hxxps://www[.]mediafire[.]com/file/kydby9iy7ks7pfc/KASU+V5[.]rar/file

Resubmissions

23/08/2024, 07:51

240823-jp4xwavdql 5

23/08/2024, 07:48

240823-jnfhwssdma 3

23/08/2024, 07:45

240823-jljsjavcmk 8

23/08/2024, 07:42

240823-jjnzgasbre 5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/kydby9iy7ks7pfc/KASU+V5.rar/file

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1700	Pax_Amber_Tweak.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{2A2DDB76-A936-4F1A-B35D-A9928BD4F5F8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
3096	msedge.exe
3096	msedge.exe
1084	identity_helper.exe
1084	identity_helper.exe
5780	msedge.exe
5780	msedge.exe
5840	msedge.exe
5840	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3412	7zG.exe
Token: 35	3412	7zG.exe
Token: SeSecurityPrivilege	3412	7zG.exe
Token: SeSecurityPrivilege	3412	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1700	Pax_Amber_Tweak.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 3212	3096	msedge.exe	88
PID 3096 wrote to memory of 3212	3096	msedge.exe	88
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 3320	3096	msedge.exe	89
PID 3096 wrote to memory of 452	3096	msedge.exe	90
PID 3096 wrote to memory of 452	3096	msedge.exe	90
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91
PID 3096 wrote to memory of 932	3096	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/kydby9iy7ks7pfc/KASU+V5.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c1846f8,0x7ff80c184708,0x7ff80c184718
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7860 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8180 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14838944192938869404,13244713583427399623,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3912

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KASU V5\" -spe -an -ai#7zMap1307:76:7zEvent17208
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3412

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\INPUT REDUCER\pax amber might break ur screenshot option.txt
1⤵
PID:1716

C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\INPUT REDUCER\Pax_Amber_Tweak.exe
"C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\INPUT REDUCER\Pax_Amber_Tweak.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
432ddf7596c1dbfc47e2158654cc52e6

SHA1
f48d9abb9c7f9306bcca92a58fd871ae186c41d9

SHA256
3459fff1a777aa4483a01db756d8fedd4fda19aaffbe4c1c65a03b6772ba898f

SHA512
73693455350e3ff19930df4a6c286c962332d5bd63cd4e5ea97d1b6241ac69cd20ea9f20790a5375bfd2832984cc4255a4155f9674c82f7b5816f20711ee1d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
3086ce5be12ef42d1953dafab13e1846

SHA1
411d85adce4c014ca6616357ccfcfa80ae497c15

SHA256
481795f837fe5748aff2c292c1d3a7d4600de8f2ab0780b397e4c9a2774c707c

SHA512
1e352afb263a42b74f41ffabdb88e65cc61e240e20a498b6c75d107a237040c67d48311c4795843cee71234c6654011b7f6aa56b8d6ddd544e55794e251e3590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
16edc94134e234a0a6d4eb5ee0d90e43

SHA1
52f4a3d8084da3967dee7d26648bfc93d5316f8b

SHA256
84871f487117eddd33eddf71bd6b149852eca2adeea065cceb19f1a7d8501da3

SHA512
43d13eebd52ff19d368d11c14b64fd9e6f7137b43ea6cfb805e203b5726049f61937139dd9c6898294ead444dd36eb7ec387d2969f231a9b142b0acf9cc4aa29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
845b71ee63882a3c0057244b8b82a959

SHA1
faff28d563c3602bc27f8f8cce4ee01b4ec55cab

SHA256
86df661adc59a667fe4ea883a55b82d472c909149a69e46c25449a5b21df4456

SHA512
7633a1f456da9bc58d6f59fd524482f77290ffba05fbc89c3549bc7e4f656314d024eff8c30149d39e092a59ba50f0f1e124616ab972f955d6bd255a11ebde43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d1ba8d19d496ae50e3a1308cdf54d561

SHA1
2152b3fd46be0c79d9c5bf2b0a6122339a79b14e

SHA256
60b735cf6f3967753714d288885b9870ddb5e00508df315c35b101fd4714bdb2

SHA512
b204a2c28f18232113cd3fd1204b744147eb8aefed50e5746cccf2455c0e90e26d44a22de5d2cd8a8ff35b98788858a1498db7c1ead42ecfb4bfc3f91ba7d413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
dcd6b0710216692e4ab296cf7c9fffc9

SHA1
f3bd197364524cec544c11c66f736d99d99da970

SHA256
eb6195fda45a1c8faa98c3b73a876c19b2e5227c072ec03db541a51e995263a9

SHA512
dc58fbc58c219144da109dc1db7243dd7fd18bfb64ddec44ff752adc76e8f3291fa35670b94c735836cd447e708a193cff9b121738110423fd25c3d8f33654af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d6058f64922c3c74c824727407f64bbc

SHA1
5fc4a3d59bcec5ef83579fdc8df927131c983d7a

SHA256
a3f27f1d7b85fce96c4cf0c517137316dfd816e77723f016abb1d76b4d690d3b

SHA512
4fab89c3605d8828168d2c4a98da6cde63b2e44d020c0830cb012f835276a1207fbf141eda9b92868c69040eeb333285db5671621036e2b7a3dd83a6550d15ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8ead50b5fb47178c2666582e6b085f71

SHA1
60ea20ec0d55c54ae8d98ea7ea1522882ae41486

SHA256
291024e322c604a69e91c9d70563f6dc0198cb1219229fc9b98abbd83747aa77

SHA512
074d6b7b7676e7ba903a04e6a92cce336a55b44ccfd9bb9cf35c897fb03ba8683230421421878accd0c5a4ee660e5a36ff0e8382a1fbd6938b1bbdbf8aeef461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bcf7e18365fd248146059f279b3169e0

SHA1
7fb660c622a63d35a891b28c249a6c8d378c275c

SHA256
2103a93a2530a780e2ac2059f56875fa95312f7cb574fdedd0461fa0c68404a8

SHA512
53cd26c2211429ee402a9c8f524cb883657558d5158e321fc42e4d9a6bb63cc7566e8c3128779c5ecd68e47b056ddafab89f26d15b94f96adc1cbfa7df37ddb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
792ad89f4ff2b5404d4f9cea2d8c6f7a

SHA1
c3874835089416d1d6a64b2df5f087ef15cf158a

SHA256
102a5c47bb59d0cdc40851c13296e61bdf7d6ec914bfaa6ba4806c694940cf9d

SHA512
8161ae03201c231b1938bb8e54f0fca7ea68aa6727f50a1ebdea4b7a1688fde0172abb65edea7fca0e381a8e1849938047e2f677ff48af2e9af238721cde79e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d9d5.TMP

Filesize
1KB

MD5
c7b7637e25d60105ef89aa549b555a6d

SHA1
0355e5300f5ed875a83095023b73c0eb1b242369

SHA256
6542f740d70a461a25156b6f22e15ae57183314f6faadd6eeaae747697062e88

SHA512
f80615cf010162dddbc4bacd485d29f32358e111f6b8b037122a64688eb42ca04d86f0b7eff7e4cb7a094255ea7bea07a0f19ed08ea8779d52aa1a063d543455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c6c2b5e9ddbeb1db1a97df664cff8b8

SHA1
844a11cb42c8e87223b6f7cc30aa6c49e55875ba

SHA256
af2d3c48842be406a62bb09952180253c50174fadc8c700c565f53bd31c6383e

SHA512
6ea0f83700c8c6ad88addfc5f754faeb441aea92cae5800e86d2c960fa4a9bd9253fab57a3e8d2d01fcec25af708836855ace0ed946d22738e0ba622d7e55e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a95f1ee6af9b7662ad03becb329a781

SHA1
2a41c77eabb4f43d270d5077e4ff432517837a74

SHA256
d8805dd0101ac86acab0df1f3c650362e6dc0a31551a8e4b9adc0bbca08c42f2

SHA512
c1553beb341f295394d496421db222e2a11ca2fe26b061e40dea12a0366d4f6946de269441bdaa9b781708373dd69d82f8c807717c0bf70941d47b3777dd70e8

Download Submit
C:\Users\Admin\Downloads\KASU V5.rar

Filesize
21.5MB

MD5
522d76cad51e0e6eba24fb2556cdd506

SHA1
503b1bf9251af41e946069760ebee7ada28c6f02

SHA256
f8afb32af7d2f0c4e60aafad88e046c10d21d8162a81b84a55066993cf443e00

SHA512
d36823c2543d18b6bb628c62b64ddb21c7d3fb30ff0c75303fe94eb397e0bc35a6d99e68762c0d4ee16d7696fa5b370f2a890b1b06af05503bdf53c16011bec1

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\INPUT REDUCER\Pax_Amber_Tweak.exe

Filesize
71KB

MD5
ca80f324a2ade12d6b1c0e94c07fad25

SHA1
1233a4278a12cfbf97207f8a0fd4f9c274029658

SHA256
f39ce3daa27d9e4d498faac6d2fd33457b82e520bd1d8455231632c91e81f18d

SHA512
2d5f2addbc28b61074d5b8ae69d12d8a86c54459af57f5cbf40aec44929d5f9b3a8ce43f8b3fcbe06f30eb4d901d8aef0ec5d157cfd25ee703a533d7865b17c9

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\en_PH\messages.json

Filesize
4KB

MD5
94a75b93caacabd05bf1a0987a14afae

SHA1
7a0606f4c9c8a8937dda955f9e2df6aae3c1da75

SHA256
21706c41c93af0d4b8d23c822e43c5b7d7011c9f4ed5048a5aecf12a0f785ac5

SHA512
103973cc303bd12d422ca329f9770eecdf5253bdd836aca681f9ef3f9818959a157621e7a61fbcdef8aa9e0caa67085ccf4c75379b1f67da0034a276a9a00a52

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\es_US\messages.json

Filesize
4KB

MD5
dda454c66f68e8ae133b96078358b00a

SHA1
68a61271b24db6844776e56d19e256479252679f

SHA256
8ec49f381698bf428b7ea8f49fc6208479af3451d09a1223d4d24f93483c4438

SHA512
6d45a90ca2dea977007cc729ae580f44895bb32443aeb40ed2949b8a754cfaa1309484eb86a42a24bbdd9c53afd1e0517c5b55e8648d2dc3f3d81bdb1c1a0d07

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\no\messages.json

Filesize
4KB

MD5
bd4c63bd77cf9e9d71a6879c935cc566

SHA1
ba9dec87c2a1dcdfc3b778eecea20baa97432927

SHA256
5013bd334055df78a365532496d3c1eb1e26315bb552f79d2bf6f37f9b836431

SHA512
385b14b22cd791f64d7adf1955f0ed05f6dfcb85b5821ab3dd4dd1d0525952bc82bed72739bb4b40d5883205b48e4d6d28e507a42b84663d73b20da5790bca47

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\pt_PT\messages.json

Filesize
4KB

MD5
d0b1e7acc802bba89e15c735c81e0f02

SHA1
9ddbe137afe5640aacde424bc93e994523bd0b22

SHA256
4b1f62dc79f3f1307bd916efcae0204b69f46734ceef420d46aeee469c24793a

SHA512
1e9629c0f0e52535b0d93097afe1fb49c8fc9b700b295575f1c31ae227b99a2269bda4e10489dcc5b93cf00d9a5c7b0045647b1d1fe73c30d755ddbf8f0d48fb

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\zh_Hans\messages.json

Filesize
4KB

MD5
671be8f15414f65774a8ddbe668a8d18

SHA1
bc84bb42cd2f63d99573fb91575361481d90c71c

SHA256
d158d4efddf442b65311bf433aa5449627225ab7632f519589879f355fa883a3

SHA512
4102268aa07d374aa272d5a4fdab90d4b35febc360fd1905167b3e1653de490166a0611ef1af8023548ae9761a2b597978394c2e93a27e029d4c6b04e6e7bf47

Download Submit