000-0x00007FFA71B45000-memory.dmp

Filesize
84KB

Download
memory/5132-4877-0x00007FFA5C2E0000-0x00007FFA5C309000-memory.dmp

Filesize
164KB

Download
memory/5132-4864-0x00007FFA5C310000-0x00007FFA5C555000-memory.dmp

Filesize
2.3MB

Download
memory/5132-4741-0x00007FFA61850000-0x00007FFA6191D000-memory.dmp

Filesize
820KB

Download
memory/5132-4823-0x00007FFA70D30000-0x00007FFA70D3C000-memory.dmp

Filesize
48KB

Download
memory/5132-4815-0x00007FFA713F0000-0x00007FFA713FB000-memory.dmp

Filesize
44KB

Download
memory/5132-4810-0x00007FFA71490000-0x00007FFA714BB000-memory.dmp

Filesize
172KB

Download
memory/5132-4784-0x00007FFA5C560000-0x00007FFA5C67C000-memory.dmp

Filesize
1.1MB

Download
memory/5132-4755-0x00007FFA6D870000-0x00007FFA6D8F7000-memory.dmp

Filesize
540KB

Download
memory/5132-4760-0x00007FFA6FE10000-0x00007FFA6FECC000-memory.dmp

Filesize
752KB

Download
memory/5132-4761-0x00007FFA71480000-0x00007FFA7148B000-memory.dmp

Filesize
44KB

Download
memory/5132-4762-0x00007FFA6F600000-0x00007FFA6F626000-memory.dmp

Filesize
152KB

Download
memory/5132-4759-0x00007FFA70DB0000-0x00007FFA70DC4000-memory.dmp

Filesize
80KB

Download
memory/5132-4756-0x00007FFA71850000-0x00007FFA7187E000-memory.dmp

Filesize
184KB

Download
memory/5132-4753-0x00007FFA72110000-0x00007FFA72129000-memory.dmp

Filesize
100KB

Download
memory/5132-4754-0x00007FFA70DD0000-0x00007FFA70DE8000-memory.dmp

Filesize
96KB

Download
memory/5132-4743-0x00007FFA70E20000-0x00007FFA70E32000-memory.dmp

Filesize
72KB

Download
memory/5132-4745-0x00007FFA5C680000-0x00007FFA5C7F7000-memory.dmp

Filesize
1.5MB

Download
memory/5132-4744-0x00007FFA70DF0000-0x00007FFA70E13000-memory.dmp

Filesize
140KB

Download
memory/5132-4742-0x00007FFA71B30000-0x00007FFA71B45000-memory.dmp

Filesize
84KB

Download
memory/5132-4734-0x00007FFA73A40000-0x00007FFA73A4D000-memory.dmp

Filesize
52KB

Download
memory/5132-4735-0x00007FFA71850000-0x00007FFA7187E000-memory.dmp

Filesize
184KB

Download
memory/5132-4812-0x00007FFA5C800000-0x00007FFA5CD20000-memory.dmp

Filesize
5.1MB

Download
memory/5132-4915-0x00007FFA70DF0000-0x00007FFA70E13000-memory.dmp

Filesize
140KB

Download
memory/5132-4725-0x00007FFA729D0000-0x00007FFA729E9000-memory.dmp

Filesize
100KB

Download
memory/5132-4726-0x00007FFA71C90000-0x00007FFA71CBD000-memory.dmp

Filesize
180KB

Download
memory/5132-4723-0x00007FFA729F0000-0x00007FFA72A13000-memory.dmp

Filesize
140KB

Download
memory/5132-4724-0x00007FFA76750000-0x00007FFA7675F000-memory.dmp

Filesize
60KB

Download
memory/5132-4633-0x00007FFA5CD20000-0x00007FFA5D309000-memory.dmp

Filesize
5.9MB

Download
memory/5136-3548-0x00007FFA5EA10000-0x00007FFA60AC6000-memory.dmp

Filesize
32.7MB

Download
memory/5136-3547-0x00007FFA72AC0000-0x00007FFA72AEA000-memory.dmp

Filesize
168KB

Download
memory/5600-4525-0x00000223D39B0000-0x00000223D3ED6000-memory.dmp

Filesize
5.1MB

Download
memory/5600-4430-0x00000223D31B0000-0x00000223D3372000-memory.dmp

Filesize
1.8MB

Download
memory/5600-4379-0x00000223B8AC0000-0x00000223B8AD8000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads