Overview

overview

10

Static

static

10

sigma.zip

windows7-x64

1

sigma.zip

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2025 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sigma.zip

  • Size

    4.5MB

  • MD5

    1dfeebdf82ab3ed01ddd18ab3a4650fd

  • SHA1

    d9be45847f326af2a7a1bf26945b813f1bf8df77

  • SHA256

    8aae531dd3a505f3626825ac271c6beec7f25fea3d2c90cb704d9eb9f4ece7f8

  • SHA512

    dae196c7db8ed2fbdb8c2e8469c496e48c23ce9eb4d6f31d3468b7cc169489cf1be9967ee104377403b6b53acdc92da9e030a561116eea7c15f8aef92ae1826f

  • SSDEEP

    98304:WiMbhvRrGFryU0NBkhoidjUXp5KkNbwBDl5NuMD8Pl4cOVh86y4X:9M3aFrphoPXL5hA8MDbT84X

Score
10/10
asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6930132082:AAF9Abmx5782IJWJVqCaUgCZ8zIA1r0hry0/sendMessage?chat_id=5960891953
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 2 IoCs
  • Stormkitty family
    stormkitty
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 31 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 24 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 32 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 8 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\sigma.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2880
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:368
    • C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe
      "C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe"
      1⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1952
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        2⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Wi-Fi Discovery
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1004
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:4540
        • C:\Windows\SysWOW64\findstr.exe
          findstr All
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4048
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2996
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4448
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show networks mode=bssid
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:4216
    • C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe
      "C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe"
      1⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        2⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Wi-Fi Discovery
        • Suspicious use of WriteProcessMemory
        PID:3056
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2072
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:2284
        • C:\Windows\SysWOW64\findstr.exe
          findstr All
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2996
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:880
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2016
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show networks mode=bssid
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:4952
    • C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe
      "C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe"
      1⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        2⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Wi-Fi Discovery
        • Suspicious use of WriteProcessMemory
        PID:3624
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2880
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:2508
        • C:\Windows\SysWOW64\findstr.exe
          findstr All
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3960
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3904
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1836
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show networks mode=bssid
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:1752
    • C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe
      "C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe"
      1⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3496
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        2⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Wi-Fi Discovery
        PID:3880
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4908
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:1872
        • C:\Windows\SysWOW64\findstr.exe
          findstr All
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4392
      • C:\Windows\SysWOW64\cmd.exe
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        2⤵
        • System Location Discovery: System Language Discovery
        PID:2148
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2880
        • C:\Windows\SysWOW64\netsh.exe
          netsh wlan show networks mode=bssid
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Location Discovery: System Language Discovery
          PID:3732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Directories\Desktop.txt
      Filesize

      1KB

      MD5

      b4ed8deee10da9c19618118ec18f6a3f

      SHA1

      e46ad0d8076c0688fe7fe68674f5f10a3950cd28

      SHA256

      5264d7b1697e76dfef27c4156a6aba566bb75dd431b64dfd14cfb9f587e699f7

      SHA512

      20620f2d0c8a6210ead07cf023de82b63cc74cad73edb61e08c8ae9a45d887c07607a2e129d2b66a74d5a0760e84c52f80520d3e08069a926a273d9c44696ae1

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Directories\Documents.txt
      Filesize

      898B

      MD5

      fc05925608c1f178ee882ed7f7b7de4b

      SHA1

      6eb108a205444c851c3dd5f729027221e5a035bf

      SHA256

      aa4db9c8cfb86fdba41176579b8e74c84b49bdf546a07bc31f98d1fd3a03719d

      SHA512

      7e1ec37968b6e78d4ab0b251c2ef2c457a0d74c235ec0771c92134b98ab6de9d11193fb3879a90978b515a47144b4afb142a42d0d28db01c3b6492d24918c348

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Directories\Downloads.txt
      Filesize

      682B

      MD5

      bd2694e110627c34881aba8697a38a05

      SHA1

      d21db44f0b663bd17186ec1438780b1329e59216

      SHA256

      502d6f96bbbdc398312934099285e9898e19d6c4b70b851cc7e70bec19687483

      SHA512

      1532a1c69ea179da6eff819b253c2aa3a4554fd2ecc404fbae6f69485a74943d77efaf4a5be1f88052ee782aafeaae1e875433edfa2be9bbf1c97bda1107a743

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Directories\OneDrive.txt
      Filesize

      25B

      MD5

      966247eb3ee749e21597d73c4176bd52

      SHA1

      1e9e63c2872cef8f015d4b888eb9f81b00a35c79

      SHA256

      8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e

      SHA512

      bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Directories\Pictures.txt
      Filesize

      761B

      MD5

      50666d41814ed47d3e1024bd59307862

      SHA1

      ea60b996365961efc0425e89af198681c5b454ba

      SHA256

      f33fa94890827b971a7e0a374b89efd80fa4928acfb2466abc18593d397e746c

      SHA512

      a9f0f158a5313d41cbed8c5be5fd728f973e38f43f70a703e5d19d9280bbde99ef9a343539acfb188001c48be347faab034c2969cbbff7e141bd70865cb93532

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Directories\Startup.txt
      Filesize

      24B

      MD5

      68c93da4981d591704cea7b71cebfb97

      SHA1

      fd0f8d97463cd33892cc828b4ad04e03fc014fa6

      SHA256

      889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483

      SHA512

      63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Directories\Videos.txt
      Filesize

      23B

      MD5

      1fddbf1169b6c75898b86e7e24bc7c1f

      SHA1

      d2091060cb5191ff70eb99c0088c182e80c20f8c

      SHA256

      a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733

      SHA512

      20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini
      Filesize

      282B

      MD5

      9e36cc3537ee9ee1e3b10fa4e761045b

      SHA1

      7726f55012e1e26cc762c9982e7c6c54ca7bb303

      SHA256

      4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

      SHA512

      5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini
      Filesize

      402B

      MD5

      ecf88f261853fe08d58e2e903220da14

      SHA1

      f72807a9e081906654ae196605e681d5938a2e6c

      SHA256

      cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

      SHA512

      82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini
      Filesize

      282B

      MD5

      3a37312509712d4e12d27240137ff377

      SHA1

      30ced927e23b584725cf16351394175a6d2a9577

      SHA256

      b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

      SHA512

      dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini
      Filesize

      190B

      MD5

      d48fce44e0f298e5db52fd5894502727

      SHA1

      fce1e65756138a3ca4eaaf8f7642867205b44897

      SHA256

      231a08caba1f9ba9f14bd3e46834288f3c351079fcedda15e391b724ac0c7ea8

      SHA512

      a1c0378db4e6dac9a8638586f6797bad877769d76334b976779cd90324029d755fb466260ef27bd1e7f9fdf97696cd8cd1318377970a1b5bf340efb12a4feb4a

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini
      Filesize

      190B

      MD5

      87a524a2f34307c674dba10708585a5e

      SHA1

      e0508c3f1496073b9f6f9ecb2fb01cb91f9e8201

      SHA256

      d01a7ef6233ef4ab3ea7210c0f2837931d334a20ae4d2a05ed03291e59e576c9

      SHA512

      7cfa6d47190075e1209fb081e36ed7e50e735c9682bfb482dbf5a36746abdad0dccfdb8803ef5042e155e8c1f326770f3c8f7aa32ce66cf3b47cd13781884c38

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini
      Filesize

      504B

      MD5

      29eae335b77f438e05594d86a6ca22ff

      SHA1

      d62ccc830c249de6b6532381b4c16a5f17f95d89

      SHA256

      88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

      SHA512

      5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\System\Process.txt
      Filesize

      4KB

      MD5

      c1cef7caced53a950ae3d139f273eb35

      SHA1

      830ed8185d80be95aeb422127fb9f68dcde27273

      SHA256

      94d0c3fd6b48a9a571dc5e5acfe30313549d67a316e123f70196a3b604fee761

      SHA512

      c24ea99ed605a57915eabef79516990c2b6039879dd766ba701e0534a42dcdbc621e55e95c12a3cfb5072447e43965f8d18aa8c31ad2481ec9864a62eacbd4c2

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\System\ProductKey.txt
      Filesize

      29B

      MD5

      71eb5479298c7afc6d126fa04d2a9bde

      SHA1

      a9b3d5505cf9f84bb6c2be2acece53cb40075113

      SHA256

      f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3

      SHA512

      7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\System\ScanningNetworks.txt
      Filesize

      84B

      MD5

      58cd2334cfc77db470202487d5034610

      SHA1

      61fa242465f53c9e64b3752fe76b2adcceb1f237

      SHA256

      59b3120c5ce1a7d1819510272a927e1c8f1c95385213fccbcdd429ff3492040d

      SHA512

      c8f52d85ec99177c722527c306a64ba61adc3ad3a5fec6d87749fbad12da424ba6b34880ab9da627fb183412875f241e1c1864d723e62130281e44c14ad1481e

      Download Submit

    • C:\Users\Admin\AppData\Local\14220e35b12ab1d7fa130c821d1bbebc\Admin@KBKWGEBK_en-US\System\Windows.txt
      Filesize

      170B

      MD5

      e5611d1194d23519cc60f473999b46ff

      SHA1

      fa0c1479e0d54e477f24a9a13a5188689baf47c3

      SHA256

      4ec779601585bd02a584a385f5ee900dedba7ba8af365091293b8570da50fde9

      SHA512

      36371fd1c4ee924a213b912da310453970b0fc9a40acb0d16c6085d310787a5a948d8c9e044ded71dd5e5ebd15b59b203a9bfdaff5b2d2729a8c62f6d29fac9c

      Download Submit

    • C:\Users\Admin\AppData\Local\2b890aefcc9965968e99d0eec0859a1e\Admin@KBKWGEBK_en-US\System\Process.txt
      Filesize

      4KB

      MD5

      24fbd14353239651c5b5e58da705d8e7

      SHA1

      0cdb10822f1352ed9d8d3cd04ca659b4b423e7fb

      SHA256

      fc1994dbfdbec9e6dff973088ee6bebac95d6296808293758e71f84fed7af6ca

      SHA512

      12621d86ad331f1ffed60f1e7a047eea808c427af8bac18b85c0789a9aef47a470919d4aea80a825c4d92b47fe5051550c44fd7cdea05473201ebc38d8e45160

      Download Submit

    • C:\Users\Admin\AppData\Local\5d245553762f91ebf93b56ca0abed3a8\Admin@KBKWGEBK_en-US\Browsers\Firefox\Bookmarks.txt
      Filesize

      105B

      MD5

      2e9d094dda5cdc3ce6519f75943a4ff4

      SHA1

      5d989b4ac8b699781681fe75ed9ef98191a5096c

      SHA256

      c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

      SHA512

      d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

      Download Submit

    • C:\Users\Admin\AppData\Local\5d245553762f91ebf93b56ca0abed3a8\Admin@KBKWGEBK_en-US\System\Process.txt
      Filesize

      4KB

      MD5

      2c059b8129fadb8242198ccd30ace2fa

      SHA1

      fd1b6f463cd5c148291969662700252a8e5ce511

      SHA256

      e7a3c336d69446c33cf8335022425b6b51dc127f3673e3a37e7e0566106a8697

      SHA512

      894f57ee9f387ee12dcd0268a76c50b743a3760429c238e88ae3c99fea4ff7900e5a970846b02fd3d2f1de1ec59cf699ae58356dfc250b78b4c9ca8b95894425

      Download Submit

    • C:\Users\Admin\AppData\Local\73945c0453e9df8d2def1579250ce4ab\msgid.dat
      Filesize

      1B

      MD5

      cfcd208495d565ef66e7dff9f98764da

      SHA1

      b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

      SHA256

      5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

      SHA512

      31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FlashUsdt [Cracked-Version].exe.log
      Filesize

      1KB

      MD5

      a676ce417a83f3701e44bed650e5f6d0

      SHA1

      0b0f4f25f7cd370d206fbc8cb274455af6124290

      SHA256

      760149a74f0b5803d2afc70e85086bfe7b83fd55d09f238be912a391148508e8

      SHA512

      c80281893c35ef4d6f5f39eb33fbe674f6061b223fdc348abef323a33c575d7ea85c283f623ba934eea4493a3e603a4de77343d750ca192dcc08e1a35f6e305a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7zE04B8A338\sigma\FlashUsdt [Cracked-Version]\bin\Transaction.dll
      Filesize

      20KB

      MD5

      6f8082d0e7b66f245306d3e0d95d25d0

      SHA1

      6210e9df67671e6557cfd958071ac515c59bbc76

      SHA256

      42264aaaa43d7c96b117a6d11560b62252c2836afa1df29724d1f2fa6c4b3318

      SHA512

      2afe11cc6929bbcd14f5249bb27d0ddbfc3db642bb94e9e5eca8e03d6c4054c00f4583c3a09d17679822097bd67dd0cfd8bd2ac0fa21d81dd53a781a10879ed9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\places.raw
      Filesize

      5.0MB

      MD5

      c6a299c43a23b40943e8e141b6dcb4bd

      SHA1

      8b3418e6177c4ca7907cd5441307d9bd803bd716

      SHA256

      4de8964d8122c955b77607aefbbbea2afc704d2122755fc29e4fa566141ac11d

      SHA512

      7d1bdd1f064cc55f351d0130bdb5e4e050b29ebb8c2c0228c2954c2ffaa8b6ad1c44b643aa0c38ae60324154186b5890891503d69fad7ab2113d96fb3ab42ee0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp8F0C.tmp.dat
      Filesize

      114KB

      MD5

      9a3be5cb8635e4df5189c9aaa9c1b3c0

      SHA1

      9a7ce80c8b4362b7c10294bb1551a6172e656f47

      SHA256

      958f70959a70caf02c0063fe80f12c4d4d3f822a9fd640a6685c345d98708c26

      SHA512

      5c538513eba7ebaf7028b924d992b4c32ca323ad44f7a31e21970ed6852ea8b54cf71b2f811e8bf97f2744ee151e001ea52ba43b61cd032cc5a4c886292aac65

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp8F1E.tmp.dat
      Filesize

      160KB

      MD5

      f310cf1ff562ae14449e0167a3e1fe46

      SHA1

      85c58afa9049467031c6c2b17f5c12ca73bb2788

      SHA256

      e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

      SHA512

      1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp8F21.tmp.dat
      Filesize

      116KB

      MD5

      f70aa3fa04f0536280f872ad17973c3d

      SHA1

      50a7b889329a92de1b272d0ecf5fce87395d3123

      SHA256

      8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

      SHA512

      30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmpC8BB.tmp.dat
      Filesize

      40KB

      MD5

      a182561a527f929489bf4b8f74f65cd7

      SHA1

      8cd6866594759711ea1836e86a5b7ca64ee8911f

      SHA256

      42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

      SHA512

      9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmpC8D0.tmp.dat
      Filesize

      48KB

      MD5

      349e6eb110e34a08924d92f6b334801d

      SHA1

      bdfb289daff51890cc71697b6322aa4b35ec9169

      SHA256

      c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

      SHA512

      2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmpC8D1.tmp.dat
      Filesize

      20KB

      MD5

      49693267e0adbcd119f9f5e02adf3a80

      SHA1

      3ba3d7f89b8ad195ca82c92737e960e1f2b349df

      SHA256

      d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

      SHA512

      b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmpC8D2.tmp.dat
      Filesize

      124KB

      MD5

      9618e15b04a4ddb39ed6c496575f6f95

      SHA1

      1c28f8750e5555776b3c80b187c5d15a443a7412

      SHA256

      a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

      SHA512

      f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmpC960.tmp.dat
      Filesize

      96KB

      MD5

      40f3eb83cc9d4cdb0ad82bd5ff2fb824

      SHA1

      d6582ba879235049134fa9a351ca8f0f785d8835

      SHA256

      cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

      SHA512

      cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

      Download Submit

    • C:\Users\Admin\AppData\Local\d0fab9f5485e0c628abe30c07cd3af8b\Admin@KBKWGEBK_en-US\System\Process.txt
      Filesize

      4KB

      MD5

      559a794ce87cd15f11873dbc6fd5f2b1

      SHA1

      e3f7ee7731a04ea8ae88957d40066353a5209f98

      SHA256

      bc9152055267ceb6be0661f4158863f5e14c939b91023cda85ab771d584ef248

      SHA512

      cd9ae5b2908d9f8910d77e2ab2d14e65a29f40279f01e5629ac24d96aba075de9e77943e0b636ee698b8d30c2afadd96126cd2fc8139d893deb6c8f77c2ada07

      Download Submit

    • C:\Users\Admin\AppData\Local\d0fab9f5485e0c628abe30c07cd3af8b\Admin@KBKWGEBK_en-US\System\WorldWind.jpg
      Filesize

      94KB

      MD5

      2622efd784c84b2886fd416a6c2a6201

      SHA1

      2598642d8215c98f6e3e57987115f007c6bc9e02

      SHA256

      7f10c1df2ea119e1c1be24ecb952676a27a19d14195e0de6ea6e05b019bcd397

      SHA512

      aeba20a578a7dff8e57785a7b406216367d1296811cd8dd280c47c6dbd77bf134c02ebec80165db1834c0c1de9ac6a74e0248beb41e0eb89ec5c369a54c18b19

      Download Submit

    • C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\FlashUsdt [Cracked-Version].exe
      Filesize

      175KB

      MD5

      7719946324f2bc7ce04cd80c68416c5a

      SHA1

      a250cec22dadf82782119a6de7181a39bb9dfc0a

      SHA256

      878ef6d6fad00bf8ae3eb6c1f021f4a608a9b4d58fa4118cc32f59184dac3e63

      SHA512

      012101d158857ec813b384c99f7833d9e23f10c499eb8aeafbab1c72013dcad1a1c543aa7e85b565b4fc9d6132e57aae940b5a8c2abcae00acc9c82b9e0bcf13

      Download Submit

    • C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\ReadMe.txt
      Filesize

      154B

      MD5

      7a37ba039cef0f552acfffdbb3b221dc

      SHA1

      251bb16515f95e104ee986ba0c22eb2644e49174

      SHA256

      018b97d64a3fa372f466611de0d165ada6c44ba845e2ff143a044051662dd4a7

      SHA512

      cc2df46d12e1569d391fb90bdbe2e0a4cc44e34e4ce9cc37ecb568e99fad1f58bad68a1ad622d04b9944cba15c8d882cfda165310358fdcd5e9a6877b2604854

      Download Submit

    • C:\Users\Admin\Desktop\sigma\FlashUsdt [Cracked-Version]\config\Environment.ini
      Filesize

      925B

      MD5

      1ea6638d63772c6c0ea24f7857dfbd77

      SHA1

      57396f7d2e0e168df2982813a1592e520effe944

      SHA256

      810af86286be827a425730dff9b26479c3aff7a99635031d917bdc41a650a5fe

      SHA512

      317dc140608623d46effe1df3cca7f6f46bfb0a69a97b3c3f37bb5ef18abd13203de02f62a9f9fdfaa04cf86cfd16973ebdf333a96156377b3f1de5f014b64f8

      Download Submit

    • memory/1952-295-0x00000000068D0000-0x00000000068E2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1952-44-0x000000007534E000-0x000000007534F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1952-45-0x0000000000480000-0x00000000004B2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1952-46-0x0000000075340000-0x0000000075AF0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1952-47-0x0000000004E60000-0x0000000004EC6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1952-153-0x000000007534E000-0x000000007534F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1952-171-0x0000000075340000-0x0000000075AF0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1952-202-0x00000000059F0000-0x0000000005A82000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1952-207-0x0000000005C00000-0x0000000005C0A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1952-203-0x0000000006040000-0x00000000065E4000-memory.dmp

      Filesize

      5.6MB

      Download