Analysis
-
max time kernel
491s -
max time network
492s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
31-05-2024 14:14
General
-
Target
https://mega.nz/file/hDFDRSgK#DP_Yb0UD9rOqtc6njQukc_axjvFk77Gxh1zJce2EGXU
Malware Config
Extracted
xworm
ekinox.myftp.biz:3080
-
Install_directory
%AppData%
-
install_file
svchost.exe
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect Xworm Payload 2 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
DCRat payload 1 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 64 IoCs
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 5 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 58 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/hDFDRSgK#DP_Yb0UD9rOqtc6njQukc_axjvFk77Gxh1zJce2EGXU1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4808 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6012 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6180 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,5649406860582717885,3821176384440291065,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7072 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f0 0x4b41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\NeverLoseCrack.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AgentMask Crypter.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\NeverLose_Crack (1).rar"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"6⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"7⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"8⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"9⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"11⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"13⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"15⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"17⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"18⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"19⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"20⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"21⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"29⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"30⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"31⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"32⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"33⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"33⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"32⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"31⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"30⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"29⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"28⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"27⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"26⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"25⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"24⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"23⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"22⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"21⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"20⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"19⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"18⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"17⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"16⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"15⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"14⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"13⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"12⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"11⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"10⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"9⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"8⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"7⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"5⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"6⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"7⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"8⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"9⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"10⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"11⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"12⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"13⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"14⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"15⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"16⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"17⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"18⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"19⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"20⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"21⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"22⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"23⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"24⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"25⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"26⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"27⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"29⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"30⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"31⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"32⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"33⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"34⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"35⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"36⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"37⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"38⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"39⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"40⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"41⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"42⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"43⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"44⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"45⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"46⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"47⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"48⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"49⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"50⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"51⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"52⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"53⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"54⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"55⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"56⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"57⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"58⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"59⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"60⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"61⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"62⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"63⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"64⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"65⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"66⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"67⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"68⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"69⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"70⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"71⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"72⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"73⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"74⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"75⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"76⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"77⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"78⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"79⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"80⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"81⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"82⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"83⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"84⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"85⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"86⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"87⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"88⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"89⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"90⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"91⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"92⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"93⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"94⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"95⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"96⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"97⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"98⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"99⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"99⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"98⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"97⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"96⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"95⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"94⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"93⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"92⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"91⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"90⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"89⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"88⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"87⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"86⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"85⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"84⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"83⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"82⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"81⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"80⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"79⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"78⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"77⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"76⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"75⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"74⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"73⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"72⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"71⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"70⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"69⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"68⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"67⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"66⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"65⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"64⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"63⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"62⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"61⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"60⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"59⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"58⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"57⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"56⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"55⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"54⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"53⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"52⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"51⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"50⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"49⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"48⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"47⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"46⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"45⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"44⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"43⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"42⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"41⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"40⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"39⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"38⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"37⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"36⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"35⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"34⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"33⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"32⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"31⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"30⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"29⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"27⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"26⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"25⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"24⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"23⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"22⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"21⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"20⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"19⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"18⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"17⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"16⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"15⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"14⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"13⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"11⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"10⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"9⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"8⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"6⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
-
C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff857e4ab58,0x7ff857e4ab68,0x7ff857e4ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4884 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3164 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4820 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5048 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3064 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1972,i,932011605555085965,8132603803602810256,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\svchost.exeC:\Users\Admin\AppData\Roaming\svchost.exe1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CYBER CRYPTER PRIVATE.rar"1⤵
-
C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 12403⤵
- Program crash
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3076 -ip 30761⤵
-
C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 11443⤵
- Program crash
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3920 -ip 39201⤵
-
C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 11563⤵
- Program crash
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 932 -ip 9321⤵
-
C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 11443⤵
- Program crash
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2184 -ip 21841⤵
-
C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"C:\Users\Admin\Desktop\CYBER CRYPTER PRIVATE\CYBER CRYPTER PRIVATE.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 11483⤵
- Program crash
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5408 -ip 54081⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\67692743-4491-44f0-b3a6-ccf7469e80c4.tmpFilesize
257KB
MD5e8616d6d8412caa8a4b36c7b0049a8e4
SHA136be06ce8b32b8a21c3a4410fe4904e094e83b0f
SHA2561495c01be93a56cfea9193896f916b0826d01f1366f6db4d9cb9fcd0a6ad4eed
SHA512f585d30983f6a7280ce7c38656add4aaf878c08c7f7e5fb2fc086009a727038c22d9f583cf8a4be881d42c23767729d7e423fb5f44307c2f3d304a90df710f09
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020Filesize
43KB
MD5d0021794a4605cc08414e5645c1eda5c
SHA145fe6e2d19b4f8db34b29cdcd5a99d090be94121
SHA256b062f9db0b97afb5e81e5ac1e0e787e334e8cc0dfdca1cf5b9406be05ddfa8dc
SHA512907559608c390c87363dc8328aa665336361a692f7fd2bb985c00e95a24f2b4496f76439d2fdf443bd37d7d7ee597aa31e29e065b3126950ea0405856cf53e34
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046Filesize
17KB
MD5950eca48e414acbe2c3b5d046dcb8521
SHA11731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA51227e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
792B
MD5db026ed19505a0747950564bf4d93845
SHA1d9611bf8b52e5cd4cf1a2003f789e3b48d9a8f97
SHA256f3eacbb73586f50cc4b57440bdc06fd3c7cb8c59eb4c9c061498c05d028448fa
SHA51257cbd5d773fab0f18dbb6208a6e8537224c96fca7b51287370a7750a4f1b3a34eba01851e4922f84a25a4170e3d3bf591a72330f249a461e926dd12904e8b74a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5a1f0ae880f2251f122ff68ce4e3f2448
SHA19f42088a56b5d42e718e8dcbcb25d96cafea78e7
SHA25650e4d3e9c4b562e6f5cc3449b29dc2b965dd7b5785f36a4ff6286b9139ef4875
SHA512cfca830759b484b6141183c67b1a06136463224ec9df0c460c1b7353aa2e5ef7ca32404e42fcc351ceb2301de1b995cb4703181b395afdbc78222d19ee2dc282
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD567732366ffeaaa201441cba8ca921dd2
SHA1d2f93c07d94f26389854421f4c7eac6811a5c2ab
SHA256cdcae23a66f221b461d8480546a8ee8254e4d1f4358e4788d7520ec5accc6153
SHA51279617536ed4bfe1a1607d154dff6a8515eb95938328fcad3bdc2d1df69a65fb73c38cfa3776c8046d9717f37303962d88474d8df1a109fe38cfc69da1fb8f065
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5bf6ba66032970b0554afab35667df2bb
SHA1bbb5785fc7dc060b73fe67e4740d20f942e12aca
SHA256d84236657171d155a77e3e78aae9865928053b177f966c5e2250208f1e3d4721
SHA5129f0f5aff3ae3ac3f5c012cb95597e22eb66c953b8f9e27704bfde695cde70a50bd4e35f230ac16735b107cd45c8d192627e1aa2f33a5751643767bf72024c58e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5c1c0b6bb8a3f72498c5facc56347e872
SHA106e671258ee5f9920f8e7735e5163e234793860a
SHA2568640774afdfea857259e35f7c3e29a6af31e3b7108dee356ca03eeb6a4a0cde8
SHA512a65bfad735af0244f5fdd66fcf103e99e157b3162d8456bc565d389c54f6f6c7026e1e6c81754cab989f0a708a561d16e21541c8c33e26342e8ac4f257a17f9d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD58b7dcca17e540c0995d909903bda6693
SHA1e459b16b971634e161eaa204a73db6dbb6745a69
SHA2565fe03ee2e97631df7094164cea64c6be8e775df862c2e6f268a97a4e85ce984c
SHA5120b55b4411616bb115d48af5a30adb3ee07a10f1cdb3b9c60e53f4016bd7c1d787d21456593862bd7b5e8b3c18534b72d1b6436ef82dd8e62e8f491d61744a07e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD502e86f2f38ac12b77cf992a3c434f254
SHA1207c420a3c340be9c501f999dbc51e5877f57a5b
SHA256d590fd324fa7c1dea0eac9967d70defacb938a4d70a31346f4ff3d0b5e8605e4
SHA5128868b6bdf17d8b38f9bc68948e05397e3e1fbaaebd8d8de17db651096a876c510f4060273d7eb689e0eaf5c9223a9537bbcf7dd4740f18ac409780c9a3afe67c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5753713ba2b60fb7beb283410fa891dc8
SHA1b664cf055e584914644e402858d4c1ebad6af54d
SHA2561f7a0b06511f5144af25aec725103d131b6054bfd2049d7ef73f812942bd031e
SHA5127645773d4dabd5b88f9ce5f011fcaf2c70a2e169ac54c6017bda0aaef07124cca556c560abf03a5a4dcd756bdf5095076b50a5883b4ea2b6f34dac8e8e25ecdc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5cfb3b2f1e3aa3b5251841dc9ffb5f76e
SHA1c5f85c72bcd5e10449eadb97a22b9189e2a3500d
SHA256be9c7143906b0c1f208e1ece2151cd3871fb92bc19e109aa79e830302c00e863
SHA512f3cf3338de09aa986d1c838fa27f2089da4105cd81e3f2cd0aa08a3b3bd5e139d408076f96eeea44abce9c3ba5dfba34c81423faf213ff3b6582aeefbea8b84e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD513bf4b5950290e3dc575d6773136857e
SHA153dfab9a070cd6047fd43b5c1e3f1c4806f87546
SHA256b9ff67a4498fe9b0228222f220b4ccdd52f0d09a046dc5ebee4116254519af3c
SHA512dce25e943892f542a2f56ca19fae96b62d0e7045bdc52b10bb839c4cc4d27698f3408f4227e8e47929c7b7e3b6416999b78cbc96b2b4a82a918578e0be6de6ce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD518385308c081d154b76036bc99e9e061
SHA1f60c8673577af61ef930351464c1f4ce29c79e4a
SHA2569e28bd500550763e272fdc1684da6286ea360e7ae9fa8f10ab868c2be46c7ab9
SHA51291ab72343441e84f1f09f817cfea9d22d907373b1d0bc2f20065bd7c61ba206f1ee49db8bdf47acd52340cc3e2ad99b3fcbbac3e9ba4ea3760596d4ab161f63a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD53dd04394918e8aa3b51bd1c692a62b70
SHA138567611d857c8c01520d3053f2f18fac9586d1e
SHA25603a122a2e6c2cdb790f9a4c623757af4efa491326bc69a063e35ff77aa5e051f
SHA512dde17b70a7ce4fe5248e2b679e59c573a9b9808cb91f573bc7cb87e45ed198d540ac71893888f1f837cacc2b3aaf0fdcb3b90a9d218d1f1d344c1cb71d26fc92
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\27e55d1a-7eef-4496-b5b5-688c1336cb4c\index-dir\the-real-indexFilesize
72B
MD53f17eecc2ca075a4f35264a2e24334b7
SHA1f36f03f7de7ae7369f9f14b56d23cb2deedc450a
SHA256f5168e95158686733fb0df8f0b0ae24e71f29a94ea0e184165cab9b801c80bc3
SHA512d8b1349e0a0e84b5025573f81919191585df9f2118f376869c25478a9ca97d0e86400112ea9f4c825f37dde2f17afc1eca245b37bb9c9b38110252ee3fd1a09a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\27e55d1a-7eef-4496-b5b5-688c1336cb4c\index-dir\the-real-index~RFe5e125d.TMPFilesize
48B
MD5a77857b0190f23525a020ab8e07a07bc
SHA16ecae7adbeb246467d0443e836690e4e55a8cfee
SHA2568ae0ecdd5757027c0928acce39c71bcbd50b958d62fc7b5adaefcddeb278a762
SHA5125597fce1e800283f2a7d0df61fe35739d7e69570b535ab602968a277d656e4612b04ded3b15f81d220ad5b99a52e6e78eeae543159249668da5961599404b77f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\index.txtFilesize
107B
MD55100201c34fc45865853d3c7d34a9d9c
SHA14ef6be6caaf74d5d5860791f994b5864802a8a93
SHA2566aa9f8bdfe0ffe902bf390a2660bd4a97d3c32ed206fb8c80f5e9d882741c085
SHA512512364953e9985748ba9bc0f3bf82aa090009093bdf8d12e86981f131579e74ee8d18ff4d549c5ee8a4d1cd44b5348995c371a23ae3357e5f586926a67b5725f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\675853c5a235c1a3274cad0c3d541adac3d4236d\index.txt~RFe5e128c.TMPFilesize
113B
MD58b5f8f0c2c06f6fd39624074c63a913e
SHA19f9efee43d654eec2a0ce7f144e551e57978fb0c
SHA2561b183e79971039fa0ce782dba528372dd7cb093f0036b2da82f2336143f7219a
SHA5123a72b1dcdc634e2bd8ed7295ed4a02a396b71f7e4e7f61fdd6868983d0a09443d390fac7598d0ffd7051c22c715c5264b61256104da9943968721479d6cfc587
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\indexFilesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
96B
MD5a3c19d1f8d63532e7d3b1b91f1a06884
SHA191ffd28ba1dcc82ee868633789fc3d6c418c35b6
SHA256f6717bc538beff3ab983bc9bf7f579297c663a65e493d55b9905ac07c0dbe55f
SHA512bb5dd42b679323809af0815aa8c0b5b7ee8bcd97b9c117d8040d346bfc882700fe28b073509980f522e4295785bbcc835e5c47b5f4704d33a05369263d22f812
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e4266.TMPFilesize
48B
MD5938581a5b95d77c7d7a931074dea3ca2
SHA187def56578ebaa259a65a6716aecab0c7976ef79
SHA256aae291c819c9edfe101ede6c40188dc4b40054205fdb270a4887930c012236ed
SHA5126938de2dadf57c928afb62b4d57b3f339f8cd63211178623bfaff93876d4683290cb43acebc7b7e1b14565e95211439ccaa9084c2654e3fca9d9559cedff79e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
263KB
MD5944e60e805d48b31cee5bdd1417a611b
SHA1cdb7a3ede4f4af3976a233dd291ba3928d57de1d
SHA2564b7076ab1408c3172f0f107dc90a4434a2232f0d80e3fbeda12cc1892d3b32e9
SHA512c46a9b2d883b8d02c975a1ba7cb48b0741e0f8f3b60def1c91fefbc074008b951fdfe5280dca4f36cea609c21365e512bc0463b51c0e965fc6038968644fddfb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
282KB
MD59cab3a5e8afc5d7108dbd80d11b6fcd2
SHA12948e3fbe81f5603695f23c3dc92edeb416e701b
SHA2565246df8cd09c1193ab32aabbfa893eee229a87c3a4c8bee43f931cb89dfa330b
SHA512018cf1d037f8d07c89a720e11c3c5515f6c144a3dde07f1d43004af9941c42b0f44ac288ba206845d14ad6177af8c0a430fe63d8ddda297669754f91c7ca2a14
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
262KB
MD53f1884986b23c29d81157d40d3e7d816
SHA19cb9f443a349a296181c6406916f000751c3a359
SHA25666be92625c093d1de19c1f5d00148e7dbe847ce8525e3827412161623b0b449e
SHA512ec6e561a1a53e310cce916aa5ab7b21c2e2b478b7f419644da0666ae28ba741766eb35568ef52f1d7dd0e558a05a75966fae3716dfdf21eacac7e3a65d27cc00
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
263KB
MD58582abbbcc5ecaaf9aa99fd88e5ed19b
SHA118d5df3d065ab6f53ceca55b2a88d71f1b45a7ca
SHA256854207d68ab989b374833f328b0e376668378cac48060bf7cbfa951c45235ff9
SHA5129e857eadedcf6badd715d7f3f27a21290f1962b2c853e3729de789edc541a92f615b078c5e1a50d5760e5579fa87b579ff561e20e6b47e57373935cd4002576e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
92KB
MD5a061287872a2413ae23fc62518d4a508
SHA15ed656456b9094b71cc435a262364fabb47903e5
SHA25642b85a269b9fce52bd7eb03f7efd39a26551d4a8f0adcf35a11be058ff51858c
SHA5126d7bfe3609e71761032b9f5f14e814fd0a16b42c3b80681aadd78e33ba367f2ffa0eb97e21505c059c577eccea7009d5c0879ff2a0886d90b39329be1d53eb7c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
100KB
MD5100401b76c42ea34d2535abf3244c4cc
SHA171e958db4f825c517756b98e686cf2afecd383dd
SHA25660a2ccfeb38fac0d66dfc006aacf6f32f7d491b489589b7e1d3b9de8f3276148
SHA512c62271e8a0dd8ffa886b4ed58e8905a35ae5db537040f87351705751bc71ea23205c80d89b4cec8a57933b2f1fc645f38a702538fb94ca6e49eee6b76374ab9d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5dd033.TMPFilesize
89KB
MD5bdd13a41ba7857de9b88bc4ba01829f4
SHA13f9f19aadfc7ac345262c1ac5e8ed22cc40777ea
SHA256cdaf5bde7eb123896e1e62172e176c11babe365c881759a891787e2bb2a410a7
SHA512000dd65b1eb2a77f4762e48a22cbeab2f6ba63e46a61dbcf0b4a8556f6f19273f64b5ad7dd08e3c7bd661851dd41cc6f9d7a0e4b46e348a92eb152c36f952e21
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentMask Crypter.exe.logFilesize
654B
MD52ff39f6c7249774be85fd60a8f9a245e
SHA1684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA5121d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027Filesize
67KB
MD5d2d55f8057f8b03c94a81f3839b348b9
SHA137c399584539734ff679e3c66309498c8b2dd4d9
SHA2566e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA5127bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002aFilesize
1.2MB
MD5a60df2bc955cc9a12ceffe99b2aaec50
SHA1914b78d052111e64a7ba10140c7329e8979d7a1f
SHA25695d1ed7cd185a35a9bae139ec8ffaa570fa55e5a28848ab085110210bf53387a
SHA512325752e58051317c3329768d0abd585e90e16d9d13909b326f59b58e44639c3b482863d37bdf6dbced24d72e7f67cc335ba33b22b9ecca72c8e55c1eea9ca211
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002bFilesize
33KB
MD53cd0f2f60ab620c7be0c2c3dbf2cda97
SHA147fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA25629a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002cFilesize
74KB
MD5bc9faa8bb6aae687766b2db2e055a494
SHA134b2395d1b6908afcd60f92cdd8e7153939191e4
SHA2564a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002fFilesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034Filesize
40KB
MD587eab20b7e2a7da5d6b439590bc2089c
SHA1a1300688e3d2b77d2bb4477ac7884c77615a83aa
SHA256ce7995a2b4b472912684a80e9b84f98a2e89df2c90586629c7536a6d5977aa4e
SHA51239731b660c4003053bd28634754eea722e5d952c5d4bb40c0c3b3078fcc236b8b38b6904345b60956ee3074ac24df637d85041ace262a97d3caacdd1e5f104b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063Filesize
56KB
MD56a398c523b4af71cc52ccac6368818a4
SHA162227e5498db7cd86e0b6e68dd2530dec33905e0
SHA2560375bff344824419266a6621456ddbec01cd642035d6389f03c6d6ec299d81db
SHA512882621913e323b9c89fb68561bf78f104e629e1741245fbe2d0a8b8a9404d5ed961106f9e717f040cbd145ef901b1e8b0b787786a79eb2b15d4e3c597e3c2580
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080Filesize
206KB
MD5f998b8f6765b4c57936ada0bb2eb4a5a
SHA113fb29dc0968838653b8414a125c124023c001df
SHA256374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5de445feb6133ab6c0b92325118c9f69d
SHA13a0156e7fc334eda612ff2d0fab471f5b9ee53f9
SHA256bd5f448b5da969ab80df059a96448c9ec56751433b4ae4d67e2454c025456bf6
SHA51253eb8e0798f77d3da49cc764ed104576cc8a92fcef178e66066fb173516e304d009228608a571de11b206a3e360cbe466f54651f207ad739e6f1b72a16faad19
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5244b08931497c702d97dbcbac114e731
SHA11338abc5e7bd69c7761e81a9980e25362614fe05
SHA2560e500661375409a10c1aabb25e673b54b7a54a23e507b3c79ac7884bd19d10c8
SHA51203a3cc6b22cdb92fbbf0adcb5adb700721e209527d27085ca3e8403449bf390960e20f6d71bffff6c1ab7e30ba6ab14d2b7728a09947530ef4305fcf549eb754
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD543015b2fa4ba173bba33ee3e371833b4
SHA1008d926c51eec00751769ab6fa6479d0e16601df
SHA256c4295f860d4210eeafa1d2048064bffb76c1d8677e9f2caaadb4174291e8c4d0
SHA512d3fd6ac188da23378a7d2f8e459de9c6f7f51af27953e4454b098ebb3577d11815053924d4c4cd3bbe6a01a34892966f631ce97ccfcf3f108d59b54cfe0f8efb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5e477cb130fc6d354c6d40f98cd2a4c15
SHA1d60e4d4e186d3930376484b0e787d2585a0dab68
SHA2564e5d6afabef92265d2dc8ed0a7e888a64ae07d112bfc77c2eab5aad1dbdbd524
SHA512d1fb1992258c8e2fe3689bfeeede52db20b8487b7de553a5d3752f9fa63b462a2c63d1fa2523aa888642f82d6c6dd1439eb4b75589ade3a1503dcdfe3b2226f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD520f09bc41b4eee965f68bf7daf3223b4
SHA1188c23c37b3eb04d5d93fcc13176645ea8290030
SHA256add10802c714913a4274de3ad440ec0937c4df33a18d9eca112400722f46715a
SHA512322a5d7864405b1e18913364dfd868f4770a2d915f7ebe94713699b28e488d54c76ed893f5a380a0479fedfd15bf4d64a91fca3bc0d014d2546412a2cbee484f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
4KB
MD56b5ec2101cbcfc123dbff402865fb659
SHA1cf1e1f9485a28308a3170a639117e09d37a95179
SHA2569c41828ffa7976af5483dd6b4ad9dca942585e5d2d8817df6ea680a7e26f9a40
SHA512c90bf4259f047e6e847cf5c38eb0cf5578622c502479ff5b72e8d26f94db1ac8ca11e6f4ee34271e22fe76eb2824a6264596129ac5ca57dfd00c20f937d833f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD58fb9576341633b2791961b47b8c4f3c7
SHA110fb306a7aa54a88fcf595f264d430e154f0c262
SHA2561a7b077dd0826f13115ccf12ff640e3f3aad97759959ce667e0a1bcd308121db
SHA51276dcdf355f8f6e9c39eddf756fe065148e37f7426e409bce0106bff6474e48fee389a3e23bd35123738ddfa268b1c73ae17db4ac3c6da40a6cb3f33d3c0e2200
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD565faec0ca0b8168a244288086daca1cf
SHA1097018a315b868e715f3bd768b1171e341e1fee3
SHA2569688514493468e58a2e02400b398c3bbf205b40610a7ef80123c86877c9166e0
SHA512ee4e662774a7cafcb7d8ebf4079ef63cb3d082dacd778b887b8c159b80acea8d4718a69b7a683327df812c359771d87184e53f69730e1ecbe6d76ee2140044c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
545B
MD5ffbeaa29c31886ae392c886b85ff8aa1
SHA18a91955c7f9bacf53cf58178e51458ae0d954a97
SHA256d95e46355c5320590004aaef4033c78736e6e32bd3605931781046d8bfbea23a
SHA5123258076a3dc1c547711bc002ab36ebd41ff52fa78fdf3300b6b32a05f0e0ffd0e67415beb7ae98c37e00bb3ecc69f13d0495359679c5a64a93826bab9e3d6dc8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD5fdfd37fef99ba7d433eab80ef3252faf
SHA1b6b94c4be20b41a4620fd9c2bd0e375f328dbd41
SHA25609c67b10d318d834d543d8bc90d164917cb60ba425e2e432a6ed1d12495f741c
SHA51259e2caa9e69ab82728e78f3385d5efd52fda8fd6454a33d3a896218452cb9cc80f614e58c569e447b8f6027fbe85394a84c8b0c57f3a909530f60af381f4ea35
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD52629e3511c34132a1f29fe81ff4c8267
SHA1d55171fd8d3f79811cc49e80d9bed91e62a3530d
SHA256713a92659129bec6e916168929041e6d53710d0ab9f542841aa24065ff364e2c
SHA5122d02df0a9e2b592b18bef343df6123d92409c117c0127371fb1b57b95a8fdd26b9a18d564ddfc86c924c697d2aded21767e4fd217950a76a4898a50d751e4338
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD57346c6f7040ddfa3dfc39499948e2cfd
SHA16220e4b1d96cfdfc4b15a6c7f3836c99f1045c11
SHA256f7198f11108afc92b880568c764e0c3b0b19e8c4383ad395acc333ea705ea11d
SHA512d8ba8c3ca9bc1ffc934f694fbc707af6f69c25e8bd9dfcee2e880d7997e8665bd7904d213e395dd7e9a04c3b2c83d338e0d2f9d246887651470c9ec2421eb509
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5b218ed36eb466d974d0776e5c221b283
SHA19af087a13aa02652ff244f4d1caeaa5f99518bc8
SHA256dd2dabc351c2c912a20d04402c9d2860d890f40272a5ce6cd7a00f14b97b6b8d
SHA5126b32599a91a9c1a8bbcf932bc5a7b8e8a846fd22218cd39d16e0b6c88a3aa2acd3acfe62b12fb42539ae1a955ddff0e069c65956953e5229c058f6a6aec8ee60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a5ddc4b0ef5e534b4d8d5b934f446d0f
SHA1421ca5e2b5d14809941441dec7a5ab1146bd2256
SHA25676c0356257dfc2f930532371057ca6eef6e79bb6b4a597b070fa144d4f4cd2cf
SHA512248a348051e079827ce3c709d1479df60e22686b57eb284d8c6df03fba1d79b18f7b7e724fc9238a18cc5a538adafce233dc55928c89c93b95fb97a1d5a7e439
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5b54560f494645328a318589b223cd08a
SHA176cf491eb6b2afcf10678b36c7f26465c0728a4b
SHA256b8236393113e10b74271c761e554aa7a4281ccaf2541c06eeefb0e9acc548a0a
SHA5127bc74f6401daddab1f3a728a6ee0d73b923aa6ddadcaa213618a53556ab803709925545a63aeb586da7e74492d118e09dba2c4aee98b10d1e5fca81d4249c45d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD592538b99d570064f464d42783a4a8ce6
SHA19d3c7755ac929772633493d9ce3b7385654334bf
SHA256a3b884a4755fd21754dd92f37e5a65a50a91f640422907b42cf4a4512e4fe253
SHA5121bc88eb4a446624fb31007264df50a9086a8ebc603ea7ca671a613a3699ca480c370ce7f5470a204ca2e44147c86b51e4f1693c19520673af1e4ff8223ee2628
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD560e1da2e7756d1d72c0f0fd7c177c572
SHA14283730ce763dc16321974e88ff0fdf5250e8c86
SHA256dbf0e736df24fd0b90ab87c894cb71848a865ab4d440e4be2533688701317f23
SHA512a84aa82640a9a49c09668332396d92d68d74b63cc69cffd3d35c6453dbc7a522b142d6d3c95f04bd1033cfded09fe9c1c23cb7b555768495d992ae141f16ae0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5714ebaea1d499c8f20c072895d2acede
SHA173b6e589b3c442d27174ad75c02efd34223835ee
SHA2562165702d4a00cb89bcfc4ac6d22ea8350bd547b9b8a46c8b7ca5da44de058ff8
SHA5128e5b49719c4b6b607e7bb9f34d5441906bf98625b7a031d808609c47c4bf61582ddeff97c7fe38839c5f8654080db20b651bf1fe417a815be466f5a33fc9ee1b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5fa7d5a96bafe80055dbfb8bbe59bfcdd
SHA1ebe4c588e7fe3d7ae6ee72973448e5b1bc29c1b5
SHA256c0d1b1297d8255bd85a72fc08ee662fbb83cbb4c55957a97c15fd592023024d9
SHA5120089821aa5024dbd4088e017f83c45f976d806b3c0df9a40fefc9cb8501ec2d95e12951556f331fb147a3fc873c431c7d2baa021c406b3ce476130665a84dc62
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5822a85e6814a445763c1f8f447193365
SHA16b1f321263d7c48b994db19489fb8ac2f522b6ee
SHA256ddec8cd14787c192a8db15644d8f9aac7d485715d1e6fc31f76446e1de252759
SHA51262ee9360e26488719b9ac7170e12646b8cd209e8bc755ed4f899138dbcd8bfc5231fb10f8153aad75a1c758d5fe2ee0d562bd841c3b502bacedf3ddeafe2e025
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD575ea539b323eeeefc4be2e34b866f47a
SHA1d99fe999f42bf3ac9910abc13621d31afbfbb91d
SHA2563872be08433db4b3646254c3ffcbbc3df028bec6fe1b6996ec3eba8d8334fa00
SHA5122ea2acd90a18c937ffa3e545d97ffd750cb66d30c5d58d492a69a0e0e5ac0ca66268f630df4039d5c15cd282f6bd5c60d2ea4defccdce4f67822fb5f02013813
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD57a345c7168b04790a0e96b4ada456f8d
SHA13378c2121ec3dd9c1ae1af045544e74baa943a01
SHA25640d0d87a28601519d8dc1126ff3d021300daeb95603a161dc71eeb6cd0382d2e
SHA5129252ccde6c09241c1c501b33e925958659405420c5fb020ed4031fa462e0ceb1292418ab558c8e7e5428d692e024bc302fb92c5d400083da43ae4589c3eb7779
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06fb656f-32fe-4624-9dad-7d1e4af9cf80\index-dir\the-real-indexFilesize
2KB
MD5bcb2ad351b332f9129b1b5f8785f03b1
SHA1078f3dfa7cc192d4cf2b7ac0d75c920d0b456319
SHA2564ef7958ddcde7e38ea1cb089bb023f6a0f8cc83c6f1c42ae828e357e09aec1f8
SHA512625337ca27b23e0d631ae94d3cd95a9889d7c53ebb71f9e4bb09c0eed2667e6e668049f6d738c0aa9dd35fa7923ea625f2af3e2b809724b3ecbd9c55988e79e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06fb656f-32fe-4624-9dad-7d1e4af9cf80\index-dir\the-real-indexFilesize
2KB
MD534742165f3ec8f26274ef42316e67325
SHA184e9c6d6a7afa356535b608d3ea398c4374da41c
SHA256ee7c8e7b4752fd453149229be1bf7126f27388c78fd0ab0cbf4c52fbdc3cc1bd
SHA5126c58350138c1144696afe77db6d46a68e92a573a3281dea866e60988c903fc7f99128d0d29e3a6c727340a8d432c8066f64ae1e03179cfee5b713d63c71ec0c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06fb656f-32fe-4624-9dad-7d1e4af9cf80\index-dir\the-real-indexFilesize
2KB
MD508fe7fd08aba3c75c261b64285782712
SHA1b3e2d2a2b4bb203d7367cddef0fc436b072f927e
SHA256932a59189ccc796fa6b354d66f4c417d29a969231b03be25e78f3c7b9e4f2bda
SHA5126dbc09ba144a188e0b3415ec7a26cc76ca8d08e191e19f20ee306bea9f47ee6ab6e6ab1ab7af061093594c64d37b88dd0798454fa6f6db2e9bbf3974a04c91f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06fb656f-32fe-4624-9dad-7d1e4af9cf80\index-dir\the-real-index~RFe5915d0.TMPFilesize
48B
MD5b16b1ec70d405935cd1deffcfb4089c1
SHA1b8338bd24793db7f0a803e0861e6a76a5f82cdc2
SHA256dd574ffb81621803de5fbf62b59cb9ba0f1eac776cefe587fc7f8a38203e7a4a
SHA512a783c45523cc6505ca27e06fbb9aab0b62f23669fe8d53cc1f7e28d8507b0acb9909dc824ee7b3dcd317a4c4ce8cc96317c5cf30757205c73ba3f6c835976428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3decff1-041c-4f23-967b-6c0391a46e50\d40dda17c15dd1b3_0Filesize
2KB
MD555544ac12e65f0c487efa49a1cb08600
SHA1006de058cee68185c4d6ffb269e438509650c098
SHA256a1e986fdd1af87eba48db572559e413b8233fddadb4b9bf4b2d1a01b60dfd1e5
SHA512fa1c6e481b48944b5f00779ce631800b5f2cb9ee68cb90e91cea1319a5a4e10f8a92fed0cc5cb59180636ab2f6aa7cd38ebf6b2db90e52b5220661e0fef067fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3decff1-041c-4f23-967b-6c0391a46e50\index-dir\the-real-indexFilesize
576B
MD55c80ef17a0a2d06117a400ab7925b3e5
SHA18e233dfe6fdc038f775b63ee315b2c52b44a9cc6
SHA256b27f3ed06afcb712fbfd4ff6125938ca71ee5a69c784644ab5a92681131b22a2
SHA5125da2567055abec10b28e706e37b9ef9c442f08104b1a9767ca232edd1745575a1a613c1db4625b3ac33e81559dd0f7f38bc6438a725920b861651f46d8654e65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3decff1-041c-4f23-967b-6c0391a46e50\index-dir\the-real-index~RFe5908ff.TMPFilesize
48B
MD5114c283f30f4e1a4d7a245532b4b5418
SHA1e332b6050963a69c2711134a584752aa6716acae
SHA256ed8268306a3be4ac60d63c99d884e7e1cb078394e752033a6254dd124923a391
SHA5125f1edcd2f7d4dde10b636706440d753f36a3319db85e938b9081c3b2d6ad241842546fe79bb5d889118bc3142e52fda26ecd1554797c9eb8f7f2febffd1d6566
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
146B
MD588fd49c9cc0b3c3aa5ec1ff0235646af
SHA117c1fbced1ed91ef3f3344d3ab7a45fc6b4a2cfd
SHA256c12da17f91399fcddeeeaeae64adde3ccdb1364061fd0141917673b884783d60
SHA5128c830346522165c84a0a178c109e63521a8a2c465e1c94a2f9ac41f0bb56f2839a7157c18dac2859f6a26966b84a1cc212368596c5bcd38e2b56e0c99127208e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
155B
MD59d1d4cd7072bc24a54c2774398695d64
SHA154e71e8b8263bcb3436a84d6880e74cd2f28c9f9
SHA2561f7ec8845df5ac8573d4d50e56c281527a4a16e334d65347d0b97aabeacbed90
SHA51215e39ffdf60f256f09f1ba84cd1a85f075201786fe39e82bb8a522a9954cc40772e1b06581c4e782492ff58be14e0dac3e76fa01d9b76cfd2ba1e9099a91de2f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
153B
MD5524cddcedbc5655a6d5f0bfec1474753
SHA1762080e990648bc936dc52221235822d26b34a3a
SHA25667828d0fbf96c0a8d7e3fec61d8d373ff896d87f19485318ce6aaa44148ca6c1
SHA5129920afe3a9350a4b0c8325cd33e31412d731492a6c0f7913a292c8259037c189ea119ad01f66322d6fe05c97da5e912c0467e09fcefd3c422c16e79d846d5b2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
82B
MD535109a4d0c15c8ef3deef75c81a517fb
SHA19660875e6f1364f0755244410f1f8f2a83d93177
SHA2560185920b3d4bd3d0489acdc8577b774621e2dd4daa03b0cf48b2033c15286d10
SHA512797b208d01c11afed8f3d71921bab423bec5917e582ed2dc3798e562bce3097c144a643bf7082038a093ff153841ffb6df64fd0ec7b4f1d97b39d51cbcde4547
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
153B
MD5e2c3440e5d690b36fcf1367410e19e8a
SHA1746314c10ea1f1c35f58dd264931b1fca802ca8f
SHA2561417b74bf834c417cddbe2747252aa9dfcf4fd7e7095e12aea58bfb09609ca56
SHA512970e6ddecd23d7a1f9aed56c44f8dbde1e186d5d8ac8f6f55de96bc3565365658da696b1a73681d5926b5846d484d624d4536a0b0744888d0a9a7858d7400861
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b179.TMPFilesize
89B
MD5cd9ea4357c32dd016c2f93c29aa5b4b0
SHA1d9f42ffcdfe376ea6aa0c977818d77a648c18dca
SHA2565290b618e49e878f1c823fffb4ddeef796a3a798ebdac1a696a08d6053c5b9e9
SHA5123b79ae4d1e57b5deb7c6954ddd4a62f9c37c94c570f8e7979587b8601d91976a9f538433bc5ae55b6eefa58c78826c4a6336e9d87aa467b559a27f4815927720
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
120B
MD5cabe77fe81ae51042a59ecd1003928d4
SHA13133a3c937d9ff59fdc6ca218909fc44ea79641c
SHA2566e7bddf57f34f3b53a92dc40e5335abebbd0d8502987b604e12447b88795374e
SHA512fa207afa13e06dfca5bdba374441361dd70533dea8ce1078360c30f98b378d0efca45d52994cb69c204f1f497fd31d7ca661bda0e7085eda380b8a50773d8189
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
144B
MD59940c6cd63a607d6f0ecfef4b9fae713
SHA1a1c757de3407508158ebda51d07dba3460cd724c
SHA2566efc101861d17925aa192f0539653a380e8447b070c2e67d8ecca2fc05d91f23
SHA512e00c6473403a4c0962d507e15d392fd88baece55a35e199bb32ac953e2ed23a414313382cc408c727d0ab15cec08ffbb261c77105d33001ad952747da74e4bf3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD594b48795ca476458a40f10e3eb94d01c
SHA17725fc1505439f4f08da187c2beb503350dcf163
SHA256b9c1f9e3cdef2ed6b457b58e264309692a294168463a95290387dc9733334ffc
SHA512a7343e556ebdc7b020a48a183e8f3c370c0894452435453b30f24c5db5e77804e73e8dff162dd020f655405829da03780190ee3725762431355d7ef580e8df22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a400.TMPFilesize
48B
MD557480e83681a2ff22f343f0b221c5610
SHA1500ee54aced8f155ae7c7633558c7d77fd827476
SHA256f92bce2fd43023de9f3783e257c15007807b62e0f1a8e63d87aa619e426d98c3
SHA5121f254dda0cf15ef01e79a000746b015c9e58561b1a62aad79294cffd9fb734242d20f09624fdd91ed394d113ffa42a24619676ead5ac0039af4739082a91c41e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c6f642c74b02cfd07266acc7128c5446
SHA179eb3007979afaf4306dc8feae00a5871a9c308b
SHA2560f9a90da7df01b65fdbe02a1969123c27b98fc148aa77a0997b20256c97b9e10
SHA512636c0a5f72bca96130c5f4af262890a08c132a7573fbd3d61227660f9fe8afb4e771d917fbd0258c50f1f81f7c5882cb96cc83beea4b1308a5aa9b7c652bf2c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
203B
MD565fe998f913ed68bde61de7eea3ea2a1
SHA1a1809dae28f7ce3d61d4d97c8227dc5170d94e58
SHA25605143ba8eab0ec7184d0a493e86a1d501b62e2da4d5bb74553425320c2f513ad
SHA5121fab98b85bfdd7f4b9d302667b68edbf94b3b9989beced60fc2f302215676521f5acdd64213c273bd8b8d8c5495e79d44358b2da48258b16966b9598075ef850
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
703B
MD58246c166dffad5edb4c8aab9ea3997e3
SHA1cbc022c6ecfd58866f1771e5d7ea5e13ffd7e40e
SHA256a427c647f1f4b407df8afaa8ab95681ab9052670c82312a7b23e28eb56998224
SHA5128b445231facbf4cbef52b778c9a878b04643d17db9c7aef6b4a06ed3282d1c61427f43072fcc24dcbaa1c2723b13d62c7db8a69cdc98bf125b937b3d22b62ebd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD516da0278d2727d43172e5b8d420ab7a5
SHA1d378104541f216739132adb9d2d2bd0497e83c26
SHA256bb1239267a488031669bba5600cb41de8eb98e888428189498dcf77fc6de4824
SHA512a424c66a41bfae593f0af02e9a5fbbf98e27460924075f40842eab3d23508ca41e23d24c5d4df64f1e138e51c6c4a3c3784287c1249fec0abba8e3cd2f5eff59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5aedba756e97f7da6bf67ef8bbc662af6
SHA1c5f7e256632fd7fe2dd4fd971e08a3e8bdbd47d0
SHA2567db07b3f7eb768555b7dc14ef94cc6e68685411f1e3e2007087cb2574556d057
SHA512101ac0a459f92fc0455991140d59a561e2380e6f98c673d4fc7ae380b666487f0ad126c10e595d4db4f24cc4c2c885314c08851cfc6bc6b2ca42ac531e47c420
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ccacf403cdee483fdc0ba0ffde7559fe
SHA1c9abcb2d76b5825150dd979a7def33e6ff4702d1
SHA2562849c0bb7675e32985b1c1239ac546c341157e42253a9ae398a642b20774014c
SHA512a943a956c26c524dec5271e2fd5e11f081bf168c04eee990afdda2ecba7956a4e116a3e83fb98d35d7890223c764acfab9eb23f661d25d7602175e118211b45d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD521cdb7e1b02b96d426e6df253d103183
SHA16092413cf7421ddb12acc610deb5f85265056f91
SHA256d707d2907195fc76aef5016517e65fa55a783e947aea2a0f63f463e046cc9a1d
SHA512240ccf3f12b82e63fdb4489187d8ee99189f7177f59117a1b46a0e3a5769b3190f16e0f81cb886f3e46e4844869e3821563561e918acc0cacd08528df288bd1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea787619-9213-4bcc-ac70-cfaf17a21059.tmpFilesize
5KB
MD5a676687bb0b3dcfa626149af3c8b2a95
SHA1b19cdf2709eaef8f212fd1fd2b7cfcef8b5265f0
SHA256531ea0f605d2d41efd1827d1f02de666e2216aa0d946cd397919839f29561cf8
SHA51267fb2c11ef50eca589e034bef504fc0eaadace3e0eed43e15ba6a79f09eabbd57d96fdbf3fcf7ceec190c7478ee4257e9f61d1dc8258763f0a6926fc8ac43540
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5fa8e5407904e6c1aef5211b9607d6a0f
SHA1db3062bf5e71c890f4d7e810657dfa1197cd30b5
SHA25666e32ea3659ba1e385e3c5bd9fcf7046ba1f7d60d662e724506a2aa0bba373db
SHA512a67928e8b3e308134d39d03ed6995ad33a3361a6fa0cc5e07d2fa48d7a427f2132960a1776f8edd0eba35ab046a1c530acd7723c74b774aeb801988dd4090b78
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5a6146983e3a7b85d70b71795ddcf3bb9
SHA181642572f0cb521a4fc5ff9a00f24149c125bb1a
SHA2560e52be60f50470e2eb4e2c820bc4e8e455cc4cb284f6213a739ce2787d774cae
SHA512504c2eb90087e60a031dfd4df49267d686fa427cae12674404c152839649302b25da5b2dbdc1eb5e89d359d9cc5713b58775a55253671bf1ddf3544c62680b31
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l3teghz5.ti2.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Roaming\AgentMask Crypter.exeFilesize
337KB
MD5c0177ea3dd7688454e586740d9289d5d
SHA17c4ab50048573a6330b64368fa9965de1a5a734e
SHA25621ce4c90bd3b7c2ff1cf0adcaf0199e1e8c0284add01377e4d8e5875cd97c2e9
SHA51249f99ae086025b0688cdb589767415ac4e049919586421011112abde99a1f0caf1fa099c112ee072310e77226bf0343ee99cad0c142566c830fa62b509ba9629
-
C:\Users\Admin\AppData\Roaming\Cyber Crypter Private.exeFilesize
4.5MB
MD5716f0447a569a4ea591abe772ab85088
SHA1a41f53b80f18162474b7295cf31d7029d0b03728
SHA256073675da73076fd55ae01880fc5748d39e5f14d91b92cb67218d0dd175a768f3
SHA512c59c5699e8937c292d609e521602345bf033652a19b0e31b3f6f6daeb95be962f7820503bbfdb66f3ec6ffa5e28d2fbbc1ee55aae4a0f0a611ac4d3fd3d0b8b3
-
C:\Users\Admin\AppData\Roaming\svchost.exeFilesize
53KB
MD5075e8858b7e36c9539f7f26e21b4235d
SHA1086854b915f7a9e5472129638e5776137ab089c3
SHA256aaa4b04191e50dd524ded829fec60f638b12d5a4c04812a4ea715c3ff6953388
SHA5126587ee6b71fb0c247361d47b246e13668cd9e8011c7b452182d352c759efb49ba1169dc237f282e128874d01e0306d309a4ef3b926ffb465882f5fe962b10fc2
-
C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exeFilesize
425KB
MD5c744b7e9db6312fa6717b08ae1cab508
SHA15356688e03f190f45d57186a8b61030cda93a343
SHA25612403fc97b5d40223ed6b8c77f6f2789c0d929d2fe486594cbb64d0c10a02728
SHA51206abf80192d3f02399fd9d694adb635574c53dd3da4fe638d46ef7b9448c9eee470bae4d1093160166acd9c29273c806c6ae11d6ec039b0a67fb1209b9c98bae
-
C:\Users\Admin\Desktop\AgentMask Crypter\AgentMask Crypter.exe.configFilesize
177B
MD5ce26c5f4b0f308531bb2561475da735b
SHA12a43ce7c8d23343924d19c37e5649cf0f51a0a86
SHA25627ccb0bdc2e4dec5c2bf88a29254ae725ece655c907a8b46336b37a9a9601a74
SHA51227d8e07fc3be75ef020bf87d0fd94f6581f7f8fd57f3d369feeda0778574c564bb28aa95f0f731104c6f479e7a9f1e74e31db25f79c103364ef9bf99b1c4bbb1
-
C:\Users\Admin\Desktop\NeverLose Crack.exeFilesize
45.3MB
MD5d5f0edc905702204b36a08a2db821130
SHA1dedc740dc20956479826f33d634866602f748461
SHA2568339b6a2b2e72cac7f0441d3be1ea4b948f074f7a708f45adf779cf4da510d10
SHA512065f1c5cb47e57edfbfcd807260158588cb594cd291714cb44339dd2fdfe39799e53d8b3816ab5249889adde4108ba3a3eccb630d044f7b44f2e3c9e3539c16b
-
C:\Users\Admin\Downloads\AgentMask Crypter.rarFilesize
8.4MB
MD5d54a5653efb2e1471290d3bad52e9e68
SHA1207a7323c571ed88e13baadc80759ab54d82802e
SHA256b2c358bb574ed671e4856b863798d8b808d26fc795e2e74afcd53404ccce2bb4
SHA5120234fd2804497cb58eacf22c299dcdc336e10372e5d4adad14b3752e89197751d43e7a05f57d77d0a42f18b92f141272cfd2fd34aae3f506cf89c8783b1b3889
-
C:\Users\Admin\Downloads\CYBER CRYPTER PRIVATE.rarFilesize
4.3MB
MD558d7ed649c5ba7a7df01ed4ea54409a0
SHA18ffccd1e2d56abe8ac70f607ae265a47abbbc036
SHA25664f797ed4824eb55d95814a876cfd20d46479803766e2d6ca14cea605adca065
SHA512d0d616dca76403d63a5837d82899d809e0c13be020303e842a2771f60a837854a3b5e90da32c674b3d6ccf5b14c3cda084cdadb46873d8cc87564bef51440cc1
-
C:\Users\Admin\Downloads\NeverLoseCrack.rarFilesize
1.1MB
MD509c33270da6f2c6ab5a1c14e503c67d4
SHA19601af11b018330757bc3ffa26fe83b2616f9c88
SHA25614ab0e7de93bf27a85a5f55c4bd8b888d8f8354c53d1bf43a2e5d9739fd575b1
SHA51295a2dedab85f879fd6bc08f704b7ab4e816abab49850d9846e4998806a72eed24681f5df709ffee1f07ee7477b41c0c8abf60fbdf0082a96ec54b1954a2441a9
-
C:\Users\Admin\Downloads\NeverLose_Crack (1).rarFilesize
44.7MB
MD584934afeea191833af1a66182637375e
SHA1e934d90ecc6137ec2d49418c4f93adadbe0be2ef
SHA25684fe1db6c8e064e7562e3309c3a811335705e211d501df7babacdc2895519492
SHA51279a5bca983a47cec7f99d094b1889f919f7f97bc0bfdaa7dfe282ec06a5a8f8b00a55c8096e2735a6e94035ed7a8fc6712b22a2619f181d43eb38488b5d79885
-
\??\pipe\LOCAL\crashpad_4816_BSGKBPPHUOLROVSQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/368-1971-0x0000000000CC0000-0x0000000000D1A000-memory.dmpFilesize
360KB
-
memory/3076-2640-0x0000000000AE0000-0x0000000000F6E000-memory.dmpFilesize
4.6MB
-
memory/3076-2641-0x00000000058C0000-0x000000000595C000-memory.dmpFilesize
624KB
-
memory/3076-2642-0x0000000005FD0000-0x0000000006574000-memory.dmpFilesize
5.6MB
-
memory/3076-2643-0x0000000005A20000-0x0000000005AB2000-memory.dmpFilesize
584KB
-
memory/3076-2644-0x00000000059C0000-0x00000000059CA000-memory.dmpFilesize
40KB
-
memory/3076-2645-0x0000000005C50000-0x0000000005CA6000-memory.dmpFilesize
344KB
-
memory/4600-1946-0x0000000000450000-0x00000000004C0000-memory.dmpFilesize
448KB
-
memory/4932-1970-0x00000000002B0000-0x00000000002C4000-memory.dmpFilesize
80KB
-
memory/5092-1981-0x000002BF51460000-0x000002BF51482000-memory.dmpFilesize
136KB
-
memory/5624-2629-0x0000000000A80000-0x0000000000F64000-memory.dmpFilesize
4.9MB