Analysis
-
max time kernel
300s -
max time network
274s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11-11-2024 18:26
General
-
Target
https://cdn.discordapp.com/attachments/1305597877460008980/1305598799627948093/Psychos_Tools.exe?ex=67339d22&is=67324ba2&hm=1c1335f7534875cc8cd8ff1f421fcdf2677d43529ddb279e31517e575a125216&
Malware Config
Extracted
xworm
person-bedford.gl.at.ply.gg:27900
147.185.221.23:27900
-
Install_directory
%Userprofile%
-
install_file
USB.exe
-
telegram
https://api.telegram.org/bot7517837255:AAFFYwsM3RAJTfnCWwagMLHeBQRG-F4UScg/sendMessage?chat_id=7538845070
Signatures
-
Detect Xworm Payload 8 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 64 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1305597877460008980/1305598799627948093/Psychos_Tools.exe?ex=67339d22&is=67324ba2&hm=1c1335f7534875cc8cd8ff1f421fcdf2677d43529ddb279e31517e575a125216&1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff92552cc40,0x7ff92552cc4c,0x7ff92552cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2128,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2428 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2532 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4836,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4884,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4360,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\Psycho's Tools.exe"C:\Users\Admin\Downloads\Psycho's Tools.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Users\Admin\Downloads\Psycho's Tools.exe"C:\Users\Admin\Downloads\Psycho's Tools.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,13507551082011060686,7381543835531690081,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Psycho's Tools.exe"C:\Users\Admin\Downloads\Psycho's Tools.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
- Executes dropped EXE
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Downloads\Psycho's Tools.exe"C:\Users\Admin\Downloads\Psycho's Tools.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
- Executes dropped EXE
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Downloads\Psycho's Tools.exe"C:\Users\Admin\Downloads\Psycho's Tools.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"5⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"5⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
-
-
-
C:\Users\Admin\Downloads\Psycho's Tools.exe"C:\Users\Admin\Downloads\Psycho's Tools.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"5⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
-
-
-
C:\Users\Admin\Desktop\Psycho's Tools.exe"C:\Users\Admin\Desktop\Psycho's Tools.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"5⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"6⤵
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"6⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"7⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"6⤵
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"5⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"6⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"6⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"5⤵
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"6⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"6⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"5⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"5⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
-
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 700 -p 4332 -ip 43321⤵
-
C:\Users\Admin\Desktop\Psycho's Tools.exe"C:\Users\Admin\Desktop\Psycho's Tools.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
-
-
-
C:\Users\Admin\Desktop\Psycho's Tools.exe"C:\Users\Admin\Desktop\Psycho's Tools.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"5⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"5⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
-
-
-
C:\Users\Admin\Desktop\Psycho's Tools.exe"C:\Users\Admin\Desktop\Psycho's Tools.exe"1⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"5⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"6⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"C:\Users\Admin\AppData\Roaming\Psycho's Tools.exe"7⤵
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"7⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"8⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"8⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"7⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"8⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"8⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1876 -s 15809⤵
-
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"6⤵
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"7⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3732 -s 16648⤵
-
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"7⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"6⤵
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"7⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"7⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"5⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"6⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"6⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"5⤵
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"6⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"6⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"5⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"5⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"3⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"4⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"4⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\1+1=1.exe"C:\Users\Admin\AppData\Roaming\1+1=1.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"C:\Users\Admin\AppData\Roaming\INSTALLER W11.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\GET HACKED.exe"C:\Users\Admin\AppData\Roaming\GET HACKED.exe"3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\not rat.exe"C:\Users\Admin\AppData\Roaming\not rat.exe"2⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"C:\Users\Admin\AppData\Roaming\SYSTEM USER.exe"3⤵
-
-
C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"C:\Users\Admin\AppData\Roaming\jgfdjgh.exe"3⤵
-
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 428 -p 1152 -ip 11521⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5ee1d801d6b81cd16f377f9269972a7b4
SHA147c15b0554d919b19250c67b727fb07768742eca
SHA2566e8396a2db064558e02012b60a60c9fb7fa50b7a1fd2ade498c80274ca54a0f8
SHA5125a75b65b628b7ccca6c6f85f78330d6e4083ebb381a06eed364a3c26e3c5103bec22989add81353dc18c591fc7cd3715dba9c7e1ca13c136df78431a1f79a233
-
Filesize
2KB
MD5f13a30f14596072fe6ad790ffa1a1932
SHA11cdc217deba11ade3138b688b03ab12941103cb5
SHA256db98a42cd7c4932b42efa8de6410fe18490f22c64edf28f17836289fcb6dc608
SHA5128835c312a4f83b469111dc523ad8e95f2803f3c8d961ad3b43a81e71f692109e19a492bfaa3fcf0e4f9dee32beabd1ea77b368fa3966ea612b96b3c0d2684c5d
-
Filesize
1KB
MD51ba40a5c12e42edcbfd5745226d3af89
SHA1cb50f79f12485277c658bf443a38d8359b7f465a
SHA2568274cb9880159cb36c0512f4538d10c426e97a41d1db428866e4dca75050fdfc
SHA512c532c0ac852a17924486fc2bf95a18138bde82c9f4c066b1b3ae06ca6cdfaa5d4340ebcc8c4e0021a3dce1ad27148cec457cea3899fc633b2e593d76715781c5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5c8193b83b04f56f2df4c038c897c7059
SHA14e0a2f1aba3a90a2d2c7ea46b830feb8902e4d4a
SHA2560eabb8d4e005c26a47312d6f1ecbc12237ad426324a42c3024bca9a47da07a60
SHA512219b1a78cd0dbb7fdff81c476abb7937cd87305b56c7fe17daed3e7c36ce9caf91130759f90e09d763f5687d7b5b9f51840e1c5edc39cb54377264c9072f7f95
-
Filesize
9KB
MD5ebac71153ef97c52ebd13f41e739f8ec
SHA1d3216608b7476d48753627440fd9547cf016b524
SHA2560f238a40a26487bd17f51f088c6954e6f586924a6ac2be580c4b0d055620bb4c
SHA512ed8e52a3dedb0f56283285d0f95ac140d28e00092bf62836f32fb927ed9f341043a68ab6f1141eeee1b4b73432ea8314eb179a2ca0a4065c1a1dd962b728b44e
-
Filesize
9KB
MD588fb5b6e0c90d0bf8bc08b376612390c
SHA170c29c52ed630bb56c921f80e9a0d5971fe5d966
SHA256738a88b63c458e5c15edcb01748b5ae367f07cb74777ca463d2ca324401ba4c1
SHA5129526afd6be39bbdb0436fee89c22ef8b267b50fae9ba093a5b2fb79c0ef96f23eeb15c581f404b44fadd5d9b2298c468c6c19abd79660ad16fe732f91e79eaf9
-
Filesize
9KB
MD5f5a3fe6e9f9ddee3994f5529b774cba8
SHA1b57dcca112aca502370a034bbe0030905a41509c
SHA25699bc88e8801835eb99ef58c00903b91f0c10cec37adcd53d51474cd35af584be
SHA512dabf0605466f8eb0102d56504fb3678e3a09fa2deda69da498a2b91fed71420d5730c38ce2e58c92baf7771de70980f84d2201cfc47dd9c8362244119f6f4c9e
-
Filesize
9KB
MD5ca3040ec49991f3848a05f1a16b7de98
SHA11e836a477fce2e84207c167f3aab42ff5c1047df
SHA25649e653f784a5d898be31d438601c9a496d9569d468b9c4e3cc112b807e128121
SHA512443557fc0fd8f5ae7ea5959e49681de0eab87f8394cd2e676bab8573bb883b3f87942173ffb2ddf3f1ae16e42aff6143bebcbaf9ffe510a8d6cc2ae16d7414b9
-
Filesize
9KB
MD58e5e228e980cbc5daecb15b88cdd6ef6
SHA1a016344a5827b0e4e4e24b9ad9445d3183708374
SHA256b9baf082c66e1b62e87480969b24b2653663d57d72d329c5962ca422b6df0ad3
SHA5124ce80464185ad283fe1fe0fcbbb5ff8d39d1754696caf32d0b9e6604d98b867194a3a7173490922a023bd9db1f18b67a10bb122b63d7950df8e9680cae162302
-
Filesize
9KB
MD5f636e0519557a71a510af66cab3246b8
SHA1d884512fa726e847ea4c058cba25b38e68785594
SHA2564d922cdbe8d63e8a5574d8a017985a5a86fba11ccda49548bfaf0aee46224c72
SHA512db08355bf380093ede569160b431afb1d2fbad86c5646ac1ab5993e59cd03efd5082e07ef41c1d5260ac86fe6345d5ad531b68c0a1e406669ed65cb23f9fa216
-
Filesize
9KB
MD5ade614007c552cd9907cf24b107e4e00
SHA113833e03a0c607638e965a44e2a3958e8472a669
SHA2569a2ffe0c7f24a907b37d2a063f395190d4c11ccdee860e2089c28ea051656198
SHA5123bcdb5497e0ee266c0d4a1f49f7fe42b5f26f047fed22f0137252b7e44d070148badf363470e4f4b8be324b6174ac39a5b0a2b106f7b9a5f9a205862283921e2
-
Filesize
9KB
MD5185deb7030e737400ed45fa67a847996
SHA1e7bd58bd934a4cde3e78ae8d467fe79b26ba5aa2
SHA256c4c1b1b27111e49a9279d53254ca7ce36fa27a242972ce76f4de7d43bbe94c22
SHA512ee7c611571a50bea48d556460c26f6cdb23770f0d3ec8ad67d8f342837e50956dc97ae522cc802e55be1915cb2be9444c2c94000a1286a2ed939c3c6ff0edf63
-
Filesize
9KB
MD5a090676ab5902627f0364e9e220ade30
SHA1cde2fdde095623e8bff580b7a3072f8519d6e265
SHA25640bb5b1e69f6deba7b77df1b1872722ae8d421aa003684844ca59e732a9c7885
SHA512d50e5e1f7a94e824be7f33b8cddf67ff31c7327aea1eb3659776e867023395e513f610a3e762aeb61da46ea89b319b4de94742a5cc2d152d68b54e5f0252cd2c
-
Filesize
9KB
MD5e1fcbb34f8bc1bc74faa1be1b20b4cf4
SHA1dc65c2e2b9c87e78fdbfef85c53affe42a0bbf3e
SHA256b054e0f6812bb0067730aac65402dd7f1eb03e2222e676d5f1b3d5b698c90cd7
SHA5126322f03ad084bcb46c6bc878d88d412fffba495343dc7373d3a6790d579b4ede5f6689f80984d15720817e315929385a8fac851e42693c68ec64270efe66d27b
-
Filesize
9KB
MD51ef7bc26df10a4ab1cbe6626fb3c3483
SHA178a5b99bad3dc9052bcbc2c86523a7ed33208a1f
SHA25658db2ed73a61b56bf545dd3d6532aca2acf2aba76286c6e8dd290ad201df032a
SHA512759fab8ae01e48ed193f4bb8a82bb78aec392e85b7f7becad484045b95ea45e7010e32daf0f250310430ef555fe007055201095c24e116f9fe5f750a3c38eba9
-
Filesize
9KB
MD58fcac8d45cf5b6d36f6145457861a2d9
SHA1f149a517759d1db26feff3a2e992d2e5b00c70da
SHA2567fffd1ac242fdbdb2adeee60923e36e82d007cf2db6f2db4bf306e1af309f0c5
SHA512c8ef38d083b5ac9e364df88211862ff15fa22c8b4507b89e70a5910f26a2b240b29015c161719b8faa572e1f7aa9c3c5745f814ad8739591eaadc33d71fbd838
-
Filesize
9KB
MD52db1678f38c33495afcefd353a18a25e
SHA15db948d553202d0c5a8c8ab91601da95b3ac6b83
SHA2564ba5ff7e4d18b37067a87812ff672458a1318c9eb8122738014db7d9294f4867
SHA512bb6113beb7ebca9dccfb349598f6e7a6e187721f9533d72c1f6ddf4a35b34e8a1e35a30cd817f6d3f259febc1c87ba25da63f79108acd0a8f609a9adc457edbc
-
Filesize
9KB
MD5660f058c73edbc0eafe64ad4ffbf2539
SHA1911f0bd5a7aabe54ae8688fd772bc097eb717051
SHA2562e9f23e4822d177da81a6884e517f65ac8a6ac7ad40ef5bf672c7f250e0c15e5
SHA512fd07634f1d8e89c51a4677bd502502b1fed5bdc744c64032518495d998cfcf70df043be293035b66134e804025b98052f5b4dd6a1f40c7d366730a645e725f62
-
Filesize
9KB
MD5decd8dc8ad8a01beb3f22e089f0434fc
SHA1188f54beae6489f37cebe48a6e2e053b2f30fe34
SHA2566be992dac8579c234e4ff70739fb391c81aa1cb805abe6d2b916e28b57b169aa
SHA512e0b4299e604af3c790971a14287e17834b11093982048416a8a2749a816b9eb2e7a456f4d1c6b19d9a7ef859af3ff0369fdc199eabeedc737a08ca69d12d5113
-
Filesize
9KB
MD5dd5519d45ed631ba9f157c0fbb86c305
SHA1effc7cb4bfbbaf6c03f8a1e634bc1a5145f9c4a2
SHA256dc161ba1f1c9ebf326076b72a985a2b0880af474e12b4c126a4731410b509e8a
SHA5127c05b912a74b49971e5284b11494be9d25869afb27b66f3845b90e4f0cbefeef408de5cd4f98cdc2b4da6a9d5f27415f3d57e61c380a951f69250fb8abba4719
-
Filesize
9KB
MD51a85bf250a0a8e0196a75032cfda61c3
SHA16db81437319278ba64b2f6f4959012eca5fcdd8d
SHA25698149d92f86ee71007ba2d9eb3892b4007b88f9680a68f3ee418c86f40e23ba5
SHA512ac2492e1c672511a0b6fb961bbaa59e2771afd261c25b115e1814ccbb19d67d51f240c5199ec3beb588389dc35d19f4e31fa34f91be6a01f6e163a678bbd9ab2
-
Filesize
116KB
MD5320eade1e31e72cc5d45bfd52a2ef843
SHA161d386dbc5591910ce21b61464da5942b7c385a3
SHA2563093d6f4e68d484f2f14aa441dcdf02db8554beac7d37ca539c2b1e374f6bf24
SHA5124250b6ff4cda352bd7e935d0c831c1fbf4bb0274314e595acbcba25e949228c8f94a11c38fc6b5246242fcbc3165f9c6395ca99b4de51a42c1510d3c05327070
-
Filesize
116KB
MD543ee310395beb87d1c554c8bff294e27
SHA14f82fd106f6252aeb483f67ac372140a9837b612
SHA256281bf63005436efc5242da1478245df32fc3ffee55f2367e0b56f78e847bfdd6
SHA512f29622b9859375ef729377570558a0e7d949a3b0e9106f628420f8915e70779eb839bd9e8b6fac506cea5c1d49d2250f733186b7dce6253bafc8cf1c5d4d69d3
-
Filesize
654B
MD52ff39f6c7249774be85fd60a8f9a245e
SHA1684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA5121d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1
-
Filesize
226KB
MD5728823a5fef46b973a9b603a4f5c54fa
SHA136c3746ba925d68b510d9c3d3f0d2777331b9822
SHA25628fcb557b9bc8acd41e8bc391df9db10aa49266a0b8d3d95f6f7ef83458b9d93
SHA5121fd751d6a67c5b940fe980f27afaa619741c67f0c7dcac42268d120797db737fd3ffa0d700fb00ca531fe82e1a081c15d7e9bb7ecd4dc80807ccd81e5478910c
-
Filesize
99KB
MD5c5e4ef5534d2ac5ebb5b518d619a8ce2
SHA178a8929ea4801f1e09432e252a763ac30793069b
SHA256fe21412907b5963c69fc48c5ca57dd3f90d9f6d48ef6a55330d5f9b8ce75a31b
SHA512cd670ae06a9e3a69bfb046d0dccad3971db57b072d63ab4960818f9fcd70bdb38fedcbcd9e7b142ccbc2c5a4264e89ea7e332939df458d7c3b52b5fe081a60af
-
Filesize
111KB
MD5c24508f331fc303fabace01ca6bb2cad
SHA143561ce682203dfdedd176d2e603696b5acb0289
SHA256d46e6bd7d592e819de6231a4689ca0e88574146361f53cd40772103b5230d8c9
SHA51228cfb5cb9e0e4fe38cba34fe2348d1b45839aaafc24bc1f3b2a0fe5a6a2b3317d57e6c363374de7c724d5fdd7398b16bfe5f04ec05d16326097f98fe20cb123e
-
Filesize
780KB
MD5977a27ba3776c2cffd83f33f123eda21
SHA19b9c3235d80373a0d7c528a799a60c72df0374b8
SHA256b13091b0b4c6f7fb5f3036e81a2dc1772eb5ac1e107451f203eb83526face10c
SHA512664c717b9afcb4a47f0dc9bd5f22f35c03a92613b3fef295bce266fa22bff00a6a2520539585f46acd5913e792c5f4976d1a04cae9da7d162e9bfc838fc44b16
-
Filesize
91KB
MD543b5197d0358c453fb29281746b9eb8a
SHA16c07f7cca3d4981ac6e7b1843ad3141d11a742fd
SHA25609b1fe7e8cc130da3540b81a336e674f1f7a898bc460b0d5af7101a0f8da2081
SHA512f6becb69bd79c8af7c42970b211f6a27435904a842ab153b9145bb9f4b6356891461895f5e4e41e546d2ec843adbf183dff700f54dcd7bfab93d8ae04d9c5d50
-
Filesize
117KB
MD5f490dceabd7c3f47314f9c762cd92878
SHA1900f4a6bdc629518ea84d9e85823c76f19b9c4aa
SHA2565e5faf3b37bfa07ef46240c3ef476f5a52b1b2600ebfad7a1a43dedebe9c44a1
SHA51276ec04a47569be74e545c8c2f4377bcb7f8807164ba501a0e040e5df61d1a66c370d04856dfb85bfa636555e86be4366b27d4e8644fae7535627cff555c8e4e2
-
Filesize
291KB
MD5d3d9f092fc3ab9266c75f40cc2cb134b
SHA1e54264099d16e2c8aff52da76a8e10fafa969736
SHA256d0d296fb6dc90c0f7693acc05351a5c2cbaa7c04f8e8e9724c771de5038706a0
SHA5129383f2e2861bd4b50a1f2ee71f2987165ebc9f3fa8d0648cc3c212b8001f9126b8ea5e2d080472301916ac35fcf0169912c759d465020a7a7c3e09b4a3ce924b
-
Filesize
1.4MB
MD5503b75f393f47a6582463b2ea140bb47
SHA1e9e2d00b670a5adf0171d9ec79a1d41f4f0f9726
SHA25608581195570f3ea0b84ea996271a1cc7d936c0389a8f4f3bbc2dc7161701761a
SHA512dd713b68840ca8b20b74dd595272555e622a4c9bfc5979341740ee014ab818aa961aa58a3853afb82d49d92d80c29d2e41087f228da2ae5d0d3039564da7c2eb
-
Filesize
1.5MB
-
Filesize
8KB
-
Filesize
248KB
-
Filesize
136KB
-
Filesize
808KB
-
Filesize
120KB
-
Filesize
112KB
-
Filesize
312KB
-
Filesize
136KB