hxxps://mega[.]nz/folder/NNhizKIY#_598We3JUoSu2eXAdjgzhg

Resubmissions

20-10-2024 16:40

241020-t6ysaszhpn 7

19-10-2024 22:59

241019-2ylf1awenl 10

Analysis

max time kernel
59s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-10-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/NNhizKIY#_598We3JUoSu2eXAdjgzhg

Score

7^/10

discovery pyinstaller themida upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x001200000002ac4c-551.dat	acprotect

Themida packer 8 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/4340-489-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida
behavioral1/memory/4340-487-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida
behavioral1/memory/4340-493-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida
behavioral1/memory/4340-492-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida
behavioral1/memory/4340-491-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida
behavioral1/memory/4340-490-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida
behavioral1/memory/4340-486-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida
behavioral1/memory/4340-488-0x0000000000BA0000-0x0000000000FFB000-memory.dmp	themida

AutoIT Executable 9 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/4048-564-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-607-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-600-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-595-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-579-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-573-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-570-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-567-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe
behavioral1/memory/4048-562-0x0000000000EF0000-0x00000000018A7000-memory.dmp	autoit_exe

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002ac2e-400.dat	upx
behavioral1/memory/3112-404-0x00007FF9F0280000-0x00007FF9F0945000-memory.dmp	upx
behavioral1/files/0x001900000002ac26-430.dat	upx
behavioral1/files/0x001900000002ac22-443.dat	upx
behavioral1/memory/3112-447-0x00007FF9F1DB0000-0x00007FF9F1DD4000-memory.dmp	upx
behavioral1/memory/3112-446-0x00007FF9F1C30000-0x00007FF9F1DAF000-memory.dmp	upx
behavioral1/memory/3112-445-0x00007FF9F1DE0000-0x00007FF9F1E0D000-memory.dmp	upx
behavioral1/files/0x001900000002ac32-444.dat	upx
behavioral1/memory/3112-442-0x00007FF9F9100000-0x00007FF9F911A000-memory.dmp	upx
behavioral1/memory/3112-441-0x00007FFA0D990000-0x00007FFA0D99F000-memory.dmp	upx
behavioral1/memory/3112-440-0x00007FFA0E4F0000-0x00007FFA0E4FD000-memory.dmp	upx
behavioral1/memory/3112-439-0x00007FF9F9120000-0x00007FF9F9139000-memory.dmp	upx
behavioral1/files/0x001c00000002ac1b-438.dat	upx
behavioral1/files/0x001c00000002ac15-437.dat	upx
behavioral1/files/0x001900000002ac2f-434.dat	upx
behavioral1/files/0x001c00000002ac21-433.dat	upx
behavioral1/memory/3112-432-0x00007FFA13960000-0x00007FFA1396F000-memory.dmp	upx
behavioral1/memory/3112-431-0x00007FF9FEC10000-0x00007FF9FEC35000-memory.dmp	upx
behavioral1/files/0x004600000002ac23-429.dat	upx
behavioral1/files/0x001900000002ac20-426.dat	upx
behavioral1/files/0x001900000002ac1d-425.dat	upx
behavioral1/files/0x001900000002ac1c-424.dat	upx
behavioral1/files/0x001900000002ac1a-422.dat	upx
behavioral1/files/0x001900000002ac17-421.dat	upx
behavioral1/files/0x001900000002ac14-419.dat	upx
behavioral1/files/0x001c00000002ac33-417.dat	upx
behavioral1/files/0x001c00000002ac2d-414.dat	upx
behavioral1/files/0x001900000002ac2c-413.dat	upx
behavioral1/files/0x001900000002ac28-412.dat	upx
behavioral1/files/0x001900000002ac29-411.dat	upx
behavioral1/files/0x001900000002ac16-409.dat	upx
behavioral1/memory/3112-502-0x00007FF9F0280000-0x00007FF9F0945000-memory.dmp	upx
behavioral1/memory/3112-517-0x00007FF9F1C30000-0x00007FF9F1DAF000-memory.dmp	upx
behavioral1/memory/3112-516-0x00007FF9F1DB0000-0x00007FF9F1DD4000-memory.dmp	upx
behavioral1/memory/4048-558-0x0000000010000000-0x00000000100BB000-memory.dmp	upx
behavioral1/files/0x001200000002ac4c-551.dat	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x001a00000002abf0-366.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\888_RAT_1.0.8_O_Cracked by Artist.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
2296	identity_helper.exe
2296	identity_helper.exe
4372	msedge.exe
4372	msedge.exe
1232	msedge.exe
1232	msedge.exe
4616	msedge.exe
4616	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1500	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1500	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1312	1376	msedge.exe	78
PID 1376 wrote to memory of 1312	1376	msedge.exe	78
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4912	1376	msedge.exe	79
PID 1376 wrote to memory of 4124	1376	msedge.exe	80
PID 1376 wrote to memory of 4124	1376	msedge.exe	80
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81
PID 1376 wrote to memory of 3536	1376	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/NNhizKIY#_598We3JUoSu2eXAdjgzhg
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffa0a413cb8,0x7ffa0a413cc8,0x7ffa0a413cd8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,900997538999567354,498735238946160664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7140 /prefetch:8
  2⤵
  PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000480 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3228

C:\Users\Admin\Downloads\888_RAT_1.0.8_O_Cracked by Artist\888_RAT_1.0.8_O_Cracked by Artist\888_RAT_1.0.8_O_Cracked by Artist.exe
"C:\Users\Admin\Downloads\888_RAT_1.0.8_O_Cracked by Artist\888_RAT_1.0.8_O_Cracked by Artist\888_RAT_1.0.8_O_Cracked by Artist.exe"
1⤵
PID:4980
- C:\Users\Admin\AppData\Local\Temp\Explorer.exe
  "C:\Users\Admin\AppData\Local\Temp\Explorer.exe"
  2⤵
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Explorer.exe
    "C:\Users\Admin\AppData\Local\Temp\Explorer.exe"
    3⤵
    PID:3112
- C:\Users\Admin\AppData\Local\Temp\Runtime Broker.exe
  "C:\Users\Admin\AppData\Local\Temp\Runtime Broker.exe"
  2⤵
  PID:1044
- C:\Users\Admin\AppData\Local\Temp\888_RAT_1.0.8_O_Cracked by Artist.exe
  "C:\Users\Admin\AppData\Local\Temp\888_RAT_1.0.8_O_Cracked by Artist.exe"
  2⤵
  PID:4040
- - C:\ProgramData\UserOOOBE\UserOOOBE.exe
    C:\ProgramData\\UserOOOBE\\UserOOOBE.exe ,.
    3⤵
    PID:4676
- - C:\Users\Admin\Downloads\888_RAT_1.0.8_O_Cracked by Artist\888_RAT_1.0.8_O_Cracked by Artist\alocal.bin
    alocal.bin
    3⤵
    PID:4048
- - C:\ProgramData\winsrvhost\winsrvhost.exe
    C:\ProgramData\\winsrvhost\\winsrvhost.exe Ws32JOW8eLB4ZJM6LcGNi9jmylDvGvNUd5LF0ItCV9NtrblO3wiYQSjf1YlgtK3k
    3⤵
    PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b9912e4baf4489262e620cf252b32ad6

SHA1
79442a6b0e2fb1bbef005ab8d4eca72be3ff7773

SHA256
e59d1619ec48302b7b291f6fe9da0b5d65b05a4d8085b583417dd0c662ffee3f

SHA512
9b2fac3e01fc9ba14e7035214e791c144d8f7933e963ec2b4bc958092a2b712dc6682328a2a4d4e102da32f21a6573e8d5f038a0ecbe9bb064143678bbda63c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
e08735d8d04f386ff229cfdd8a901096

SHA1
e90c5ea41031dec6fee120cc3dff12883d030394

SHA256
dc42a69331760dd72e43c530f6bfe4baeaf1e8ac68edd7e6ac80d131afe9c0d0

SHA512
a1459dfe83ad0ce30a3c50bd9de00e56a57f66b6b96eda248288d5de02cb0bc5c22797e0a33188bfc09a66a0695e6b3c57ba5f0d743abf2c6e5a4b66bfd75386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ff0e4493d7d7796948c37b7cfb38218

SHA1
1cec3b064f22d8e0c61b04bdf72d0f65b9756661

SHA256
46d5026cf00579cc5aac313c5a7c6b154c90e7f56d84e4d239af3727f0d06dec

SHA512
f8f029ba7c08a5076545d279635d2485c5a7bd5d12790b1ad8b4fea28dd5482ba2da6b3f6de70ebfe6cd0056d0d5c684e8f5ab91dcdd3cb72dda51a52b369577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b2a03b457eb7c224f8d222dc5d15ec8

SHA1
89f29502e76119ab664640c559ceaf418dfc61e5

SHA256
6c350089d632c0a9d6a46382c40ed741ae0dd50b16d618d08d1509f193a635e7

SHA512
52e9cab73100e9900e73bd217de8df1ddcb4eca9dff440afbb3fc0f11ce399089bc377c90b2d886aca2a9322f417b84cd830ce7344263045bf91161b0fd9717c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da5ff6b8ce89800141e0f635b3825146

SHA1
5dba1b09d7036456869791d7cdca16d7f4228d11

SHA256
a4804c80bb287d4ca62377896ab7d2622d4c412fa2f89a156fb186c3e2d2345a

SHA512
1b3e31f368c97265844f92a5fa5f88b9c87c3d10dee7e16314321fc01ee32f3e5cdc429b26d57124c1be39d0d732bb91dcf22058e4b9e9982e6b6b71755aafe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8aac285d204b0b67e6ba535f8a323316

SHA1
440effcf434f60e8db2316c21c85dbd9cce2390e

SHA256
29e79a39559ab035826b4a912138743af0452acd11fbfb74ccb0ebdcf02ab292

SHA512
8b16891f4dd77f3a06f79c8fb5b7d32cf8443cf5cb43457c1d145151548312fe96ff6f2f2a0597d10c84884f1dacc17e76841e2ecd0b0153c74ce4aad1b95e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fca1e1a31c8eeb3c6519845889f8d27b

SHA1
49efeb6c43d9936ce5776bf2cc3c8d406d09b062

SHA256
838f03748df2fdab0efac25bccfa5a40412ba6a1da44b809e7a9cfed4435f4ef

SHA512
2b49001170b4fc1d60abc2eaa839deaab1d207f1e5b47e3f6d8a0bdee88f7054100515041ebb2073bafcb05ef70d09799fef162daca6e408924e59006d88a069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d33e.TMP

Filesize
48B

MD5
9c69fc353d159dd17c93539933451405

SHA1
61e7a535d10a53638c47de05bd2ba8ba69fa12bb

SHA256
34c38360cba168a97e60ef012ee640dffeb8eeac7a998b91964dfc4ce5c70403

SHA512
9009310b3a30c59cfd65dfcd69a8732cfd589b1828ef5f5d82056405dd60bd7fe52c138bcf022b1f6237c0b75adcf2bf11e049bf6af3e5d4a8a1701de60b4133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9684317a16c73fd92eb0ea95b54a3aef

SHA1
23ceff4e74a88a606fae9ed430694c263c7894f5

SHA256
fc3498157a884f3c51d73daa67bdb0cff9b54bbb0b1659f9740bb175fc2624b9

SHA512
5423402f0a66ff895b01a8f76343a6f68fe00e1eabe30e0598fd38e77b68db9058ac79d34874c9f25dba3ac842007b5061b6c075cdab028f4973a58771eb09c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b34356a02ea62c90c27ca5e77060ef13

SHA1
4acf78b3bee0b0f1fbf8c98835ecd5b74435123f

SHA256
4e28cc1d86649e50eac039197adfbbdfc336d8caf16abbd29e5dd28da2907b98

SHA512
d9b44710b35ca0c09f67995969a8f1f8d0be1ca0f2c494943f547c29970d88dd8ca05028ba822f1d1cf7e06fb0d543dd8edb43af68ffcfa7ac611fb5a4ada5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a24104b8ee3babb1ee66bbe5124dcac

SHA1
3ad7328eddbc57d72ca26b7dd877987636f96ee8

SHA256
a1e1dbb8de6a5122be25653dba3f0c3933c17afb0e936ccc4aae8523a2d3735a

SHA512
617f72fc8a759b615d25b833fda5f4042a3da207257484f815e9bdc487095e3c1b2439b8cedfc722a5916cfbc7037521ea69b1521ed0a5ce3ea96cc217dd4048

Download Submit
C:\Users\Admin\AppData\Local\Temp\888_RAT_1.0.8_O_Cracked by Artist.exe

Filesize
235KB

MD5
76ebe8954c3db48def0c307504266347

SHA1
3d2570315d8824c067946eb58a6b1b9829eb979b

SHA256
26b77fa4b8e3c3ab7aeebeb368dc776943c01938eeb9dbdde823910ce06ac7c0

SHA512
03f69994e5a2a0b870529bbc2e1eb9352dc16a08431677909ae89544079385ee1575deaff9e7662a034f11e5634844ed45fc48e28d45cfb5cb59fca109542084

Download Submit
C:\Users\Admin\AppData\Local\Temp\Explorer.exe

Filesize
7.7MB

MD5
c043607e213d94c20ba751a3497e7906

SHA1
12f8554600a5aa4db60881d3ffadb99ab4c2730f

SHA256
8ab39a05e397f5fc957af8bc692c37c7d6d314b207e2a0c63ba3017515a7a28f

SHA512
e4082ad4c03d177041e9ba5c796622de661a2491b87c2305521706776fe6632b505e0285e42360201ee169cea067516f80bb01afec695d266e84c5a4a748120f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime Broker.exe

Filesize
17.4MB

MD5
ddb920e9e0a9067222d51270d33ba4fa

SHA1
de855e0ada7b362a05334b721b3f5b7b8cf4901e

SHA256
f2d688dc90d6578e8668d67084aa86f25f6438ec6aa0867b21b9deddd8adfdbe

SHA512
01f3065c39fadf4853ca37dbb34b6687eb6b82ce5b747d7d7742316dcd1d4e260f78aeccbf45db2c0ce0c5b5948b2288b73d90a1754eae808ae4069326fbc6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Runtime Broker.exe

Filesize
20.9MB

MD5
032378921bad320aab50eab3521a4afd

SHA1
f21b5e26ed7183a807899308c6f1a3a26a965e4d

SHA256
d091de2d997088609e8239b56ff01b514990f60119c1c8d6a1cb5e54ee93338c

SHA512
429203cc9cd040ec20ff59eedec81ffc895679ae58522067c086226830e331194f0e7a778105ac5f0b90693f3ee40927a58e17798bec5aed9b62c120d8ba4f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_asyncio.pyd

Filesize
37KB

MD5
75166fa56af8704f72207218cf119680

SHA1
603ebeb5b2d990f70a71bf8a39413d819a16dba5

SHA256
f8a86ac326c8a61215e8004dc5ce5d2a6b2b772142bd8caf77466ac318859077

SHA512
c37a5de6e0fd6c3a5c3895bf4227fdc7aeb876067ae4738638f1c1a62393d1dc226a653b291e71531d1aca043cb4079d203c50b9e0f58232f1b3b81c1ce03d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_bz2.pyd

Filesize
48KB

MD5
a4a6016a2e9814b924c8b6170fc9ad11

SHA1
23a7284eb681e645c724d2c04047f10fb380b446

SHA256
521ae17194d78f96499e79f954f214aa9fc7f643b8df112359c465c1ec5f51c0

SHA512
c193888843b47861d81a1ead576bc8e0830e91d9fa9fd23c9f2ff66cf56d63647b79aa7dc0efca5d1b4f7aa970c2741f7f98fa72681de90e7d28f7a75bec46a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_ctypes.pyd

Filesize
59KB

MD5
07618b847893948457c898ec0031584d

SHA1
f32c384d0d230af275881ea628464977963f743a

SHA256
856d252b11441794aadfda4fca43e55eec33768116358e33c9ffec76aab42cae

SHA512
675adf685ddb2cf84987534553cf651baf6f0552dab0f4845d38e9a743a0365eee9d0f6db6696b4738fc60b4b38dfd077b0250787a331736b9648dba47d69e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_decimal.pyd

Filesize
107KB

MD5
8ef99e2d776f05e55741b3f45609828f

SHA1
eca19b53ed2c67d68b413951db170d333dcb57f2

SHA256
7a09b01c2b642c787c6d8cffff8f0cc2dca56243cfcca95bdb064623a77f18dd

SHA512
05087e6c94191a8dc7709da5b9a0b4e34e155b44e44c629601b6f92e0d60d14933d4adb295036610a4fd5c10eb3f4fba663a86a25286f521d8f3173ebe7feca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_hashlib.pyd

Filesize
35KB

MD5
159186e9311e5e10f4f5da681aca44c2

SHA1
f5cc126cfe71b47988fd9c27b5fdcbfcd590085a

SHA256
edfbebafcf209eb3efca31f713ad5361604e3572b28ef9cdc990dbf384a28cdc

SHA512
8b8221c829aaa336b2f3022b6178d6dc5e3119dc93d3185ac63107e93063d5611eadfd24427933ed0e04898ced66df8c6baea74f9f36a1883cc5285e79b87a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_lzma.pyd

Filesize
86KB

MD5
95539b2ba96cb61c36f960a0172ad0a0

SHA1
c80dcb0a8d68dc62c78f8c0ad54b838160bd9993

SHA256
d4daefa20f4cd3ac9ba8c3f44140bf9e602277a8557230b71cbf2cabb2922fe1

SHA512
1130b90881ae8c700090d392fca4f5c78699201b4da338a61f3040ee6a09eedefca595e3a31ccaeaf412ab6e0d22cbfeda256a8a3c336cdea014a48c2002cd60

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_multiprocessing.pyd

Filesize
27KB

MD5
91a2e920fde757fd30d4610fdf4ba49d

SHA1
a6e3b029917ccd4c6cc9cece0a451c7cc764e230

SHA256
f05eb3ce9f483421aabe2dbd50e4791f076be5d6ef5f12207cfae8c1cec6d767

SHA512
419f142951f3cd939354840a12e9b2c5e63bb113c35f106f00bfcd34d6fc8b528f5772f6b03d72e7234172567b39bed5c060a5d5c9cbc4ad5c5e0de05feafd08

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_overlapped.pyd

Filesize
33KB

MD5
87a8356265ffe404bd1c511ca0dd9c37

SHA1
5c44819a19b4d1fe2c8f9ac1a0586601643d4d96

SHA256
2ebdc423752cc46d20ed57f725cb1bf2d2f110bc23cb4db73e45f7ed1c663302

SHA512
42f5323406638403588ad0cc820062ea3a655f6a184f8b99fdaa9e5dbf490f608cc12ac04916cdbbb9f2e8b4f8842b30eb6f3247338348efe26c517a75193f99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_queue.pyd

Filesize
26KB

MD5
16e1189b19ec76c8b08eec82b59e98b2

SHA1
7c587f121ba298537adb5bd761e0c9d6d030294f

SHA256
82b6fbd111fd8b94817c999fbdfb855e59e08794f8e024fee7e303e49fe412e3

SHA512
abe89dce3350a1f304c49a4371e5c25ed8d363d018db60fd0e1f4bf418d9f5682ac16b82f318828353efca4de1d64a398a56eb2276239d43be332492623c8ffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_socket.pyd

Filesize
44KB

MD5
f9421dbcc2ca3c68eb1a27d4d03cf0b5

SHA1
6f2f16eda0b500d8a8007713a03f5c2626a3dc95

SHA256
5cdf3a8144d3a302f31b7d828611913d7e159752de9e7717ea8d7b6c668bdb6f

SHA512
db6b994edb120c48e31860613d87282e6d5358ad322a8742fd0f26af9040de0108487a8f3f4a30b9365cfa9210c1a4a8e9d5f9e8e45522b7d750c12719df5165

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_sqlite3.pyd

Filesize
57KB

MD5
079c5f285cd47e1374da42f5597e026e

SHA1
6e0cb69c2738564c32449801f8178657ac7bb49e

SHA256
727e3eebd9af88a8f217192180199580fa3930f7a005caacac4df1a0b38a551d

SHA512
d14908b1bf42d38a86019258f92837e5e8e822cd2bc8de85d863327567a2f5ac220ce855384b1b3deeb56adedfbe0ad1d21986e8543e8edbc3e34232f9483173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_ssl.pyd

Filesize
66KB

MD5
0f32ce8b42194785945a81024c1e319a

SHA1
52443af72772c8c10e0d8fdaaa4ec2b545fabd14

SHA256
ff96328907bcf586f43a3608a6fa7fcb4eb84db4e9c0a8ad316b3d15b12d4192

SHA512
6ba368d28685ea929f2a2bc9b69944480aae0e72c3c2d65970da4cb56331fbaa9163be2835c939af7baeb630b23d4e490ec5d206993acf68810a74122346c1d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_wmi.pyd

Filesize
28KB

MD5
12ab241c190bbbf5eed795e6f5e4c857

SHA1
6e56c9f9fb51f46a61bfa97228402a775488cd15

SHA256
6eeef822e9e3293ded88dc29959628205bc3958143cd8ec9075d39d3f69cf7b0

SHA512
28326d0c104473a9774341ff1a5b64e90843a11011e01d4a46f16c07521d0e1f68ea87d7364a3f27685e0e1d6adc5130947a4f54a499e59c8e475e58f415f5cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\base_library.zip

Filesize
1.3MB

MD5
48ba559bf70c3ef963f86633530667d6

SHA1
e3319e3a70590767ad00290230d77158f8f8307e

SHA256
f8377aa03b7036e7735e2814452c1759ab7ceec3f8f8a202b697b4132809ce5e

SHA512
567a7bef4a7c7ff0890708c0e62d2af748b645c8b9071953873b0dd5aa789c42796860896a6b5e539651de9a2243338e2a5fb47743c30dfcde59b1787c4c1871

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\libcrypto-3.dll

Filesize
1.6MB

MD5
443fd07a22ff1a688a3505d35f3c3dd1

SHA1
ab9f501aa1d3d523b45f8170e53981672cd69131

SHA256
f9c87ec6401039fd03b7c6732c74d1abfdb7c07c8e9803d00effe4c610baa9ee

SHA512
1de390d5d9872c9876662f89c57173391ecd300cabde69c655b2ade7eea56e67376839607cac52572111b88a025797060653dc8bb987c6a165f535b245309844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\libffi-8.dll

Filesize
29KB

MD5
0d1c6b92d091cef3142e32ac4e0cc12e

SHA1
440dad5af38035cb0984a973e1f266deff2bd7fc

SHA256
11ee9c7fb70c3756c0392843245935517171b95cc5ba0d696b2c1742c8d46fb6

SHA512
5d514ecab93941e83c008f0e9749f99e330949580884bf4850b11cac08fe1ac4ac50033e8888045fe4a9d8b4d2e3ea667b39be18f77266d00f8d7d6797260233

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\libssl-3.dll

Filesize
222KB

MD5
364a71831c9bd0a09eeeceb6980c58c7

SHA1
9d084ccb83e12ddccd17250a009362d720e6271c

SHA256
3b20fb46f41234f8f7bbe342cfebfbbce5708d963cf5c7792d1237a1bc7b2676

SHA512
5abe19130f9306fd6fc3644412ef6c8c5b7da970cfaed69657a6cb62d431abfbba64fefcbfa82910d17d744e299e3ba5036bd490223b2bf28689cf2e70633dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\pyexpat.pyd

Filesize
88KB

MD5
2370f440798a32f805baa7dd40cf4910

SHA1
36da66fea719a1982c5eafd19a45e02148688fc0

SHA256
0a1b8fe8c161a8b12ce3b888b7e3a2a09ec66caa32a2b691ae34a12589d8e078

SHA512
7936712d3890e8776e98f5b428583b69b53eadfa2f933efc888fb4eccfb8bfdceb1a92d6661054c3cfd7d9ffb2c37bd39a5da5547f840294a367ca68f86cb31f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\python312.dll

Filesize
1.7MB

MD5
a1fc58bf14a5b32f33eca65c39062982

SHA1
bc43d006e6b1ded79014eeed54df2506b024c54b

SHA256
14a71a46e03608c35701ebb1ae87f90eda6746d49ba9fb07d9841c88ff9ad167

SHA512
de8f6ccbeab088856db0e5a5c191940697d25614a1e28ca42f88119f1d296c7b8d67a8a8ce6980e296106c01431fc6915ce3374b8809de7deaf6668ed29167bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\select.pyd

Filesize
25KB

MD5
c9eaca946a53d0f8966577d320c29b28

SHA1
37232e5e8e734c7d3f3bd94164d2e4d1fc16a14a

SHA256
2d1e5a2e8e08ccf35551ea5684fb8478b0b0179656e915f8a52f0a07b55251d1

SHA512
afea16e5166a6333f012b61b95c0340a7ef060d2bfdeafa2f07f635d36b944b6306f255d99ef459bbdb531b75f3d30690650263dd717fc3a89d395fe3fa69379

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\sqlite3.dll

Filesize
644KB

MD5
846f9958890690b59a2c9f00579c2ab4

SHA1
ca6ee4c9e02ce4e9d72600337143deb85b005d87

SHA256
8a202460591448759b314f6ac408f6f500007166221b5807f4b0a439aaf87a7e

SHA512
eb6959892eb1051d261009aa9a13a921ee0c56a599612b89ebcb6ada3274cefe9959a1b30e8697aac665297ec4ab8b0908556f24ad86cb50bb52dbc81873bc5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\unicodedata.pyd

Filesize
296KB

MD5
78d950dbe932d3e2ccdba0e400819849

SHA1
5d7947dacbdf39f87f8cccfb724bfcd3c84c6a35

SHA256
8166bed9eb396a5a7fa7edfc4b928c5839923edd08da2a33fa46c86968383d6f

SHA512
052f4beda3dd89d36d93734cb95768317af86a1c23eb4074e859e18f4f8d44ede42d77977204d93f81b4106989687aaf7010b9e7a79ee8b65b185d541857e234

Download Submit
C:\Users\Admin\AppData\Local\Temp\autACEA.tmp

Filesize
239KB

MD5
bc8a6f4d28474d90a687ed00a9b5b60f

SHA1
c8a4c0816e2fc3d728f1a715ac6190b66f027e3a

SHA256
b78c160c882d08f98bc209dd2722b4f01290dd46a19e0be70d21473dae1c8ff2

SHA512
b90c9bcbfb08b1d63cd6066869896bbb13cfef15a6f30483e31868aca5b3c29150e71984ba3d07ba91da81d47a9d2dd29917851ec5bb04f8f463df113502078f

Download Submit
C:\Users\Admin\AppData\Local\Temp\skin.888ww.msstyles

Filesize
3.3MB

MD5
ea5d5266b8a7bcc8788c83ebb7c8c7d5

SHA1
3e9ac1ab7d5d54db9b3d141e82916513e572b415

SHA256
91ac4d215b8d90aef9a000900c9088d4c33d58c5f35a720a385a3f2d2299e5d1

SHA512
404b35fca478a1f489ec1af7be1df897190d7deb0cd8139c2c89d68c24fa377d904cf0c5e30c09ab448d74d87a47aaa3a872bf66a9bc9c124f52798320d34e60

Download Submit
C:\Users\Admin\Downloads\888_RAT_1.0.8_O_Cracked by Artist.zip

Filesize
34.3MB

MD5
8a02117554e8ce6fbddd59f9bd9d351a

SHA1
a42fc3865316ef89c9c2efbafc41c2d768adc203

SHA256
8e70436963215d98a28955877734e39221f305b07f7e6e53072632c228592dcf

SHA512
bea87849321d0796227836f6cd8265a52189c3c81ab4219796ee0c40022ebc4e719424158f253b1419696944415ab949b1d955fac45b81a566675f009beeaf2a

Download Submit
C:\Users\Admin\Downloads\888_RAT_1.0.8_O_Cracked by Artist.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\blackholebinder.zip:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit
memory/3112-446-0x00007FF9F1C30000-0x00007FF9F1DAF000-memory.dmp

Filesize
1.5MB

Download
memory/3112-440-0x00007FFA0E4F0000-0x00007FFA0E4FD000-memory.dmp

Filesize
52KB

Download
memory/3112-502-0x00007FF9F0280000-0x00007FF9F0945000-memory.dmp

Filesize
6.8MB

Download
memory/3112-439-0x00007FF9F9120000-0x00007FF9F9139000-memory.dmp

Filesize
100KB

Download
memory/3112-431-0x00007FF9FEC10000-0x00007FF9FEC35000-memory.dmp

Filesize
148KB

Download
memory/3112-404-0x00007FF9F0280000-0x00007FF9F0945000-memory.dmp

Filesize
6.8MB

Download
memory/3112-432-0x00007FFA13960000-0x00007FFA1396F000-memory.dmp

Filesize
60KB

Download
memory/3112-516-0x00007FF9F1DB0000-0x00007FF9F1DD4000-memory.dmp

Filesize
144KB

Download
memory/3112-447-0x00007FF9F1DB0000-0x00007FF9F1DD4000-memory.dmp

Filesize
144KB

Download
memory/3112-445-0x00007FF9F1DE0000-0x00007FF9F1E0D000-memory.dmp

Filesize
180KB

Download
memory/3112-441-0x00007FFA0D990000-0x00007FFA0D99F000-memory.dmp

Filesize
60KB

Download
memory/3112-442-0x00007FF9F9100000-0x00007FF9F911A000-memory.dmp

Filesize
104KB

Download
memory/3112-517-0x00007FF9F1C30000-0x00007FF9F1DAF000-memory.dmp

Filesize
1.5MB

Download
memory/4048-595-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-591-0x0000000077830000-0x00000000778EF000-memory.dmp

Filesize
764KB

Download
memory/4048-564-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-587-0x0000000077830000-0x00000000778EF000-memory.dmp

Filesize
764KB

Download
memory/4048-599-0x00000000750C0000-0x0000000075142000-memory.dmp

Filesize
520KB

Download
memory/4048-607-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-568-0x0000000076CB0000-0x0000000076D2C000-memory.dmp

Filesize
496KB

Download
memory/4048-558-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download
memory/4048-610-0x0000000074AD0000-0x0000000074CF3000-memory.dmp

Filesize
2.1MB

Download
memory/4048-608-0x0000000076190000-0x0000000076792000-memory.dmp

Filesize
6.0MB

Download
memory/4048-606-0x00000000750C0000-0x0000000075142000-memory.dmp

Filesize
520KB

Download
memory/4048-605-0x0000000074AD0000-0x0000000074CF3000-memory.dmp

Filesize
2.1MB

Download
memory/4048-604-0x0000000075D90000-0x0000000075EDD000-memory.dmp

Filesize
1.3MB

Download
memory/4048-603-0x0000000076190000-0x0000000076792000-memory.dmp

Filesize
6.0MB

Download
memory/4048-602-0x0000000077830000-0x00000000778EF000-memory.dmp

Filesize
764KB

Download
memory/4048-601-0x0000000076B10000-0x0000000076BEF000-memory.dmp

Filesize
892KB

Download
memory/4048-600-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-598-0x0000000074AD0000-0x0000000074CF3000-memory.dmp

Filesize
2.1MB

Download
memory/4048-597-0x0000000076190000-0x0000000076792000-memory.dmp

Filesize
6.0MB

Download
memory/4048-596-0x0000000077830000-0x00000000778EF000-memory.dmp

Filesize
764KB

Download
memory/4048-562-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-563-0x0000000076CB0000-0x0000000076D2C000-memory.dmp

Filesize
496KB

Download
memory/4048-565-0x0000000076CB0000-0x0000000076D2C000-memory.dmp

Filesize
496KB

Download
memory/4048-566-0x0000000076CB0000-0x0000000076D2C000-memory.dmp

Filesize
496KB

Download
memory/4048-567-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-569-0x00000000767C0000-0x00000000767E5000-memory.dmp

Filesize
148KB

Download
memory/4048-594-0x00000000750C0000-0x0000000075142000-memory.dmp

Filesize
520KB

Download
memory/4048-593-0x0000000074AD0000-0x0000000074CF3000-memory.dmp

Filesize
2.1MB

Download
memory/4048-592-0x0000000076190000-0x0000000076792000-memory.dmp

Filesize
6.0MB

Download
memory/4048-575-0x0000000077830000-0x00000000778EF000-memory.dmp

Filesize
764KB

Download
memory/4048-590-0x00000000750C0000-0x0000000075142000-memory.dmp

Filesize
520KB

Download
memory/4048-589-0x0000000074AD0000-0x0000000074CF3000-memory.dmp

Filesize
2.1MB

Download
memory/4048-588-0x0000000076190000-0x0000000076792000-memory.dmp

Filesize
6.0MB

Download
memory/4048-585-0x00000000750C0000-0x0000000075142000-memory.dmp

Filesize
520KB

Download
memory/4048-582-0x0000000076190000-0x0000000076792000-memory.dmp

Filesize
6.0MB

Download
memory/4048-581-0x0000000077830000-0x00000000778EF000-memory.dmp

Filesize
764KB

Download
memory/4048-580-0x0000000076B10000-0x0000000076BEF000-memory.dmp

Filesize
892KB

Download
memory/4048-579-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-578-0x0000000074AD0000-0x0000000074CF3000-memory.dmp

Filesize
2.1MB

Download
memory/4048-577-0x0000000075D90000-0x0000000075EDD000-memory.dmp

Filesize
1.3MB

Download
memory/4048-576-0x0000000076190000-0x0000000076792000-memory.dmp

Filesize
6.0MB

Download
memory/4048-583-0x0000000075D90000-0x0000000075EDD000-memory.dmp

Filesize
1.3MB

Download
memory/4048-584-0x0000000074AD0000-0x0000000074CF3000-memory.dmp

Filesize
2.1MB

Download
memory/4048-574-0x00000000767C0000-0x00000000767E5000-memory.dmp

Filesize
148KB

Download
memory/4048-573-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-572-0x00000000767C0000-0x00000000767E5000-memory.dmp

Filesize
148KB

Download
memory/4048-570-0x0000000000EF0000-0x00000000018A7000-memory.dmp

Filesize
9.7MB

Download
memory/4048-571-0x0000000076CB0000-0x0000000076D2C000-memory.dmp

Filesize
496KB

Download
memory/4340-489-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4340-487-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4340-493-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4340-492-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4340-491-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4340-490-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4340-488-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4340-486-0x0000000000BA0000-0x0000000000FFB000-memory.dmp

Filesize
4.4MB

Download
memory/4980-360-0x00000000005C0000-0x0000000001C76000-memory.dmp

Filesize
22.7MB

Download