ffdroider | hxxps://github[.]com/rlz-ve/x/releases/download/v1[.]1[.]0F2/Xeno-v1[.]1[.]0-x64[.]zip

Analysis

max time kernel
146s
max time network
218s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/rlz-ve/x/releases/download/v1.1.0F2/Xeno-v1.1.0-x64.zip

Score

10^/10

ffdroider discovery evasion execution persistence privilege_escalation spyware stealer trojan upx

Malware Config

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider
Ffdroider family
ffdroider

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2308	powershell.exe

Downloads MZ/PE file

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\GSDriver64.sys	RUNDLL32.EXE
File opened for modification	C:\Windows\System32\drivers\GSDriver64.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\SETAC1A.tmp	RUNDLL32.EXE
File created	C:\Windows\system32\DRIVERS\SETAC1A.tmp	RUNDLL32.EXE
File opened for modification	C:\Windows\system32\DRIVERS\gsInetSecurity.sys	RUNDLL32.EXE

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	gsam-en-install.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	gsam.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
5892	gsam-en-install.exe
5872	Op4O5u9D.4eg
5512	gsam.exe
3640	gsam.exe

Loads dropped DLL 15 IoCs

pid	Process
5872	Op4O5u9D.4eg
5872	Op4O5u9D.4eg
5872	Op4O5u9D.4eg
5512	gsam.exe
5512	gsam.exe
1476	regsvr32.exe
5464	regsvr32.exe
3424	Process not Found
3424	Process not Found
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	RUNDLL32.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	RUNDLL32.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	RUNDLL32.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	gsam.exe

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\x:	gsam.exe
File opened (read-only)	\??\z:	gsam.exe
File opened (read-only)	\??\r:	gsam.exe
File opened (read-only)	\??\k:	gsam.exe
File opened (read-only)	\??\s:	gsam.exe
File opened (read-only)	\??\t:	gsam.exe
File opened (read-only)	\??\e:	gsam.exe
File opened (read-only)	\??\n:	gsam.exe
File opened (read-only)	\??\k:	gsam.exe
File opened (read-only)	\??\l:	gsam.exe
File opened (read-only)	\??\l:	gsam.exe
File opened (read-only)	\??\s:	gsam.exe
File opened (read-only)	\??\t:	gsam.exe
File opened (read-only)	\??\g:	gsam.exe
File opened (read-only)	\??\i:	gsam.exe
File opened (read-only)	\??\o:	gsam.exe
File opened (read-only)	\??\p:	gsam.exe
File opened (read-only)	\??\w:	gsam.exe
File opened (read-only)	\??\y:	gsam.exe
File opened (read-only)	\??\z:	gsam.exe
File opened (read-only)	\??\j:	gsam.exe
File opened (read-only)	\??\a:	gsam.exe
File opened (read-only)	\??\j:	gsam.exe
File opened (read-only)	\??\o:	gsam.exe
File opened (read-only)	\??\u:	gsam.exe
File opened (read-only)	\??\n:	gsam.exe
File opened (read-only)	\??\q:	gsam.exe
File opened (read-only)	\??\i:	gsam.exe
File opened (read-only)	\??\m:	gsam.exe
File opened (read-only)	\??\b:	gsam.exe
File opened (read-only)	\??\e:	gsam.exe
File opened (read-only)	\??\b:	gsam.exe
File opened (read-only)	\??\h:	gsam.exe
File opened (read-only)	\??\p:	gsam.exe
File opened (read-only)	\??\r:	gsam.exe
File opened (read-only)	\??\v:	gsam.exe
File opened (read-only)	\??\w:	gsam.exe
File opened (read-only)	\??\h:	gsam.exe
File opened (read-only)	\??\a:	gsam.exe
File opened (read-only)	\??\g:	gsam.exe
File opened (read-only)	\??\q:	gsam.exe
File opened (read-only)	\??\F:	gsam.exe
File opened (read-only)	\??\u:	gsam.exe
File opened (read-only)	\??\v:	gsam.exe
File opened (read-only)	\??\y:	gsam.exe
File opened (read-only)	\??\m:	gsam.exe
File opened (read-only)	\??\x:	gsam.exe

Drops file in System32 directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\SETA738.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\GSDriver64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	gsam.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\GSDriver.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\SETA739.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\GSDriver.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\SETA749.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\SETA738.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\SETA739.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ef24d811-d70b-c945-ab6c-b170845cc835}\SETA749.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023d3b-270.dat	upx
behavioral1/memory/5892-314-0x0000000000400000-0x0000000000655000-memory.dmp	upx
behavioral1/memory/5892-466-0x0000000000400000-0x0000000000655000-memory.dmp	upx
behavioral1/memory/5892-467-0x0000000000400000-0x0000000000655000-memory.dmp	upx
behavioral1/memory/5892-472-0x0000000000400000-0x0000000000655000-memory.dmp	upx
behavioral1/memory/5892-737-0x0000000000400000-0x0000000000655000-memory.dmp	upx
behavioral1/memory/5892-739-0x0000000000400000-0x0000000000655000-memory.dmp	upx
behavioral1/memory/5892-743-0x0000000000400000-0x0000000000655000-memory.dmp	upx
behavioral1/memory/5892-746-0x0000000000400000-0x0000000000655000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\GridinSoft Anti-Malware\offreg.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\latvian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\nepali.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\serbian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\polish.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\vietnamese.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\mozcrt19.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\nssutil3.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\dutch.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\french.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\lithuanian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\english.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\filipino.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\greek.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\hebrew.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\korean.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\nssckbi.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\sqlite3.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\brazilian portuguese.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\chinese (traditional).lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\georgian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\uninst.exe	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\tkcon.exe	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\gtkmgmtc.exe	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\russian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\urdu.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\gsam.exe	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\afrikaans.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\amharic.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\azerbaijani.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\danish.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\turkish.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\shellext.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\sciter.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\kazakh.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\malaysian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\slovak.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\nspr4.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\bengali.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\slovenian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\swedish.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\libplds4.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\arabic.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\chinese (Simplified).lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\gtkmgmt.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\7z.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\libmem.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\plds4.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\freebl3.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver86.sys	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\ssleay32.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\nssdbm3.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\indonesian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\spanish.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\certutil.exe	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\NSS\plc4.dll	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\albanian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\hungarian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\portuguese.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\italian.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\swahili.lng	Op4O5u9D.4eg
File created	C:\Program Files\GridinSoft Anti-Malware\Languages\thai.lng	Op4O5u9D.4eg

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	RUNDLL32.EXE
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gsam-en-install.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Op4O5u9D.4eg
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	gsam.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	gsam-en-install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	gsam-en-install.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	gsam.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\Gridinsoft Anti-Malware	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\shellext.Gridinsoft Anti-Malware\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\shellext.Gridinsoft Anti-Malware\Clsid\ = "{F77F27A6-89F3-471A-AFA8-3B280940A10C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\ProgID\ = "shellext.Gridinsoft Anti-Malware"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Gridinsoft Anti-Malware\ = "{F77F27A6-89F3-471A-AFA8-3B280940A10C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\ShellEx\ContextMenuHandlers\Gridinsoft Anti-Malware	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Gridinsoft Anti-Malware	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\shellext.Gridinsoft Anti-Malware\ = "Gridinsoft Anti-Malware"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\ = "Gridinsoft Anti-Malware"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\InprocServer32\ = "C:\\PROGRA~1\\GRIDIN~1\\shellext.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\shellext.Gridinsoft Anti-Malware	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\ShellEx\ContextMenuHandlers\Gridinsoft Anti-Malware	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Gridinsoft Anti-Malware\ = "{F77F27A6-89F3-471A-AFA8-3B280940A10C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Gridinsoft Anti-Malware\ = "{F77F27A6-89F3-471A-AFA8-3B280940A10C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Gridinsoft Anti-Malware\ = "{F77F27A6-89F3-471A-AFA8-3B280940A10C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\InprocServer32	regsvr32.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	gsam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	gsam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	gsam.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 836383.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4676	msedge.exe
4676	msedge.exe
1656	identity_helper.exe
1656	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
5692	msedge.exe
5692	msedge.exe
2308	powershell.exe
2308	powershell.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe
3640	gsam.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2308	powershell.exe
Token: SeDebugPrivilege	5512	gsam.exe
Token: SeAuditPrivilege	5736	svchost.exe
Token: SeSecurityPrivilege	5736	svchost.exe
Token: SeRestorePrivilege	4064	DrvInst.exe
Token: SeBackupPrivilege	4064	DrvInst.exe
Token: SeDebugPrivilege	3640	gsam.exe
Token: SeDebugPrivilege	3640	gsam.exe
Token: SeBackupPrivilege	3640	gsam.exe
Token: SeRestorePrivilege	3640	gsam.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
5892	gsam-en-install.exe
4676	msedge.exe
5512	gsam.exe
3640	gsam.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5892	gsam-en-install.exe
5872	Op4O5u9D.4eg
5512	gsam.exe
5512	gsam.exe
3640	gsam.exe
3640	gsam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 2008	4676	msedge.exe	83
PID 4676 wrote to memory of 2008	4676	msedge.exe	83
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 3384	4676	msedge.exe	84
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 4844	4676	msedge.exe	85
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86
PID 4676 wrote to memory of 2940	4676	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/rlz-ve/x/releases/download/v1.1.0F2/Xeno-v1.1.0-x64.zip
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa57e046f8,0x7ffa57e04708,0x7ffa57e04718
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4677936411166277628,7891840819536350775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Users\Admin\Downloads\gsam-en-install.exe
  "C:\Users\Admin\Downloads\gsam-en-install.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5892
- - C:\Users\Admin\AppData\Local\Temp\Op4O5u9D.4eg
    C:\Users\Admin\AppData\Local\Temp\Op4O5u9D.4eg /S /I /D=C:\Program Files\GridinSoft Anti-Malware\
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5872
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5960
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -executionpolicy bypass -noprofile -command "Add-MpPreference -ControlledFolderAccessAllowedApplications ""C:\Program Files\GridinSoft Anti-Malware\gsam.exe"""
      4⤵
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2308
  - - C:\Program Files\GridinSoft Anti-Malware\gsam.exe
      "C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -add-shortcut
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:5512
  - - C:\Windows\system32\RUNDLL32.EXE
      C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 128 C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf
      4⤵
      Drops file in Drivers directory
      Adds Run key to start application
      PID:5540
    - - C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        5⤵
        Checks processor information in registry
        
        PID:2320
      - C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        6⤵
        
        PID:5456
  - - C:\Windows\system32\RUNDLL32.EXE
      C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf
      4⤵
      Adds Run key to start application
      Drops file in Windows directory
      PID:5676
    - - C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        5⤵
        Checks processor information in registry
        
        PID:2504
      - C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        6⤵
        
        PID:396
  - - C:\Windows\system32\RUNDLL32.EXE
      C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf
      4⤵
      Drops file in Drivers directory
      Adds Run key to start application
      PID:2940
    - - C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        5⤵
        Checks processor information in registry
        
        PID:1656
      - C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        6⤵
        
        PID:532
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1476
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:5464
- - C:\Program Files\GridinSoft Anti-Malware\gsam.exe
    "C:\Program Files\GridinSoft Anti-Malware\gsam.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Enumerates connected drives
    - Drops file in System32 directory
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5736
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{723fa2b5-a78d-2440-b18d-c9e7c37be858}\GSDriver.inf" "9" "47dc9dfe7" "000000000000014C" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\GridinSoft Anti-Malware\Driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5744
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\gsdriver.inf" "0" "47dc9dfe7" "0000000000000160" "WinSta0\Default"
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:4064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~1\GRIDIN~1\Driver\GSDriver.cat

Filesize
12KB

MD5
ba975b5e4691509738a152f12a9f8809

SHA1
7579f77aaf9472399fd183c0044e6f26dece8c10

SHA256
a91c7259f7c152910246f17c3510243d8437553fdd6ac7692fd1bb49553c9da5

SHA512
f7d5c21c108873f56aa467b0bb88329b9460ff0d82096d2ae4d5ae0dcece7454c8bb5fca63d5f07990776b4a4c8181c87e8ca47dca1f567961a316696b1681e7

Download Submit
C:\PROGRA~1\GRIDIN~1\Driver\GSDriver64.sys

Filesize
54KB

MD5
5b9839e88655fc22923952eefd14387b

SHA1
3a47805ddaa9bb6060a6be90ba3d8974e235dc6b

SHA256
06ef34bb12349cff3f2989f8f7e406d6723e6dfc5ce51a3d9c30f93d8a994453

SHA512
ec77d2771481f441a541d38aec143a1a67af771c6481e737661f42eb0dc5d004ed84ae1b3bfcb8f19688147797a28d5b726ec8794c6b5d30f5b712734ed01007

Download Submit
C:\PROGRA~1\GRIDIN~1\Driver\gsInetSecurity.sys

Filesize
105KB

MD5
83dc3cea75f4e280beef4d79eaf7d21a

SHA1
2d812761674f2c8a99dcbfc447a0d8a863a91610

SHA256
12770f421d04122957d81739be60485f15dbd52a5b26106bd7891f090675f223

SHA512
5648c208f12a4530ce5eccb5477e406b51358ddcafd23a354d5d56710d61c1a711830e866879604720e95049fbb005e9d34c0861fbeda4403cdf2846d1e609a5

Download Submit
C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf

Filesize
2KB

MD5
8735aa35328a538c3184bd14ee15426a

SHA1
3409029a5d4fda513eca0bd9950e9c11ed371024

SHA256
4d726efb201ea421b9a08b3a9bdad17fc2016084fb8ac4b2120cf81f62386848

SHA512
27b7cf0bf1692e4829eeadc8333c7e4c3c7d6e5b280bcfc44fa952550de4aec4c5f7ca4caf9732373275b39692afa206956f0cdc64728db7913b423c06b8be78

Download Submit
C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf

Filesize
1KB

MD5
88d3fdf585816a72d90ad1e2b78ef3a3

SHA1
18fe9c3d1e7916cc23f2638ee7327d44202a8464

SHA256
89173c7324696d2d38c3e425b3d5b36355be14ac4604dbad7fb4d6479db599f9

SHA512
9c4070bb42f5211b6aff85ecdaa2bd0f24002e0ddaa7958e76f9888e8cab61656b033ac7b32c442e6484cd58d45ca9b4185656749368d937e973b041082cf959

Download Submit
C:\Program Files\GridinSoft Anti-Malware\gsam.exe

Filesize
25.8MB

MD5
6293a29bc0c2be424ca1e3df4c896e0d

SHA1
70dbca61cd69a9cd78e3d191e5da32e32bf7c469

SHA256
996a890b9735fd0ce89cad08d29026f5016bdffe24977a7329452a1456ffc1e7

SHA512
2b8fe5c6f4bd19d966e6886b083c04a1faa8e12a788a0a5012f1385f9c5c7e58c074160a67e382ea0dde4fdb24d6881ee8dcb5da06930c47fa5741c7777fab22

Download Submit
C:\Program Files\GridinSoft Anti-Malware\libmem.dll

Filesize
255KB

MD5
a91ad44260cb64a971e60ea210d0f9d6

SHA1
3683ff3248c65a19171e4503a13a278adfbc6288

SHA256
8193ef3964ca00c84811aa5baf0cec652e8c89eaaeeadfc5763b2b7922f8ef7f

SHA512
dae0c6e013d3bee715fa060c82afa9e4ececfb69e25ce6842ffc7e044a38605250d3f99aa824ea4c5f41bedd587e99829bd7f664f21f0efc9ab577c078be2460

Download Submit
C:\Program Files\GridinSoft Anti-Malware\offreg.dll

Filesize
74KB

MD5
1eab65173f446a3e116556ce53c7717d

SHA1
3781bf5a8407d7adae6bda741322c13e4e124588

SHA256
54ce76e23156bdb9873014f9da22c023339ee3f1e5a3b7d70c1a9e1016865a50

SHA512
c98f92ac82ab90dd4121860a967a986d07ef848f8d9aa3a5c107857aa78bdb2c82fd62b4731e18dffd6b1267d0e9ddaa940273611158f28fb9aeca74d8b1c415

Download Submit
C:\Program Files\GridinSoft Anti-Malware\shellext.dll

Filesize
1.9MB

MD5
c86ef0299d82d23046cb91e6ff2e2095

SHA1
db228f4d08d06f0b73cf625ba0ed41477839f58d

SHA256
0a671d587d37f2de71ad1b1bc0ce89173f08300a71f346a21747f2ac22cddaf7

SHA512
bfa1528f060b7ba808bb525468cbf78ba9cd8890a4f7742066f3af7ed709de7cb63e8bef9493fb9c4f55c83bffc3c10a8d162bd5a80cba6f567705725fee5bb7

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adult.1.dbi

Filesize
4KB

MD5
bc5fec220311da3c449bdc83c2d0a5fe

SHA1
33bea451412ad4f89b32cb609df86b9be879e1e6

SHA256
49b37fb00d4d69558179914a9bf476fdd2e111cdd9ae9b3100ad832de7722798

SHA512
f7bfb26d5ac5b00868fa180657d62afab1ae773db137a9ed2c444eec22d7641690e3ea814ec798c4ca6193d025cd49284ba928fd5d9d9a552c443f1836f39292

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adult.2.dbi

Filesize
320B

MD5
be617f189bddfd82fb6d3605964ea7f8

SHA1
700c091d08b24030a568bceebb6abfad6dfd93c8

SHA256
a90747531a89ed9ea5a62a97a16c7ff3503b2fa62607790a7cfaf7902efa96e5

SHA512
3cca80a0b938a11ff329eaa7378c545f0c142989018e34cd1146a16e07f246d590d915a43844fbe299a2427cbf19e9c44b1a88226e2c216a475fecf84bd677c2

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.1.dbi

Filesize
172KB

MD5
3026d11e65b30249e2f46203d2446b44

SHA1
dbd0b3b1f8be6676a567e58d334befde70aba1fe

SHA256
55cdcb6b773f8ed268900306eb1aec1ded2ac7b90a03942dd16d7072e3657fc3

SHA512
e08ae34796a5377de394139612ee9ae737abd8f7eb516785ca916b3fca71de84b5915221dedab404949be73a4581f0ac9e9bbea2e5de1e3dbc1a6697ddc7c4fa

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.2.dbi

Filesize
3KB

MD5
5f78a322e3ce16918bd530dfa9b3dc74

SHA1
7a4717186cf68c8037978c9d4424942d69c8312e

SHA256
80b9565a90d08d7012cd69c62c301e7ea26ba7aa57b418ab98fb8530b7881414

SHA512
f59920ba73864c18473e08d099eb23f965cf18184e936452789f1800f1380dcfea5ec2a126706653733cf15c27507953a2fcfb20cf7f5ed527cee1835fa3e979

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.3.dbi

Filesize
220B

MD5
49ddc645e474b79ee4aacf6486d3672d

SHA1
1c7d7f210f28e5af78eb0276531f7e74d7b752a4

SHA256
bdf109c5eca490816594cfca4519bb99b9c2c1bbce300cea1a46c5fc93e21a09

SHA512
e21445691f8097178325a13bb191f027f4dfd5fed9a472c2d6c500b3d3812639a9eb1b1619e0f3646284ba629f0f12fe4877f3f712d945d0d38628cc51dd7b2c

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.4.dbi

Filesize
40B

MD5
d43980eadac153d600783121744c6ea6

SHA1
58769e88e7e2a8df5e62a97d2ea7a192edb8deee

SHA256
8c83003393126e0388c8a0865d08c991e65ce2158a87b82d65d169612e1d577f

SHA512
2b8cf855d85548c60ae0d6d4d065524338ab8092f5d913837af270e74ad16beb6446182b435de866e094288e8cdacf3ec7b398beff1449e04ef244b5840a9eed

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.AppAds.1.dbi

Filesize
20B

MD5
3c73bede6425032494daea9a76cbde73

SHA1
28037184741b7643363be97c376f7f04998584f0

SHA256
8a13985aafca0527d2ea1a8106d7d3eb42ae98a892df8a451ed7eacc2f30010b

SHA512
d62a419ad8034046927e34ad3f5bd0f58458cf2549afb01e0c91baf11729d49927682fd3e4518ee59fcd9815ac1f62cf991519eeb16582a6b8debf65e7f784e2

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.AppAds.2.dbi

Filesize
160B

MD5
1ea9f5108a5706f79ae822ef2b2e3747

SHA1
b84bb17c0b4305b9ae3e675c2aea44a5f4af4147

SHA256
f1580df676fed1de6eef439dadd83c3246d7b92b4e5d0172818d04ac5bc87dc4

SHA512
3936a38cdc41726d0110c60af528ce149bcfd9468982f22b17f27a9ecb97130339f1b40c4dbdf38a2c6cc50ddd90e6206135a757bca53e4cc657ebbadf32cc00

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.AppAds.3.dbi

Filesize
20B

MD5
4670e0db3758907e17c7269d76d7b3a5

SHA1
668c0a10401e2cdd3b62abdb9773ddac496b6ce5

SHA256
da0ae6942b4d542603d1c12aaf2145583bda2b65a3e2f0d66ac64e06079285aa

SHA512
38b2a97c7317072dddc34cbea4a5a35113eddea7229ee348dda42c53c7ab6fe0738116217aa4a03c000484f14583d651bbe9d1b2a10c84112f24f64866388cd4

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BlockchainCDN.2.dbi

Filesize
360B

MD5
c9c3d0d8c7176ba8e6fb18201c7ec0c5

SHA1
3a427e1545bac11d7a4494a098b29a92614bfff3

SHA256
6f81e992356794dfbb5cfb46de0bc264db82f005360d88b5e4bcdfae96059ce1

SHA512
f3fa805a052dc90183a2d0ad90040c86ec0b8c2c1b9a91a2f83afa1b9675a35bfc9a8f96f42b7fa5542106f33c8d4a54c9f93b1e3b41631b2a8f4de9ba6d138c

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.1.dbi

Filesize
228KB

MD5
f08f180707966b86e964bafb72f76994

SHA1
9086f19a076ea3527c2e241f91218188a23a50a0

SHA256
8d1d5bb0deeb448ea6216e8887d12940d1700246c5bb1dfad43e670f48dacdaf

SHA512
d3eccc729fd4ee118eae754f4bb67a5b26a8c694f958bb112a16eb7f45139cb425193812c3c386f73dc2d1ed33d85a0e9cfdf08b36f95e63af380e772fa25ba6

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.2.dbi

Filesize
7KB

MD5
d844da40a044dd2620a9ab174125fc4f

SHA1
f148380526123a1f31d2abd27a1041b4a98756bc

SHA256
e550b626b247b7ff0cfc1bb7f5dfd44067976b910ef84cdcb8c1c086170804fa

SHA512
2146f35814486a742943bc17f768ad004f21ecbd0093219edf3879512dd0cae94cf79eedc682b1c12d964f8ec5c561e8111f7ce15f84a8a51223187fdebe4bff

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.3.dbi

Filesize
180B

MD5
65aca6a356ae2744307acbf38e0c21f5

SHA1
c1dede9e456802bf0ff9d3ddb92a8c6ebf4542ea

SHA256
974b5b98e32ab15e4e8f2d77fcb22fa523eb544f9e6b0d3b456b9937d9b6e20b

SHA512
9d855745b8c6cba47b2ffd8241dd4639d99072426800f2e956be9483ec5639975a9b3e5bb514f7885da10687e2a17b70bd85c61322d0cb0ed389129c66a2fe41

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.4.dbi

Filesize
140B

MD5
4a35e47216014e639a5d69f1c8cb5903

SHA1
72a0ab0f6e4ee26b00826507b0ed1cc2997a08fa

SHA256
1ee90be584c8e2665f95c2d12b16b5e2b97ece38489d515e208eabe49972a728

SHA512
7b4aec3992e33a72911effe6e01046d926ace9222d41a7a47f814431df5c48bf01822218c2045ab941602217406a53be013ae51fd9140a0ce4ab55d7189c055a

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.1.dbi

Filesize
164KB

MD5
20c821ceba81282f05e3b81e30c22a59

SHA1
a19fb2124aa956e0cdad402ceca4376b18fb58b4

SHA256
643e0356baa9e87f59a9a0f24fe94d96a8b55501cbb696c9fb3f8a1e7e18c1ed

SHA512
6cefbe0413b354a758fb018197751e0d3b735e1904f8f03f2fcb4694119d9ef37ad287c92697ac80bb0871ae1bdb6c217c2ca4a8eb07fba7c6f7e6dc2a44e070

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.2.dbi

Filesize
21KB

MD5
b7ec7aaaf226ab9f2dd68d728ffd3d66

SHA1
719300a9862e291f8184f78070ad70afdc2017d5

SHA256
a5a56fb553420295efc6f89d5fa541b94404ce70234c754c78f4b54c3c5c3178

SHA512
344e53090c61ba123eca225a7a668fc84fe754d9c5cf0e01c1baaeb19c5280a402ef48e6179768dbaeeb7759fa052343e3f12b0636c0e7ec534f2905dbc8870f

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.3.dbi

Filesize
420B

MD5
4f83f353e85731f6c137371d18c48dab

SHA1
35208efb47a702e71956d55f1cb8a3e6208c0127

SHA256
b7d5e016c4a9111fb15d4b4305b93c7f7174b6303c8d785a8c3c65c581c194be

SHA512
78224bcb8e1e08996c6f1ca9d5a49b5a494e8b7805874a6a29b28ff6a8cadd177fc38173b548096fd967b0a9e18668179033b4d998a1f90a0d38b6582ea3951c

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.4.dbi

Filesize
40B

MD5
c4d032b49266de3c8f0b7c87ee352714

SHA1
d6a9de6a5670471f758170aafc280250aac8db34

SHA256
4cd39c908d9bec450aff2095242935b0843a3f32be7e041ede1f7985c0af2618

SHA512
16ffdad1dbd184bfd4661c5e378394833db2639fd81218a6a9e693cddd4fe1e8422fd57dc2ce94553dc589d9277dfa400acb7de3a1a6e3dcc70af9c4a99897f9

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakePrizes.1.dbi

Filesize
3KB

MD5
4e5bf4a2fd6656fe7ef4e5fd3a83a8ea

SHA1
04ab9cd821bfc5a4539042d390fafddb1a9d680f

SHA256
c3a764c2be25e4fd8de0d0b8746d7b8f369492f6f12c87b267abc71ad8c69aae

SHA512
7e77049d3bffeab4d6ed75e0072a1fa6ef208da599694b593f0f37f68d604bcfe9ce406486a2e6f84a2c4f4857139778bd09be013eb3a9afa51ae6d0e6690353

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakePrizes.2.dbi

Filesize
480B

MD5
f6684e89ab5c3fc712de472cdbada0f0

SHA1
d48e04f92d14a0a98894b78d26f2c6b6858936d3

SHA256
ea7854ccbc3f130517ea8e53040a57161229c919cfee781e5372f3a908a83aef

SHA512
2126ac6a8beb162f546bd4691b19c6c11222a721e57d6cf6cd8f66169688e787865fddb4accc9030800d2dc989ab7f8a8700e13d5118a10c79b3efd1a2812d4b

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakePrizes.4.dbi

Filesize
20B

MD5
8389745dbef4fa42275e45ff2574c81f

SHA1
9f92a027887076d712b5b2e048c2f76ee783b9f4

SHA256
dca1127c7022e83967f1396237926bf472768b97c293eeaebcbb088c9caad49e

SHA512
f3d0839f5a892ea2ec20f6d8fa59e836a7fa62c4b17604dfa352ab23c2e176e3b70fdbfac27213309a385e25364ddbb8ef1b4bfda5df5d460a2f06983da38289

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FalseHiringScam.1.dbi

Filesize
1KB

MD5
02328d1583891a499195a7e14297eb51

SHA1
f476e8c7563ad3cc579f997112159c8cc552141e

SHA256
538e6ebf349b64d0ce51899c63942aaa8daaa83c5d8bbb79d482c1aa821c047e

SHA512
ec8bbae11c83a89e7a15bdc14b666531da6c9cfe2e5d4547c96ee578fbc6daecb43e2484f986223c4c3f86bbd319ca8100e6acdeea7cd1de7491be27435ebb8f

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FalseHiringScam.2.dbi

Filesize
60B

MD5
d5aefe837a4f9012e6bdd053310c5634

SHA1
229f9bbbc1cde31d3cc11f23afda9179fbd3e2f9

SHA256
3b75c27dad40e52484d3f4220828fe8e30a2373017436cc0382d70a95efe6111

SHA512
564c6092de6be8a4e8cacd43826de80bbff6fe960d5915a52447b15a1970b17692a7a41b08515b77aeecd362160091cdbaf3341b863853bd59009852a807670d

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Finance.1.dbi

Filesize
296KB

MD5
b6fe23a94fc40ce3af2d7e81442ca46c

SHA1
62079b69d90efd2a171032c835f35a6eae7aeb5c

SHA256
9ea95c93179b3f15b3cb319763f1764e105d9ed90e5b6c763cef5fdd2007042b

SHA512
8d8317cf1631f5d7266de5d8001144caab05fcb8b693eb6b03a6f17fedfe4e160f1860c3c2d7a3bb81ed5c7b62a3dc6a294776f7056a207830bc51d2adc3272e

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Finance.2.dbi

Filesize
15KB

MD5
6bce9b45a197b642e62dd69be4095865

SHA1
76543b3f83fc0caa97ebfd195bf23d03cfe9f459

SHA256
2bf57d45005502d4317f72233d531f4f5ff9527dc6830c39cc9568a027bf33f4

SHA512
d9858d88ea861b3453e1104fd90714f9a9000fa70d8d16c2f328c571f0f43b3ddc8b4ee4e8ebd6ed9a99b6b4e08dac38d6a43e2c6a77ce2d62de957b4d935154

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Finance.3.dbi

Filesize
240B

MD5
23141a260ff656e261c06509fc56ec62

SHA1
00cab84fb77a6163546c4ce6d0a0b6b1098cd4a7

SHA256
8bf95247bd77ade04c9c06cc83cce218602b7507c5624a530af69a93a086440e

SHA512
c084e965b8f4d9c6ea3acf012ddf53994b637479ae5a0889201745cdb9bbacd5c3f84e853a742867f18176275929f7ebef25847ea9590155f663686b837a67f8

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.1.dbi

Filesize
104KB

MD5
8bfaf99c27788821daeea77a66bdf0a8

SHA1
d6e8f04a81b278be49801eaab89458c7a50ffe7c

SHA256
34ca7e0301efddc4ade01a627b9984b4f3783f34594d15e21b92adf985dc08d5

SHA512
51e85ac2a9eab035214049d75bb1e552493bba1877d7ce1256d7dbc4195624c6e5176a32ac5bed03f07cc01269e3de35e4758b6c5abe955dba5d724a978b5d88

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.2.dbi

Filesize
3KB

MD5
a9643f02414a699d5073b3df8ccf07dd

SHA1
90f3c91aed87eb3b0c5e29e91902200d99cbda80

SHA256
e73d9c397b6c6b04b4dc1bec0e66229888c9dee0bd12452ae6022d46e3d2cecd

SHA512
534787e9d6012e46b232ff7dccc52c4adb076318293c8ba9af553f161be892df9256bcb8d1c230f3c919a3c66b32e9d7924917fc757a8cd11e52399265e7e767

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.3.dbi

Filesize
80B

MD5
e48428bf0baaafae9ee48a85029c312d

SHA1
0b4fddd9e9315990a61246e459c5821a7af1a6fd

SHA256
1f60743a03f7e32f24cd2fb9aae2025fdd60c9574caba7192ec714dbeb95a967

SHA512
6ec9fcadb18f4ef199189e64fd3d195f0802f28b51efab7ce01824602da2bc6644cca3aeb5fa05fc84f07512c7565200b3200c35135ed36e0d87f1af6d0d05f0

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.4.dbi

Filesize
20B

MD5
8c39a5de7d7b009bccb5239565cb7988

SHA1
34104b9573fe0067373934b55fbd97aa9f96f5a8

SHA256
25de669aa8870e2a3afd1444bf38738d0e2fa63ee1f6fa4b01867741a40766c2

SHA512
6bb8365de68da00a1355c3b44a32ff43b0adb69de3c144cfc06560b9f6ea717ec1c5207b4c16e2a496c21c2cd945e636162e530143ce1dd3cf3dc8cfb9f6cbd4

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.1.dbi

Filesize
2.0MB

MD5
040ce707719963caee63d21b27cb731e

SHA1
4ea49307ca75e73e1242b5b93ef433f18babffba

SHA256
77bbe9cbe0bff48eb9468f859c3036e9b3c86747d2a2e77c3a48116a3b7b11e6

SHA512
6883e848d847f26deb2b4cbf83104cf8ad04c1c0755f53bf9449a9c2052cb70ea5a19da47dbf5f44defd359f41d45ba5af2ddad772681d8e50ec2535f26f4b6e

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.2.dbi

Filesize
593KB

MD5
60ff1ac18ca12164affa242cf608ff7b

SHA1
5a0515d8468ce24e759b97f359522f2d3a631c36

SHA256
e3511803e16809c5356ab609e66dd19971f3625344e9450e4717fa796de55289

SHA512
b41cb9f87f186bc9df6643f2f46bd2ca588b3c8a92b4260c245ea8b469c6555a87f7ac6a481edc615dd01410418615c17cf91dbc8cd7207b3a7959c29199ec15

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.3.dbi

Filesize
70KB

MD5
6d966b9a06c8e22de37548334aba680d

SHA1
95830d7d05dfa7d60c4cf21c61093edce31a8934

SHA256
a5b1cde4da33a1043d6f2c8524991929ad280fe5d1aee02f8c5a6e20795d5ef9

SHA512
4f61c88f3aedb9aedfbb97b5fb1c439ec6e3a5d12e0c4ebb3b6ea1b9e7da83fb0387fb97a905768e6c74c4109451e4b02cd3bc1534a4b5633cbb40981751ac05

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.4.dbi

Filesize
61KB

MD5
7e079a1e0ee10e3c48a734595c3ac293

SHA1
708203d8ff641bcd6bd339474ec0fe7d3c9747a1

SHA256
675a921e7217d4df02f9d52ec9bbe8c7902cbb9a719e954ebb3fd76c3cd527f4

SHA512
ab5dfe1a1c9f063629bc8bf04df117dafd4968e7d04f9c983f284f485f2002bad010883a174567ad3e253ab4af277ce29aba3bc6e42d6915b2c47b1b01faeb19

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.5.dbi

Filesize
1KB

MD5
ba6f14151667f69df5ae9fab4f86c41e

SHA1
a9939bfbff0cab0de709f31f2346810e31ca0f04

SHA256
021c04ecace02a7d08c211d756c4bcd49c2c8a841165722ccaeef05cc6fa0825

SHA512
a874f8724f9cb002116c83846796afc0154b5767d48046cd8b4350c5ccd5469691e98b3efb74c10e81ec1f83422f12af978c3784e45a3ab49ead867004d001db

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.6.dbi

Filesize
360B

MD5
35112ecd90ac2fcf3e1255ca6bd62e81

SHA1
d656ddf94357b545eeaa6d4eb326eb801c275c99

SHA256
51a98fcc4fa5eb12e6fcfcd917430c3b012a0e4ba874d336df325a97675eaa1e

SHA512
0e82a32a0addb1b3626fe1c014aeb792983eaba98bb7d43f46b588db5d0ab205cc26f9d39b8c8c5bd8c847c4e24394900e52525cd8f44c05e38b40a27e58eeb5

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.7.dbi

Filesize
220B

MD5
5263f49267a7b9e7dd05b9d70d83f5c5

SHA1
556f8bd2dbcfa42ef3780a35c252a05aaa8065d9

SHA256
22f826cd4a38b7038829736059dbecf1aec1e8b470fa1352cbb460f14fce1280

SHA512
990fe24b333c8dc3b978a60df53e8e08fb6ccb894e9753e86c997cf5f8dda4135896d411f6d8152bf22db6c13838b408c4aaaf67ff90acd71a5311052b56c94d

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.8.dbi

Filesize
20B

MD5
4e27eb5b2628e3a755da7c6e65fb381c

SHA1
db4e237a71a8e5900c9d54ab87c3cfe5bf2e80c0

SHA256
780f82fa69b5239fa948efb289dffc072707d9c305ee299e056d8eda39dc2f39

SHA512
29627d195aa3148532973df704f92ba4133111b9704f510a85cf2cf923ca24c8ee64ccc594833f40edd5f8868c9a30f7d0ea91a7544ef94021df38b054e0d6aa

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.9.dbi

Filesize
60B

MD5
0fa35dd87cf6047946d5f87be9e4d298

SHA1
49958fc1e156c038f8ec1fe88f84b0e9e54abf74

SHA256
07423ba5703d3c24a52974e33163ea771939be6b17beb13287402bff933372d2

SHA512
2987d451d85b16e186b8c93086b4107616de51402ab8df472d42ba707770c47225d40f5f81f443fae78259a30c3c85c261e35044a4175bae264a3240a408e3ec

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.MiningPools.1.dbi

Filesize
102KB

MD5
e4ccbba0b6d8a5da087a2f18c4b88eee

SHA1
f3a09987b0d00828702c03dc0647b65601a19f66

SHA256
e7865d23581871b65d73dd6cf129bc371f83b252289f4ea39cbacb4cad01faa4

SHA512
26542c70dc1253e3c03a582ef0576c005bf929e0763ee4df10408ee9c1f7fd08774e19f60fbe39b2d0e9e453fabf52cf575995bb2401819185848a91d54777e7

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.MiningPools.2.dbi

Filesize
4KB

MD5
4ed40acc8b9ddda4a7f04dbd815a9f5d

SHA1
caac925e4129c82113cf5689d253600dc025f6b7

SHA256
fdd285db0835d8fe6e117218e022e8f5d6e6e3d3a77b432af90321def043be2f

SHA512
6e0a050ba2a7afc9d9252cd8834a6a4b67bed7dfac4d9fb0794080db6a777a4248edee805798317ca14cd2ce11b8b1bd3f216109fee26a5064ae0763f1b08559

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.MiningPools.3.dbi

Filesize
80B

MD5
6a0176bfc1e427f39ef69d0d4d8c5dc6

SHA1
c2026227a518f49f868685aa9a9d52a9ec55663a

SHA256
99896276f286af79b54b43b2649046e5e28ed568e0fa4bc909b1572568166cd7

SHA512
f6c50fe88b083b1fb976db197031cf43b0dc2ea0b0fe93289d68019da18bd0b607e73576ebb08dfbcfccc97776a8ea08bc16f7d418da33f5a8a07898475513b0

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.OnlineDating.1.dbi

Filesize
5KB

MD5
3a374975c289f84462fcb9c1d967857a

SHA1
e1d7d70adad9807d05acac1826544d095a8de679

SHA256
0b6b48b4aff83d0c66a3eb9f92c8c6e8f4f06f1666aec5a57d196be676bfd47d

SHA512
031042641e11cfa1ad99e5c67293bcf1b3eb523ccca78ab57cc40f7dae900db430760dced0cc39b77228cf9933533b5b18892435a97f21fdbc868a47f5f14b58

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.OnlineDating.2.dbi

Filesize
620B

MD5
d12efb5720ad1fc295d18cecda5aa9c2

SHA1
8ad57d28552d00c1d07ec093442ec98bfc98391f

SHA256
c7f94d5934aefb476a6addfdf4d7db27b4582f2dd6c56d8e41797cbfae54d1a8

SHA512
9f583558774f0a5d42d8e2f21d22485c60607b61ff7594d305fad1365a706f3264ed28b628db763033d152296cf33ec8b9cd32c6f80905acaf4c8d1bf48bfda0

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.PUP.1.dbi

Filesize
15KB

MD5
c96bbe6f02297c06a9ed47b5c67b940a

SHA1
7697da7a58495c0862ef319448642dd8ccc481b5

SHA256
a28570337e439b0a1ffe7dccfd30bc1f593f24bde54d8884cb74e58a2cc07325

SHA512
b91b3d626017d023d5eb2e18b7adb94354a47d05b93c4c96d334bd0d456b42667e6d5f4390e107acf2625d365466de24cb61abd2b30de1a06588e98073940175

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.PUP.2.dbi

Filesize
620B

MD5
8e449b4959c448e18d5a519e9be3b89b

SHA1
5e1a62bff812950ee53a63c54d578e7e9f2ecb69

SHA256
0fa587beda5b477eb7b33f4fc22f4cbbefd3bf9cdfedb5d42cfbcef210f706a1

SHA512
1c056941c33ede48bd70a4cdd4ed84ef634e5187335c68d9772e22e55479cc7a486b1d0e9ca73040e538666e69450215037ccedeb73f13488a04f35e7373f00c

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.PUP.3.dbi

Filesize
20B

MD5
d8610a905c9855dcc4a0a3b517368e92

SHA1
9490d27bda36419c6a268aeb3305b625f688ac4a

SHA256
8cefddedf1baae278e35b28f61cb7e7a66152b5e0f60e6b38f524c1c1584c21a

SHA512
a74ce527e8124746e7e2d64f751d257c28a3754ea334586e43c6befe2e7eb4a8230e55d8843081102f442160b79ad6984ce8195ab75954d5b5166ce4107bd90b

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.1.dbi

Filesize
4.2MB

MD5
adfa617097b55e5ff630c2cd66a9c649

SHA1
70c7b7ce207aad450773e0114f14516ed36e024c

SHA256
a8ea16d61182c8c460465eddf376868e34f7a73ff852edf32d7f21948c5330e3

SHA512
4553b5bc0d42a6799b54850e80de9c16f4ed15e6232a5663398bfcaf697470880161149d4ec4320ddfd0459b37c70c688a6b3592e2c75f0bc7f72783ddd25384

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.10.dbi

Filesize
60B

MD5
d298bf28df0e4f66595acfa5ceda6937

SHA1
9f1ca0f858a74b6a1ef41b5cdecc9aacbe4a7def

SHA256
e0b2cd312808090e655eb51768ed77f78aa7cb64082add85dc2a08d36f0946b3

SHA512
dbbd1cf53e0847904d1e82ba8b9c355824ccd525cd12e1eb3cdac7ec5e91caeb73b13bdc5d5b7539f8efa141e0a5a88327995f17b1117ab6c50fa6895d5e70b6

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.11.dbi

Filesize
80B

MD5
444f51b97e45183042df4984e28530a9

SHA1
c85196bae8617828008b2a5e098f323d85b7ec25

SHA256
311a3f74830c65cb4fe496a170f948d929e479e911f29556a2385cf4e3fdefa1

SHA512
6c41d35a06489d0fa0598880adf409f0aa26eaad93baccc1c56f0a7c12f42e7bfaa436790168a66466191f492a6cc5d65e97bc64a1168b6e966d4ae604de7522

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.12.dbi

Filesize
160B

MD5
7ef08e4d96c2e9b4657b474af2a5289e

SHA1
c9fb7bab4a2ee2ff5a60fde09e13f84167bfdfd1

SHA256
e60153b88f81b0b370e1a2ab48b26777d8e33e0a47f7421ddfbedec84a9a4835

SHA512
ad584cd317e08ce38a3484ed0c4237e85bb30cb3caca6cae1fd38ae164c10cb7081fa53db4244809dfb0acf377bb7e0215fa811fae2b8f755ffb8dde9dfe59e8

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.13.dbi

Filesize
20B

MD5
4fcd70cb1dc52fff56853bc1801229cb

SHA1
87964110604e76a2db37e0c7dbd5e02603b926d2

SHA256
51baa2c1984c3ee4c03f0add56ab1c2022ed23b4452cc34f40fd2e0b77646486

SHA512
2413429ad65385c3f4935734540d36e7a6158b0d1c51481ab59f28b6c3f4d20f566b0b77bfdc3a3e8ece3944a024ff9e83084146e4cd6151896e080ac5253df9

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.14.dbi

Filesize
40B

MD5
e6596bd3d44f62708927de524a8f6cc2

SHA1
dd5883d789214942f7695512f336e6fa80678660

SHA256
6c85d4a55244e8c40a580aeb5a8782d39788cb01b024c4b268dc381da27ee528

SHA512
f097d9f76eb40958eaee447278398881a04e3d313be6bf5a03cace8a12eec5743c24526adc3a3b34577faa2ba34f5183889446ce78bed7cebe5989ac9ad015cd

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.15.dbi

Filesize
20B

MD5
b77f9377b16c7068e779c59f3f511add

SHA1
49e3806bd2defade3ab3ceebbd315ad79dc14617

SHA256
4230c251a9f8428922a2be552d0fa4fa8e3d007022d42823108a3236b26f0e70

SHA512
0a728949756621b854b8edac3df1efb1a8647e91d37c5c3ae77ebb82f747607b68381c0a28bfa07f895a53e319c4eea5ea8a03c76b336cd0cb957bb0e1b1bd90

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.16.dbi

Filesize
20B

MD5
c953e423d795320b4e2e24878e377888

SHA1
05a36e46cae9e1ed3e24ee3a0dde2851408ccd9e

SHA256
bab8226abc5992f47041671a39a2f4897c5c1ab502a056e17f97559709f18449

SHA512
78e95bd47bc96dad2aa909352f19e690c5dc0a35d8b751e1b722c7ff4515279b46bd0ac6036e4fee01c16c7e6d4c85a4e9fefdf84001eee7836344b7fd527488

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.17.dbi

Filesize
20B

MD5
2b97ec8423ffdcd71ac02f30e5558566

SHA1
7982ad51b265e13ed062a539490a270f062d4cdb

SHA256
509632c60a899edcd6f6bb86b72b9080f9ccc3e17d69da37f14d07282ecf5b96

SHA512
30b112e1cd1ff71852fa0b297283b1cd0f2ed8583c3fec52159717f7cde9cd397a2a21a6f42a9b4286a04a252e56904722c9f606d511ca59104ab56a60a6dc8f

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.2.dbi

Filesize
4.0MB

MD5
40a51a955c82c7bcb63af582de8b9a15

SHA1
a35c0b09407150c031483d1b5058ef9f135b0ae6

SHA256
0bd61677c28d2cc0e7a7596edd09ef00eed7b602e14376541b1b7d16ea1eb7df

SHA512
9e3f94f87a81b4f7d4bb41bee7f6179e0fbc297ca007423cd2c628a5213e0b666ffa418aba1b8885917add842dcf197adc98e0b1c99b11480ec1f2537e191219

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.20.dbi

Filesize
20B

MD5
8dfc2ce2e0c3d58b484ce0f9502848be

SHA1
0d4afc275824995f031ae82b008e0424cf84209b

SHA256
856cb6f2f8cf53228c0064e4291fdfa9b06c6a5cdb0e93a8903510ded3211a3c

SHA512
b7363ef0eecf358cc7fe6fa0c24d12a7285dbd3cedda4df6e502f1204650eba526fe4232cfeece759b03ca03bdafd3a79f72000bbca0a60faa36e411f79af817

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.3.dbi

Filesize
338KB

MD5
af16fca3dd2955df6939d8d8e128c222

SHA1
e064b9d6656571b22e9e07da1d0cf3f63c020696

SHA256
b3e7ff50818c4c2e233f394333768265dfbebdb64395a510e5b1931015f69649

SHA512
6e7c167b1517756ff51304cbcc6fa6fac652d25c03ba33735703c14dcf6e1af7b80646355f7944904a09ff382d8b48df7bf270976399d4ea175a031f1fd96ede

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.4.dbi

Filesize
48KB

MD5
b95aa0bf7c33c13a78755adc6d606c0f

SHA1
db8c4d197adf0c3d67bb2b6ebb8e1979d3ace2f1

SHA256
17419a2e4fd3c0b7d720fe12ea7d87fe3a56e3753c71364b66a9810e50838069

SHA512
e1261cb666c9582018596467fccc35ea579488a97e7853cca87bf3ff643cc0aeedd2e3192633d2d5bbea308a27ba68108cb5f766ccc3c8496036c4641f20ba91

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.5.dbi

Filesize
8KB

MD5
ca488f7f2c2f027e17398bcc6a9a7b25

SHA1
03b1d684caad745a80b1f070b60b1389b542f620

SHA256
14c6a29fa4bcc5ebc652a2323c95d40fc5977c916f65debe526e6fd8c897c48a

SHA512
3bbdc16ddc2394d705ba71bb6286ec2d218e7c5a06d645390a9561f77153a0ae8c75d1d1d8c6540f2e5dc6dec3dc99ea15358e5ac639872e4cd77b2847b9d517

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.6.dbi

Filesize
3KB

MD5
71c3ec86498378e0d910327c5a0ceca4

SHA1
f1d5cd21fc1c7835b2a1c589381041f587591347

SHA256
aa11eb27bdb90cb4ee7c2bdab5477f098dec1b09310e88a72c08ec71da88bc3f

SHA512
dfc58896c0b98bdae5f6c70f9e3984d6f24c5a3bc5ada66baa74cdcdeda91232a3997089bb946ef75782b6b8c0b93d8d26c13755010af22f3a8b577497f9e9d6

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.7.dbi

Filesize
1KB

MD5
b440fab9c7e4f949f4bab731354bd35f

SHA1
182322c77db88f56a234ac0d6f78808cc971cb7a

SHA256
e784081b0590d2eca20e46ddc10ade3783ee11244c90ea8f1d979d99c5d1061d

SHA512
3dbb6def8e05d21e4ad9b08a2bc6e86ab62e23eb7e6d4e8cc07344dd4910737185495a38e9b0501ddbafba2b971f7b1c6edffd32173705c3031f4af117ae71d1

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.8.dbi

Filesize
340B

MD5
35370f020915621866c01b44600a7468

SHA1
e4fc71713a89106390a5cf9a1881ad19e4aa6051

SHA256
ab0e093aeefa8b28d8cce20eec554002eca6dde00c9832088ae8eedabf13a893

SHA512
e6c4df806f436b20ecf5ca1bc091a60dea033e7be5aca62091d8909532e4ffb3943172dfb08c3dc4f89b55c4b3be25cc46499a806cf08103e60f95ae18563193

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.9.dbi

Filesize
240B

MD5
41d3673c30430fa8092749ebbf37f77e

SHA1
92ceb4e8845ac485edb55b224d0317b4f78d68a5

SHA256
54721a0f36d5a8e429d5b511316d97800af57bef55602a150c59699d420d5f1b

SHA512
2cc623f22fd059d9c6ea6871ce5ffcd840dca7b514a7f15aadc1b2bb7e1fda3daf62a3a0b6ab1fdada8795c7d6bdabdbe00dc6db04393ca4c3afcc116f4a910c

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Propaganda.1.dbi

Filesize
780B

MD5
007e9dedd0c961add0a3519e94fd1683

SHA1
26da99b22ef374967d5d7a99cd7b011974ccab8f

SHA256
39287a095011c0831f1c4d3827ad9e0a97135cdc434cf4dcb306bde2f67fbc8e

SHA512
a64c921d085ec9e92a0d013589c424da5e9e33171a3f197871a85d357e842a0ea0f1a738d0646e10e6bdf9b21f0cf7bf8be51b08b947be0ecbad1a238b386e0b

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Propaganda.2.dbi

Filesize
40B

MD5
6afc9f1c3a87c1ba7c217c0d71f9013a

SHA1
e1022a2547371ea654c27358882a288c4d0bcced

SHA256
91aa8f4b3070b3111c0f3825d1e2ba099e7760e084c1987535195e065974a8d8

SHA512
b1189a42005b4e031621b3e66f36c4b08657f8b0b4a8c0fd26d4372bb90e50e43690ea8f50013c807428f5f5730b0b32ebdda4c1e1badec891504aff3c0be2e9

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.1.dbi

Filesize
275KB

MD5
aee7c5e4aec76a90e554d79b08460050

SHA1
a09ce805dfdbfe4d7dbdcb57601585f9d0fc0b05

SHA256
c985916a20c30ac439016cf95af264bdbdebc14a66cede20b6b69a70bfcfbbc9

SHA512
6a110535dfa40c2a780541cea50d99fa10db4ee8757bfe3738b5fb7f81ff94092b0d7a195651f696884e9fe0a5187ca479009280747ec29b3f69989aad0d0208

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.2.dbi

Filesize
67KB

MD5
2404820680fc57766ef90959574af946

SHA1
7df66599cd49c42bd0b763d229a1e964a3bbb955

SHA256
3a703398edb088efaa00c015e1495a321819a248a4a70300e201ea24b2732cf7

SHA512
7c4709c4f8a02a80e16c8a05b02850b04533c2c595da73f618b9cde835f71e5f890cb55b3b7759e78208b5e50b63352576a21989a54affc2d38a2ca3b21822f9

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.3.dbi

Filesize
1KB

MD5
f8519f4eae1f594075b84219dd330d87

SHA1
98cd25e41096020594ee215debe29db01450aa1c

SHA256
9358d504984dc11265a7adaa171efceb4ed5985ff36c2d0492476bb697356f83

SHA512
dede16056698fd5aefd3546d6008937f78ab41b7f56bf87b940e7abe436445e913cc50296d3ea83de2752a6461519c784473208f450ba4715ba4fe4caa099905

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.4.dbi

Filesize
220B

MD5
5e96684bf0c3986d923556198fbf1c1a

SHA1
f2f938e3115e3064fab0347959978a4e79beac3a

SHA256
3128af81441a0cd0dceca08c32dc9522d40d600b4cb7c21fb5c11e0fdf1aa075

SHA512
7de5477258ba882adad370eedebd58b6d54676566e769645076a6329b9338f2e9d9d70f6eac42124b75233deb589337f1a55287789245f0bf4c0cfacae76f950

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.5.dbi

Filesize
880B

MD5
402792701ce8de0897a17543749241e5

SHA1
b23249fa25630ce8e6fda279034bbcbfc6eff7d2

SHA256
2e5caba88af2e3cb9e9fea31d77ed197f0eebeab01eadbcac17a1ebb0401a9da

SHA512
1f9777fdcf237700cfbccd61f02c119a4e497e1a5a6db676b627c66f10b42915fda9080bfb8f151a6e06c737614c67ab3bc73e162652bdc41ab76fb7cd6b5200

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.1.dbi

Filesize
586KB

MD5
f5e5439adf1a13cdf3bf752717a37236

SHA1
3dd2fb99f46547819dedfbe31db67e1b03d0ff2f

SHA256
ea42e0806a1011d89176b0b56a17348f82e345a5c226ea1a6b502abcfc4fb452

SHA512
c5ccdc814cac6be34e1da40d0e7ba82203f002cfc9db6ed428f38a54884309c427a46f54b542e2d8d7cf11365cd94481624b7a1cdc1d90b550a7f3a09ba17264

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.2.dbi

Filesize
46KB

MD5
d19d3398f78bd203612f134612f36738

SHA1
0a94d14f912379b2a2aa809c751a241bb404f953

SHA256
847e6d929b8297dbb4a3e22e4b29811f2f7121ee521170b1fc8293d67518d5fd

SHA512
e19efd75dce140293a6f9a4f44feccc423a6aeacdf11c4b78c6efd713e2144bcc1368417c0c391d79efb3c6851afdfb0bbf1092844427405d8eb36b06a01efcb

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.3.dbi

Filesize
1KB

MD5
794eddaa2eeada38b2cc645d58e67c5f

SHA1
ac009259c85111023255c93fb329b39b6e6c27c7

SHA256
26261a21133a1c30d286efcc2185a3e907de3c1847ee3d40f3c2508ade998e92

SHA512
354d244ad23574652544f514c151feda9ab9153831f6320fed53682b0f086460e78fada9b7dfb6910ff71f914820197fbdb97186c36462e692ef14e8f5a3be23

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.4.dbi

Filesize
20B

MD5
eb0cce8bc6127fc84b0b37ff3559d3ba

SHA1
1b5a3ec872c4342213ada8b67937933f13984342

SHA256
745aaa7c63e87c05e5952e4a8ab8aa742eb9a38ccacb505654875b393a3c33d2

SHA512
1de0c37fb53d523da015a88470a5ad88bd5a93d0983796a8ef74fb24204a50b58d58adf8db23b3b41076c078ed4f0ad67a26d31b9ada0e5224effd748530df04

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.1.dbi

Filesize
2.4MB

MD5
d6749307007bea6f6e19dde243d2f218

SHA1
6c9327bb200c803bd40d8fa8e742a1d2fa07a8e0

SHA256
b4df61a498ba9365e2067c31c9be7f3eb781ff3d75edfa3e7ca0dff59765011b

SHA512
267f431fa3e8c948335d2e2dff81303aef865d90488ad03965cf988169e368f4a9176e9c707c4d363eea80ae3e644e097df6e37fe3a820ff619dcc1a6cffd4d8

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.12.dbi

Filesize
20B

MD5
50e43a1ec3ceedf8f70b17c068e63f5b

SHA1
1b601166ca85b07969234fa685da94c19d5e58e9

SHA256
3751718cad1fb4a2edb615a6995efe193b112e92a661771770a049e2cc40247c

SHA512
ad5e157415adea28e04d498f5f6322176b57035d92635cba55d5f4f91644445af3124d1061ea1b6f16e7ac6d5b89a35225bfead2006a1275183d9b6374174816

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.2.dbi

Filesize
962KB

MD5
f66762dbf1061cd37794b5b7c52fb232

SHA1
5f8d7f38655790ba48d8960aee7d0f8e5ba6798c

SHA256
812b1a2c673f2831f77ce58f8ffb8a531c91c60f74f59d6a0869d291e7147b16

SHA512
a29ab238c18d7ef43dd2ae6d32e6df236498157278b8875f84e275b04b0b5dd1e77d561bfc880ecab8db61e9b2f925c3e4fb8d9ae8cc139625ebb8a7f9f4e72a

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.3.dbi

Filesize
188KB

MD5
673b22480711c491b9acb466408dcbc0

SHA1
36c99f5a1cd9aad2569b62fd25b68d413e5ade39

SHA256
a89aa7c0cc5883246da01dc1c72113d12c0d6d71e47c1fec36d690365e0a3ab7

SHA512
441531daf12e50375080ccfef1710748fb11861ca4a34d7c58207ea27e78a9a7eefff8345b140307a368311867951a21617960c09e650b0b1cf37744ec50be4a

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.4.dbi

Filesize
7KB

MD5
88209b418d193dd615500f49403adf7b

SHA1
c77083a99435125760e85dcfa6baf305afeda320

SHA256
a50d1f1cb8aa622b93419e8c3e7527d6644584b295cad5d7d7b7a29520c8f1dd

SHA512
fbbabaf86a0c8dca076f6d51ecf317411e1c2c335c978b3210a9332bc2f38971b68ac0ba73115c13c48298ea4e53b733a46d8af20914ba1ce4be9d86c268610d

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.5.dbi

Filesize
1KB

MD5
22cb35a559f562067c2ad41e18474af7

SHA1
64e608a59056bd74b29ff9fc09e239a3c8da26d1

SHA256
b1e3e1d176d84a85a8b036ef5a7109f5a64553d44385c24010034850f82b3136

SHA512
9ae9387ec0ef04428cf9d531951835b7727db7694c74893808c4c795102cac80599879af3c10f106baceb9caa432add5ed6d722fb0dc939dc74c2cae8c3c26ef

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.6.dbi

Filesize
480B

MD5
99495513dcae1857a0b8db0e2a26c460

SHA1
698d534eb12e6df1a53f94dd67be34075371e3c5

SHA256
256530bbf2af5392601856542c1326643cd1da84710a95cbfa39c5dcbb412f9e

SHA512
8ee4243cde6e16affcab36a66e0271de6b15ce19f1783b5154f7a22c176b10ad1160c3d09a4ce7531058412a5246bac552cd9e871672320feb937766bf8ae1fc

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.7.dbi

Filesize
180B

MD5
6a40b721e7804585809d274881793b39

SHA1
eb4828dd6a70c3c97108825979dda4fff8bee061

SHA256
202c4fc9cf3922de8beb54061ea1bcb10aeabcf7b45c7a143b0a18c9fe10af6e

SHA512
075280c136055f73603dc7156c60914216bd87f4e8f10dfa14cd60763af5452426bf9b9c813362663ebcf3172373574bbe539951ccf2afa1369ad556464283ad

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.8.dbi

Filesize
60B

MD5
968f228599769ed87c1e19783785a965

SHA1
9d5b1d9fa2cc272102825637f3e15aa78dc0e07b

SHA256
07752f62a4731bc7156bc16429a3773ea78f9be0fa961ea34b5f83b30cdf4e25

SHA512
f54d70111afd6005263dfb16515a4d29fce198b03c7e4703f0de36c2471866b7085d69290bb3b3dcb50a92255bcd09950a2d0184fdc15d0dba6c08fe83f4e399

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.9.dbi

Filesize
80B

MD5
6fd6ab43ee74450712580bb59f11c9ac

SHA1
6d271a12a2becfcf07f7ebec54941576923245a2

SHA256
cd887f6206497510631ea7552c4da7abb6d55d8040ba1985b6aaa082a2267df2

SHA512
1fa1887f9092893a6bceed1b4af0680005a5af151c298542cd4b90f9c9de1f8fdb8e9ae25305b9b9413e6bf50da9358229b8a6fbf234c09c8a2f802705919ebe

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Torrents.1.dbi

Filesize
640B

MD5
9fd26caadd69ba50cc65abdd5f21d201

SHA1
9a6580a489d6649a5679e5aea155c68ac0fedf20

SHA256
b740ca3f97cd6dce9e7c65ce1cd7946b6fd4e2b8f73d224b7186d30a365e09f6

SHA512
9f955e5eb2194a6e0cab1b89b5a2928b7dc26d24a1fd689836553e99be2118d1dab2661d80be6e5f5bfa4adc7895cf6fe092f17cbd81af0464a907b8f7dc2b52

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Torrents.2.dbi

Filesize
80B

MD5
28231a0614d7334972cc4e37f5444fe1

SHA1
098d81146127dee9129bfe3cf3cdd48050db75bd

SHA256
56f987b8d7a029f576ddcfa4f1155e3154b5643aef8c8900c3a9bb9f55c4026c

SHA512
bd75f7672a7a1734dd5ed2851007adca96c152100a1741d99a466e61ddf92795a51a4af5c13eacd282d6cca57d309d92e49abbd2662b6388737227596bac356a

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Torrents.3.dbi

Filesize
20B

MD5
dce5078111cd06c0aea2e8c84f90507b

SHA1
df91ac0a4a051ab187c882ab488dfe1d9a32f521

SHA256
fbefa881aa44548cb3a0421a5f35ec191cb7db42b17911914959fffe63f547da

SHA512
19d5cb7f223adbd34e448b0591ae31eb1144df4a2889d6236400dee6fefc20627555e8d9aef6ffe94a0302adaf9f501972dd30c37e51aaf049e3e735a2d89969

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Violence.1.dbi

Filesize
40B

MD5
7916a55a3bfe712868870a2751288a13

SHA1
28dedf809fc9f5044be177fa112e281e3d72ac0d

SHA256
51584338cadfb885d032dbb4f7e84a30ad2a515753ec7e5c1e68ab7562df5134

SHA512
da1efb08b4a59be52291f589bae7cd9ee7eb63619bda1ceaef0029590657d1897f018373d9db0cf2397e03b51b5abb9f0fe878f5ce3f2218e0bf7f4809cc927a

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.1.dbi

Filesize
15KB

MD5
37769d9b19d77eaba74a1e8d00c4e838

SHA1
7f28a10840744d725a632ff1231a7208a5f5ef3e

SHA256
2b14e7c1e6208b7fbcf5ad33b30f016e8ad2a44f9348644eeab0b708e723115c

SHA512
f0c8eca7c57b31566f2661f207eeb3ad9ba09e86b38958967d72a42e0dfccb572b717c56e13a9874383a0b304c9870725e4910fe78d27eaffa4ed74110f4805c

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.2.dbi

Filesize
12KB

MD5
9190b463daf33ad595d9ff61aac303ed

SHA1
dbbec2a1b854f3e0a91fc35fec01ccfd58b850ef

SHA256
4f270b6cfe058803c08e20bda0c5e7b27052a5870a29843ca3c7193b084ee19c

SHA512
d3cf7ba388deb45333b4b4464f0ec28b675370cb5e8a52face4fb34243f0e1c3fdf89eee1b313261a434a3ef82afb20c80d7dee8d47207e3ea2772e996ed02e4

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.3.dbi

Filesize
1KB

MD5
e2d30550f7e20454be1b1ee36126881e

SHA1
258bea4cd0740a4533bb87123a55cb12c19f44e7

SHA256
6d92673018265b59dde1074b62a213e97d8c8bac573b173b49bb71bf8fa6db79

SHA512
b8f4eb70390416c3f50035ea5e4b1dc6806323d18aab2bc2947306193ef844a9e163ed104f8462ccb0ca5a2ea81d7dc560edb03d0b9682a34dfbe582c83ff5b4

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.4.dbi

Filesize
380B

MD5
9618692d1b53ccbccca1f736fe650c19

SHA1
76c1cb462ee5fd425cddb8294ce248ac3d284550

SHA256
b536c91a0004cd9bc9ccddc3581a9f9dde75864f6151c86fd89e4e300a2a931f

SHA512
9f7dc06b66600a5edafb7a7b4ee63b24732801eadde3eed9124311ecf43e95b470eef7da449bca50b8dbbc2b84cbcbbc427b1c6ea8608835210455b169ac2c76

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.5.dbi

Filesize
100B

MD5
969762afaf6169998b0b44ca187331a1

SHA1
959c395b65513a6d07b64b625229b58cbfa26480

SHA256
1424788ecb77ad0ca9685f2c5b48cb993839492c8f68e9dc1ccdf14bac3ce62d

SHA512
dfab6257435d46d069a94fc12b7e301c49b297737043d9766dae66f113f1d19aacb05590dbd01de58d00a8216d4db26983acaa3ea240c77de551eecebcd65dce

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.6.dbi

Filesize
180B

MD5
dddefeb3e1289b9f97a8df49e40bd8ac

SHA1
cf5d429b24da0969faf37a8adc17eec07e4962d0

SHA256
ec65977de3cabeacd7988c5931e3562e0aecc46d5dc31576c1299a769c570226

SHA512
dee924c2b784665b28a748f0f6da9c66e0fcf2855636e11161ff628dbf5527d99c71583a59d26bb4771c85e8ca2d946a3366c118ee6dcf158457ba43ce667325

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Young.1.dbi

Filesize
1.4MB

MD5
03707bd65c0200756a676406c59535ad

SHA1
24219b8f54ad2d8f136bbcbf0ed12221bd2946fb

SHA256
bd1cba1947c4aee9639133c3fd5af8ea4d7bb0de95699ba84903d6ae074c3720

SHA512
435451a61188c78c825f3efe625d1d661748d443d2bbcbc5d06bcae3cb217bd16024f46e783db57f00bf664622f4743d814f26a0b9695fc2ca941e3e669ff286

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Young.2.dbi

Filesize
2KB

MD5
49bbbef0cded792ac911190c24184ac6

SHA1
0853fc9f0080599a9ae17bfddc6da19fd6bc6d24

SHA256
ab8c19e40e4078971e8fe1a8118ae094f8841d46ea05e3cf114297bb89c6d30a

SHA512
d80c666d2e2db153b076dd31066ce4f24743860e4598953406c32827e90be833447bb75bd4d44826e593d043b1c4cf5d1750a9657d8ec0fd1c3d0df20f3bc5fd

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Young.3.dbi

Filesize
40B

MD5
ebaeb874c6bd0fdef9f356273b687bd1

SHA1
ed5518db8e58b7f63ef6de7dc7ef80a99fd27872

SHA256
3760dfe60a3df54eefd0ea18d0bfcaa3ba562bcf896a172d9387d1ddd4eb3a7e

SHA512
49fc21e56a3b1a68576a6a212ac3b2558aed750215f12f607f26f88e700d119fc33824cc0be69b5222469e3b3d5fabb00be1c19c7dd2f06477eda53a0c65eb8b

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Adware.0.dbi

Filesize
100B

MD5
6520f0b612ffd01f2e37db3e30bb3421

SHA1
28713436cc10ab08ca3e897ebb14dd8d1a2463e6

SHA256
7aad94c95c3cb46dac10199772e22a5b466b39c2e3ea80f8556291e586b68667

SHA512
465acf32c6638725541ac0b8da6b6998e8d728d9f0bdd4496c2dc910d794dda10594996f1d117e50831faccd88f48f360687dce76480cc59cc6eef1f86db1bad

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.LowTrustCasino.0.dbi

Filesize
4B

MD5
e84717570a4c3e6a61170090b34adb0c

SHA1
bbd31a18b77b99bd46c3f31f716d66fd7fbcb282

SHA256
f874716b0667f56375255d33e347f301da5610a586cab62afcd2c78c5e25b99a

SHA512
31fec87083e6c2f14ce95107ada43dfd05c0fa9825996b931bc5a1436a4c207770ffa30aef1cf0f6d3d9b8430cec883fa391cb163dae690941c0c81e69be4b0c

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Malicious.0.dbi

Filesize
1.8MB

MD5
712dc9f9c5bc6523484f09f9e45d70c9

SHA1
a57d252d759d0bcd72f4ab9ca6ca48c7ec03a97a

SHA256
9abee29a1178785c38ec78681f1fadf3bbc470d95730e50698b2654b77b8a24a

SHA512
3649b60d9c5db0186ea7d058bb1c36aa3c19334ecdcdaabe1b0b69562397435e89ffe26513f1a28e3b58e789ce6aab4e395d98b7824b991237355cdca4fbb2c7

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.MiningPools.0.dbi

Filesize
24B

MD5
2d5e15e4f95ee89a498884c9f1dc521a

SHA1
aab08e125dc62717434e1d1e063b09a8557ed145

SHA256
a95316e2ae1871a1535773705252962197f86a6f0549cbfc7195b18052c15346

SHA512
f8df2511186abb82f3a20f3d3601030df7add6781116b39d272ca4c4e238c253af4f1c7799e98ea815a084ddfb4ff2a5741d841dbe8f3701fa9a35833de01811

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.PUP.0.dbi

Filesize
12B

MD5
7f38888fbd4cd6e59ec7d8016f537611

SHA1
704f0ba93c7ffdc972dcb75730356ceaa8b456cd

SHA256
185e5cd8e026adff7ebe1098bf7212e5f7722844b947f7a10495daf5d42e3734

SHA512
48d40bb04261b5467e7ecd3d80a7032cdb6f3442510958e9ba2b455f71338fbe77f27f3c94ffbb04c61fed7cd64590f6f40a0f4f0d6b7cc58e77c72fc82310ae

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Phishing.0.dbi

Filesize
6KB

MD5
98ad433445b6b39d885cfd2baf592dc9

SHA1
4ab7903901f622c0bc039b393e42712845c20413

SHA256
79631754d3616cdff65ec84d449236536a734f21b0432f801bb7527148117d36

SHA512
673b21644367da0bd5ebf1d890d0c4a44a21d0ff3dcfd4873c4f353e965f543388bb1f50fbc68de268d1c2100a9a4b416f4876586cffdc9e3d439e774efae4ec

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Scam.0.dbi

Filesize
44B

MD5
a625c7236aac36d48d69498038816f8a

SHA1
451978cde724b6368524d3bf15e94bc2f2b02829

SHA256
997b7457f16553a81f05455e64b21809a24045bd85eb3da861b3aa2c56a18725

SHA512
712614a70c347097c63319d543ee7a9a5236ce9c8105386e85c8199d7a8ec975102951d921ac10a0e3e912b84dd1305ca0f72ab4aa3bbcc72919921498cb6f63

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.SuspShop.0.dbi

Filesize
6KB

MD5
1bd013246bdae055964e5176a1d84f4f

SHA1
e637d21c3a2b366a4e8e1dff833e8a8ec4178a93

SHA256
2bc4ba373ff2f9cf4d3d32c7e246dd97588398b294eeb303cc9b0883e57ed1c4

SHA512
48a58ac209b983bd59c5bcf506a958d191143b62f71f50b03ead40ac1b01931828668ccd52a78c564ff4277dbe6654b5e6dbcca0f293ab42ed99616f99ce9aa9

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.SuspWebsite.0.dbi

Filesize
1.4MB

MD5
090d31f9885f4b2e403267fded1ec0aa

SHA1
d30badf4236b48d4f4eb903731236bd40ed63130

SHA256
9fd51a55ae4c5f769472d55902a3d3e59c2097b8744df51b122da3253ed8c75e

SHA512
5f5ec9603db0e64ea62fac01ff955e76777d3fd9f9607e16abf36a80248825148dd05cfd1978da18ab8f61baeec410ef53707798665ae63cb1ae9411c37eddd5

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.WhiteList.0.dbi

Filesize
224B

MD5
6b0473634108bc0e9f1da06bf0e55ad2

SHA1
1ccb6464779b59a944c73c5c1773acab39986842

SHA256
c52053bb6bdc99676719610b2988e9f1a3cc7f27ff17c0dfd0e4c88c6fb31c0c

SHA512
3e0b6a132c08ea3a6d5ac31efd5e6b7fc335fc9edcf7385dc41c8834f192a08c0de9de4df22fb2b62fa3d105a0e87cea36762a3f0a5207c5cceae7465f863566

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\nfd.c

Filesize
624KB

MD5
34478ecfadd94767f55bfb81689668c2

SHA1
22e52121c88208f604700937d38dd1ed566a43a2

SHA256
85edfed709523ea8e12950a89e61ec6ca50b8108293de155867c4da216d76a71

SHA512
19fd1c2354b09f8e3d26e624c14701d58b455238120a35b5102ca3778f11596e79cf2bccdcccbc3d217ba6224419ea0fd9bfad1a59de81402198e383b8574783

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\nfs.c

Filesize
15.6MB

MD5
5048c5e1b42949b8bb4c3719d41a5a17

SHA1
357d73efed06d20f7371a26c72bf0dbf5f83cc16

SHA256
0f1ec1b984c678b30c6651b2a4b6d750b0c159cfc223f06e44d8b33297734537

SHA512
b0313237e7564acef3181fbbb421ebd9bca7d4e3e173642c2566e5f94e7639f28ee0b6baa2abc6770dce0cb7180a2c95aba117515d1936326e06b3521ff85c19

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\upd001.c

Filesize
1.9MB

MD5
6288ab23daa9ed33024a8a1276316b4b

SHA1
43d9ded6b2cc4d81578c87aceb054c98981be0de

SHA256
a56cb7fbcde525638df35d1d8b64caac603ebabd90f882f4f4e50d9cf447b1b5

SHA512
874fa5b14c52508ea403e1d2a06a72f86afdce2e033d3a70b42e38ca04a439a886fd8e78189e1c9736d677b0bbe8e55db6f9edbfa3847a54cd004539ad729a88

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\upd002.c

Filesize
81KB

MD5
06fac17e7b1229933e2d242f722f2965

SHA1
ac8808a95d0f5f3577b7a2c7b9a1e5297276210c

SHA256
6e11ebfbaf8a25c1a93a006993e56624fb09cca92cdd1b213fb024f07fa5dcb5

SHA512
7206cf5622f50105cda92c18a681899d9e7faeb941043ae3bd749b997aea958525d8ab3c91ca2befe6f27c3efe7dbc46aa933d7dd79872a9963e0ec52a953e70

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\upd003.c

Filesize
18KB

MD5
f2d36069ac7de685a50fad684dc06352

SHA1
696e3780db95d27301e14f733d9a6ec0753719f4

SHA256
7d8e81ea11b691a508fff3fe04e31da51dd5263a5c434fce17c0a2a1e08e496a

SHA512
10d5ea07e254e70b708b0f8f8bb1db9a998381309efbdb02df8c6781b84c109515831e662b5004128a4c2f9e8df5f9e0ec62ba6088b56aa1496573db3fd868d8

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\updates\nfd.c

Filesize
310KB

MD5
f1e78e45b82df2ce0beec99058346995

SHA1
d925ba3948396f862089f439edcae80f364f13a4

SHA256
104181943b047e9cae248e50272976b498342985828f7d96e9252d273887dac0

SHA512
7853d6884e455e46f5d01d397dfb707a35c0c397404fbcdabb02a44249e4b9063208822d9b774fc9e7f231a5db387f1a708050c60444489a7677d76e5b0ea457

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\database\vs.c

Filesize
142B

MD5
a359ed244acad2de0b36de9717722e1f

SHA1
287441b04b6fa080c4e7beaa6e3f33ec378a6917

SHA256
11b7fdf6027ba3be997c827679ed316ed13fea25a62742582039336906e75f17

SHA512
b639f4eb7c1720355d9fe2b1cb325d6c888e881695b75c7c72ca212f3c1fcf30f15662a45962da27ca2d33f266f01390a173d5336298c69ce682bb31693ed733

Download Submit
C:\ProgramData\GridinSoft\Anti-Malware\logs\AppLog_

Filesize
268B

MD5
7e6900ecd008b6fc8ef8317ede17a31a

SHA1
4ab1bedd20554439351ccf9c151641205b4b69ce

SHA256
4ace3d7a25d59b86aa0311316d8192c4281b7882751369a8da52020195e69f7a

SHA512
0c26fe8e3eeebf1be324e6333c3b38b5f62567410df85b9e335934cc88d96ab1feda68fb8a1c0e62c769d2c719e725d64f0b891e8315c1df304fc6243d7c1403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87b1c374-e9c0-4fd2-9a7d-050da7f315c6.tmp

Filesize
7KB

MD5
1e084225f925f4d97b779dc7fab8d8a8

SHA1
2945732f9b16543b626b257f70f53439aa4b7e0a

SHA256
9e24b34f329a402ea2a8cdb876ad7ebc428210bf568eb30f0819d2a1ba6e3fd4

SHA512
2c556f9dc348ce4c856de034372ddc2b31efa91d56cb6fd99e49acc900b2ec095f3cde4ab17c20d5cd18bb19df20eca84dcb882805c4fbbf9ff0881e6edab4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
58f5fb55c0671f9da41c0e7c0ee2357f

SHA1
dbfd4e4e95f0b5cc25c2c7fe3e53d5e8a659509c

SHA256
18e46499b593ddb9d0730e58b5909e25c92dd0cb717aece03198e83c2294ad3f

SHA512
1f0b959cd60caef3e643cb5475671de67435fba9320e8014f6c10333c5777fcb73a492c65e6e11e09fa6a3052505a0e52549217564bdd2f8437c5765e2dbb060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2b6d49ffd1bf1beca915b2e3146c99ed

SHA1
393e8c37acc871fbdf34834d4ce0efc4f3c480b6

SHA256
1ac3d0d6d620d88e3f4c3e96a9567e365946960d427266fafb1405874d9df3d9

SHA512
92652f2c57cfd0d375451ac0cbcc60ec336dc87ab3485b871d1d9927b5e59b0c0d1ae0651c58f0ddeaaeaccb45339ee9e4c051be61dc0104626c4c162d6f49f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
557f4e82f872f561141b0f8867174c95

SHA1
414b3a84bd4baac911c419f3d6e20aab68251056

SHA256
916dae2be780a8a01ee3e11455664b8bab2fdc529b5f2295c900b5dfbc2826d9

SHA512
476994aeb6b5d9ceab4a0bc83628b9c1d3e91ab23d19273370029c2f0ad6e95fe8f05f9f9089a514b837852d987d30311a09329bf5667a74bef565e6af03cde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1fa17e4d20e9d2ec3bb190e51f2f09e

SHA1
a503e7edf58971adc7cd1fc6b914014129be928e

SHA256
10e971251936a7a026f31f56be267b76b7694ccd0f9a6094771ff48bac9bbdb1

SHA512
150348d46e73ea26a831405892080f2ad0fa631663af737e3899e583a88dfc211e99748ff0d1105ce25322e1e6580d26dd0f42e78fd64391f945802957743cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
000145a1fbe8d5a62d5c62420bb35758

SHA1
e9b4880f4544029e2ab6248678ab040aff436d90

SHA256
c9d7c5730aa6d673394b994af9d869539a7cbdbd851467764efdda04029925d1

SHA512
24af267eac66c57cce61249670ce1916f9dee1d3d16cfe80024437289627f46531ce7cbd3d09238e1aecc56a9bcd069ba1ac5f9b166ca7f72dfa9ec8b4fb796e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85cb35c1f800cd7d234d2f2ad51b88ce

SHA1
4d9ec7d160c0b9a53fc28c113ad15355e5faf816

SHA256
d8329be6350527bf888019a053beb9d968574a6734cb7e6112b73ebb071e7e27

SHA512
71db90fe69f671c2f8b534d97978755291892d032e7915ecde693b3903bde05a6a5d13ab7f68e4113afb9cacb72c43b92c760e01b05a3ec89bed943052f958d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5c3a1e2346a07194e00a7575447f541f

SHA1
bcfa7a67d5485f39f06a1751e9c2fbbe06d88027

SHA256
3400673b7090e2663e27ca2048f1810c8f150de5333a8126021c3b636a6424f2

SHA512
47c161054c1c6c5ad0c25b331234fdc7f9cb796b66e039a5766c510ce490729c89a5eba7e1927822f525775784c58114123b20b0eae4fe11fbaa18536ccb65c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583e3d.TMP

Filesize
48B

MD5
a7c9ec050da2526cc7df58c71ab956b8

SHA1
13cf26de11176daf6c0d6b316f3821ae60e5d626

SHA256
24779fb48989a5b461a028fbc9ed9f63bc3d8a770b0c819be388260022ecea12

SHA512
7cd3dff223fad059b1a657084ca38fb29bedbe79496a4309a08da840f639b8577822791bd3b6fe2929bb87816cbf41ff8b5bb2f1e34ad3ebbc6560dcd92a314e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
2a1880f2c7d6306b148c22c68b46e163

SHA1
965a85d531f413394956ad2b554356e67ab58fad

SHA256
6371334604e5a245d679f769a2d998ba4a0998f8d2eb338fe0e2366020f2c1ae

SHA512
7c36d8157b5a3e4c1695080a597d364639f71ef8d86abe4d5708123060eb37973d18243a09f9a6fc2aeb7b452c4234ccce7c66e302a810e9ee0efcf99b67da8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
489d5f0fd7c2d6bd727a16a7395bcc8e

SHA1
cd1e16a5f4e245323fb9a87d7450b1bef5a57d53

SHA256
ab9b8a0d941b933d0e0220956d2d9fc09f32c248bf4ee64d6b34247a948cc026

SHA512
8a61681b17a04619dd448a930152975e3c769b253894da4304af9c128c3f7df783e488501908473b6d1261492ce49d14bc965651c9e6b75ce9fe36539bdab09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f0e8.TMP

Filesize
203B

MD5
1bd45dff726c2efe0ec793db6753f045

SHA1
a9a176655f54a6aa27deea3f6a2e43a69081e5f1

SHA256
f9755f05a451f27c6a1602a305a7d822bc2f28e7433e4cc9f8b43545849e249d

SHA512
d7c684a5d73b23ff54e5d8f6052bbd22797cb1d1ff61a0ded175f12ae04992aa30f62af1ab4693487032046e38d4a85e0644a06aa8789b7d40f4261ab477e95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b0fb09b42ae2057c757ec61b333b9dda

SHA1
8836ddbd9f36d1635f5a7fc24427161a3f16afcd

SHA256
add03db07a697fbfdb0266bb7dca10d1877e47d8d3d80e400fa6c04a810cdf7c

SHA512
31a5c18a442ffe8acc5c0a03136675966e480bc18171af077320dd290277990aae0cc966afabca42623b6c472908cb18e361dc8a58451110c593098645a4c5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0922f5e5742ddfa7449c1304e86206cf

SHA1
7363b43a12a8db28e719e5a1b72dadbffb026853

SHA256
fc4596f6170336a98a54a1036eed154c9e4455048f9908d0345d98d2467b268f

SHA512
7846b8dc4e341011a4b1ed0f6b091755b256f3ebbea95083a27f37d783a9eef77750bd9d4f967811437fcdc3900c06b7e80b14496bf8696b178a5e1ea3fd2601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

Filesize
8KB

MD5
e88cb118848dbd875b31dfac5dede9e7

SHA1
0d944da26b7973438765dd0adaa61341a6e25150

SHA256
96d49bc1ca7637733b7c189d31d2c6403cd40af7c2b6a746175c5710ef1584ca

SHA512
8adfaa6e0a6b13d384fd5aeeb91155efb11c5e993490cd4647008acf158d29e31f2dcd8ecebe9915e8847a7a41eb9cfe44f284c0fca5027351d32adcabd012f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

Filesize
8KB

MD5
f69dd2e008417ee52560cd7624572b9b

SHA1
414604ea3407630d2110ed3d4210f228a574e1b3

SHA256
ba422f11c3a9110b1fc01d0fcbd53300e676f3da67bd5ce274c2ab305dfdc60b

SHA512
a9e803978b2c3494105bea250afb0774f29eef38cb5c81176ea4aec93d0bb909983af09a7a5c3c597ba4f2b1ee3fbc3c0426c4d9eff253c6437b739bc69b8248

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dx1fuil5.2mh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7ABA.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7ABA.tmp\nsExec.dll

Filesize
6KB

MD5
35200be9cf105f3defe2ae0ee44cea12

SHA1
3f4a09eeb477d3f048cdfb848b95aa39b20d89dc

SHA256
0096ae873c75f4e4d802dc97eec9893acc0749a7346e63f25a8d52ba8e11c527

SHA512
f8f7d8a844d588c6e2d6dc54e0d4bcbb1c4229a6e8f4d110a5e3d47eb0b8b5e0860ff5d31762229a731e08d7b232468b2a78c29778a9f0c62a7381db89175833

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 836383.crdownload

Filesize
884KB

MD5
d4bc14d79adb65d8a03c1043f0c2ff07

SHA1
d454154fe8241eecf2a53f658aaeed805d25fecc

SHA256
de3e7309a038212864c3f1d717e29cbc3528390f1a8a99b5aee924f1fddc2508

SHA512
71f04ad3d96e5d83839cb9effb71ac826cb9ea6e4701c0e744b7d9f80fe029669f8ce06b6080e0c97a94abe1be44f81b09dbd0b57758cd11249ab1e39fc30a29

Download Submit
C:\Users\Admin\Downloads\Xeno-v1.1.0-x64.zip

Filesize
4.5MB

MD5
93357db14af91a53bcab556e80103c1c

SHA1
7643f56e7ceace571c7000b937275f747af659af

SHA256
80c4016577c11791f64e2d43e1dfad2b01adf7276100400a4421b48df6e6fbfe

SHA512
5a46cb9f2a3ce090eb44e57609dd12bff268d5df09666ec1fb71f7e9f9d170a58994c4a5a1eef3e23fd91e08f3b47b6d90954cb9477017a71f81c1e1e950f1e4

Download Submit
memory/2308-633-0x0000000007940000-0x00000000079E3000-memory.dmp

Filesize
652KB

Download
memory/2308-639-0x0000000007C50000-0x0000000007C5E000-memory.dmp

Filesize
56KB

Download
memory/2308-608-0x00000000060B0000-0x0000000006116000-memory.dmp

Filesize
408KB

Download
memory/2308-606-0x0000000005750000-0x0000000005772000-memory.dmp

Filesize
136KB

Download
memory/2308-605-0x00000000057E0000-0x0000000005E08000-memory.dmp

Filesize
6.2MB

Download
memory/2308-604-0x0000000005130000-0x0000000005166000-memory.dmp

Filesize
216KB

Download
memory/2308-618-0x0000000006220000-0x0000000006574000-memory.dmp

Filesize
3.3MB

Download
memory/2308-619-0x00000000066E0000-0x00000000066FE000-memory.dmp

Filesize
120KB

Download
memory/2308-642-0x0000000007C90000-0x0000000007C98000-memory.dmp

Filesize
32KB

Download
memory/2308-641-0x0000000007D40000-0x0000000007D5A000-memory.dmp

Filesize
104KB

Download
memory/2308-640-0x0000000007C60000-0x0000000007C74000-memory.dmp

Filesize
80KB

Download
memory/2308-620-0x0000000006720000-0x000000000676C000-memory.dmp

Filesize
304KB

Download
memory/2308-621-0x0000000006CA0000-0x0000000006CD2000-memory.dmp

Filesize
200KB

Download
memory/2308-622-0x000000006F230000-0x000000006F27C000-memory.dmp

Filesize
304KB

Download
memory/2308-632-0x0000000006CE0000-0x0000000006CFE000-memory.dmp

Filesize
120KB

Download
memory/2308-634-0x0000000008070000-0x00000000086EA000-memory.dmp

Filesize
6.5MB

Download
memory/2308-635-0x0000000007A10000-0x0000000007A2A000-memory.dmp

Filesize
104KB

Download
memory/2308-636-0x0000000007A70000-0x0000000007A7A000-memory.dmp

Filesize
40KB

Download
memory/2308-607-0x0000000006040000-0x00000000060A6000-memory.dmp

Filesize
408KB

Download
memory/2308-637-0x0000000007CA0000-0x0000000007D36000-memory.dmp

Filesize
600KB

Download
memory/2308-638-0x0000000007C10000-0x0000000007C21000-memory.dmp

Filesize
68KB

Download
memory/3640-1728-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1718-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-986-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1035-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1007-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1735-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1734-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1733-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1732-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-765-0x0000000006050000-0x0000000006265000-memory.dmp

Filesize
2.1MB

Download
memory/3640-1731-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/3640-1727-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/5512-654-0x0000000000400000-0x0000000001E90000-memory.dmp

Filesize
26.6MB

Download
memory/5892-472-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/5892-466-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/5892-314-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/5892-467-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/5892-746-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/5892-743-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/5892-739-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/5892-737-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download