Overview

overview

3

Static

static

1

URLScan

urlscan

https://github.com/i...

windows11-21h2-x64

3

Analysis

  • max time kernel
    166s
  • max time network
    168s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/08/2024, 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/iamtraction/ZOD

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 14 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/iamtraction/ZOD
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa7c973cb8,0x7ffa7c973cc8,0x7ffa7c973cd8
      2⤵
        PID:3452
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        2⤵
          PID:728
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:888
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
          2⤵
            PID:2656
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:3324
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:4624
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4764
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4724
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                2⤵
                  PID:4944
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                  2⤵
                    PID:3628
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                    2⤵
                      PID:2340
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                      2⤵
                        PID:2880
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                        2⤵
                          PID:3640
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
                          2⤵
                          • NTFS ADS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1168
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6256 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5492
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                          2⤵
                            PID:5936
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                            2⤵
                              PID:4944
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10308612274043175379,5264966662333865839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
                              2⤵
                                PID:3600
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3780
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1992
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:3824
                                  • C:\Windows\system32\OpenWith.exe
                                    C:\Windows\system32\OpenWith.exe -Embedding
                                    1⤵
                                    • Modifies registry class
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of SetWindowsHookEx
                                    PID:4232
                                    • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
                                      "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\ZOD-master\ZOD-master\README.md"
                                      2⤵
                                      • Checks processor information in registry
                                      • Enumerates system info in registry
                                      • Suspicious behavior: AddClipboardFormatListener
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4940

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    3e2612636cf368bc811fdc8db09e037d

                                    SHA1

                                    d69e34379f97e35083f4c4ea1249e6f1a5f51d56

                                    SHA256

                                    2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

                                    SHA512

                                    b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    e8115549491cca16e7bfdfec9db7f89a

                                    SHA1

                                    d1eb5c8263cbe146cd88953bb9886c3aeb262742

                                    SHA256

                                    dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

                                    SHA512

                                    851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    2KB

                                    MD5

                                    78eb1b0ec475e7bbaaf365b1aecfa964

                                    SHA1

                                    27eca5752a104c9fbc215140a45d9a71c65a6c9a

                                    SHA256

                                    83fa384a217c850619a96148911a7caaa9357aad7e843c12610b9762c34a983e

                                    SHA512

                                    a59828f9b5747e4166e7618155544160a1458e07f9fa41613cd3cd00c76a415984a39d29c4117356ac8d4d91456e8427facc557742bf378255e4880e56b51b9e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    111B

                                    MD5

                                    807419ca9a4734feaf8d8563a003b048

                                    SHA1

                                    a723c7d60a65886ffa068711f1e900ccc85922a6

                                    SHA256

                                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                    SHA512

                                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    573B

                                    MD5

                                    463f615865d92339eb68e23cb603e539

                                    SHA1

                                    1caff5854dcc2665be53c36fafe53602f39fbadb

                                    SHA256

                                    a71ea36b4801d34a72d4cf2e6697acb39eb69abbf866461cc64d84133710759f

                                    SHA512

                                    f77f957a18753ea34c90d48bc81ed4a6ff65a8c42036d2ebc622ea4e5bb7a4d76eb1e9e6367d765edba69e83c973dac2670a97cbee3f95d08259ef667cc8b5a4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    a182322d663f9f9aee607fd872ed1fd0

                                    SHA1

                                    2686156582e01141ec4d89ff8949d2842ecdb2fe

                                    SHA256

                                    84e0deaa5a028fa7d7b3a9a02e6a0a61da318d496a04b58c54a05f4e2ca24f8b

                                    SHA512

                                    72f9542964d69ba7fce25b41b0de3a7d5fe29f1896ab9cdf9d10fece208eaadf52a86c2356f19e8f3e21f8da554ee09aaa5eb0ae05071e4934bae203ab53d6ff

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    4bbfa8f7b3a2357c0ee867c86dd935e4

                                    SHA1

                                    e60b7569ddd94a8c3e4ba91619d2021657fd7dcc

                                    SHA256

                                    56338beb6923becd980cfbef1f2078bb8672297a2e4903b1d61f26ae8bdb4106

                                    SHA512

                                    24395b3a2ee8bd1aa77c5b24340231074c615f4960191484506c0826a5e50a613e74b47375bfa36a9ff46ebbce3c967d68aade32a39ed0a171ec8c7ab0f7b8bf

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    1KB

                                    MD5

                                    4df3e6950bde49ad2d13e43f5a54637e

                                    SHA1

                                    d6a112c83326547e3f83f65d7f5f5dfbfde7d959

                                    SHA256

                                    f40bdc1ce317239aee071f66da083a7f163a43a6052c80d966fb7ef4bfd0bd9b

                                    SHA512

                                    46d54e529a28de38ff93c6990093ca683f2ed1e9d4053dcf83f04681298c866e2981918bb1b4c3942266ef5ef78268a87c2ce6f1ac2f49ac37277226f854dfcc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587402.TMP
                                    Filesize

                                    874B

                                    MD5

                                    e1654c6f19100773fdc8f62d9534830e

                                    SHA1

                                    50e0f9107a8f2ad9939745b6202e9a4d6004eebd

                                    SHA256

                                    9d291199d73f5511bde78e1aa4ba33b609b8205c04c9773688ed90e1a23e1e08

                                    SHA512

                                    e491e2921e794a041e0c73484d34757c2d60530f6aa743ffd7b4877f783a92a89493c2ae73c7363e5c0af0dbf613132a3399f03255b02476d67caeabf73f6c07

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    206702161f94c5cd39fadd03f4014d98

                                    SHA1

                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                    SHA256

                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                    SHA512

                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    8a0a6cab5e11a606ffbd3df1b798f77c

                                    SHA1

                                    c7e911ddf5e0f7384a0d7fca6363ec286adf57d1

                                    SHA256

                                    267d810168f3cf9c39a1ff80828a79755c6b477e79b4420c74f23b1b9fa89cff

                                    SHA512

                                    cb76f900ad6f105917168bab966c7f762b1682e9b92415408baa2ca9fd71db36067e4f84ef8ce081d42cd4a160b6b602997abe0b96b94f69a36f460a3071b7fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    a17c953f8666535eb7885fc8a14ee7e9

                                    SHA1

                                    6cf2c0c4ca35267081d9d7ccd0ae4f6a2c9bfa57

                                    SHA256

                                    b3b8cb6cfab67148862117c4dcf17a001772b8436e16b7e5c1ff0368e9456d59

                                    SHA512

                                    228ab662141bedba22032f680677fc1a0a221b2efd6f7671d2b6ebc5b1a4f4f98ab0a345d1ff63116f6333f35f6d9032b16e24dead71773cd9e412ed5a5ae432

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\TCD3B5A.tmp\iso690.xsl
                                    Filesize

                                    263KB

                                    MD5

                                    ff0e07eff1333cdf9fc2523d323dd654

                                    SHA1

                                    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

                                    SHA256

                                    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

                                    SHA512

                                    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                    Filesize

                                    393B

                                    MD5

                                    90a7b1f5529bac5724d95d558ef2dded

                                    SHA1

                                    b84704fbedc36f50d040a6939300b18e65eb0ad3

                                    SHA256

                                    c5e26b005284221c7d8b458358733d1d2f11fbe6ebf6682ea0c2e7dfb7ef18c4

                                    SHA512

                                    a6eed540c32653aaed8437b0a412e672e889f507eeeccebd6fbb153d520df19780dbebe53aa2e88910f47504da362f073995e2e266a67d5d2a3d004cfe1975dd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
                                    Filesize

                                    3KB

                                    MD5

                                    07cc13941e701fd697a8ea321fcb47da

                                    SHA1

                                    256bb346c3a7be40205a6be8646c7404fba09e3e

                                    SHA256

                                    20e8002d1d669b68919aa8d1c1eb9154205ade7380ef70a3c9a49855c1e0e8d9

                                    SHA512

                                    3a978f0b74ab3ae33c600eac69581b1abe1af13533902e24c11cadfea4de77928ad45ec09718f50ec1dda3d0607bd5f1a1bed2388e9634fbe8b8337be9850143

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
                                    Filesize

                                    3KB

                                    MD5

                                    8f169c443c549e86872c78ae0475ab0f

                                    SHA1

                                    d1248ceb41ea3844b7e2646d65595fdd99c16ec4

                                    SHA256

                                    1a13777b796685744bc0e5e496107eeea24e843c46284f3c3eaf8fbde4ad9312

                                    SHA512

                                    795f37d8e9dcd2c936fc07858090d7768d6fc223531d7964e5a587ab82710424f442ce2dd3a527a1b6a3cc5575e39c99d481095a413c1fba199db94054eca086

                                    Download Submit

                                  • C:\Users\Admin\Downloads\ZOD-master.zip
                                    Filesize

                                    41KB

                                    MD5

                                    ae6438a5a41352e5b7b37918259bea69

                                    SHA1

                                    684f4e642980875422c1e666ee349d9aee5c337f

                                    SHA256

                                    d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768

                                    SHA512

                                    28b14be2cadcc3d37afd2a501e553bb5d8df42cb376609c587348a2bfd3eab35e81b76ff2f61b1951a606739834eda607f9dc4334ea60f00bb806edb269c9784

                                    Download Submit

                                  • C:\Users\Admin\Downloads\ZOD-master.zip:Zone.Identifier
                                    Filesize

                                    149B

                                    MD5

                                    4ae118452f09bce34af4868ce038c106

                                    SHA1

                                    74a2858ba5376d2bd9c389359acefe95e07d6bb4

                                    SHA256

                                    b48f8adfc4a9153880e7030e213b50071919fdbb7872f62d083c89d12b67e1af

                                    SHA512

                                    02218946b0e96b602e2e61f62efdaeab6a9fa0f5430d4177e60f3c9bc71b14ce8e67930c78f8c02d2b8854f9ef8c92a60cb2098577b1eb262eaa98979d835de3

                                    Download Submit

                                  • memory/4940-279-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-282-0x00007FFA49830000-0x00007FFA49840000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-281-0x00007FFA49830000-0x00007FFA49840000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-280-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-276-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-277-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-278-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-707-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-706-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-709-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/4940-708-0x00007FFA4C190000-0x00007FFA4C1A0000-memory.dmp

                                    Filesize

                                    64KB

                                    Download