Analysis

  • max time kernel
    791s
  • max time network
    784s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    15/01/2025, 04:33

General

  • Target

    Downloads.rar

  • Size

    234.8MB

  • MD5

    8b3aaaccd8a5144c2353269608efa782

  • SHA1

    e9bd551725403a0938404d599d19b2328b45d5eb

  • SHA256

    4703a486b7b3cc3ea426bfba5247bba27e608df3bb6bb3f02c5d385acde46112

  • SHA512

    b25834eddcc2751991908df42c6615115d2f455c3a7d15077328870c67011d924604e402e56f2d09c9cd8d99898906eb348f9e630d05770f7bcc223741f80892

  • SSDEEP

    6291456:xoS5S1mHkSm2Ke1yEIev8MnUtHQCblJM0nHI5o:e4S1282d1yEBUMnCQCwcHIi

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 2 IoCs
  • Drops file in Drivers directory 2 IoCs
  • Looks for VMWare Tools registry key 2 TTPs 2 IoCs
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 26 IoCs
  • Loads dropped DLL 64 IoCs
  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 4 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Detects Pyinstaller 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 62 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Downloads.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4140
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2296
    • C:\Windows\System32\NOTEPAD.EXE
      "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\scripting.bat
      1⤵
        PID:1984
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\scripting.bat" "
        1⤵
        • Drops file in Drivers directory
        • Suspicious use of WriteProcessMemory
        PID:700
        • C:\Windows\system32\openfiles.exe
          openfiles
          2⤵
            PID:3080
          • C:\Windows\system32\certutil.exe
            certutil -addstore "Root" "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\certificate.crt"
            2⤵
              PID:4296
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\scripting.bat"
            1⤵
            • Drops file in Drivers directory
            • Suspicious use of WriteProcessMemory
            PID:2464
            • C:\Windows\system32\openfiles.exe
              openfiles
              2⤵
                PID:4988
              • C:\Windows\system32\certutil.exe
                certutil -addstore "Root" "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\certificate.crt"
                2⤵
                  PID:2944
              • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\prada\1337.exe
                "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\prada\1337.exe"
                1⤵
                • Executes dropped EXE
                PID:1544
              • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\dumper.exe
                "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\dumper.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:4724
              • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\dumper.exe
                "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\dumper.exe" "C:\Users\Admin\Desktop\disk spoofer.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:1736
              • C:\Users\Admin\Desktop\disk spoofer.exe
                "C:\Users\Admin\Desktop\disk spoofer.exe"
                1⤵
                • Looks for VirtualBox Guest Additions in registry
                • Looks for VMWare Tools registry key
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Maps connected drives based on registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:3720
              • C:\Users\Admin\Desktop\disk spoofer.exe
                "C:\Users\Admin\Desktop\disk spoofer.exe"
                1⤵
                • Looks for VirtualBox Guest Additions in registry
                • Looks for VMWare Tools registry key
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Maps connected drives based on registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:2520
              • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe
                "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:668
              • C:\Windows\system32\taskmgr.exe
                "C:\Windows\system32\taskmgr.exe" /4
                1⤵
                • Checks SCSI registry key(s)
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                PID:4952
              • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe
                "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:2012
              • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe
                "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:3440
              • C:\Windows\system32\NOTEPAD.EXE
                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\ownerid & secret fetcher\fetcher.log
                1⤵
                  PID:3452
                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Filegrab\FileGrab.exe
                  "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Filegrab\FileGrab.exe"
                  1⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:1376
                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\PE-bear.exe
                  "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\PE-bear.exe"
                  1⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious behavior: AddClipboardFormatListener
                  • Suspicious behavior: GetForegroundWindowSpam
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:3792
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\PE-bear.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\PE-bear.exe"
                    2⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Modifies registry class
                    • Suspicious behavior: AddClipboardFormatListener
                    • Suspicious behavior: GetForegroundWindowSpam
                    • Suspicious use of SetWindowsHookEx
                    PID:1188
                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pestudio-9.59\pestudio\pestudio.exe
                  "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pestudio-9.59\pestudio\pestudio.exe"
                  1⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious behavior: GetForegroundWindowSpam
                  • Suspicious use of SetWindowsHookEx
                  PID:3932
                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense.exe
                  "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense.exe"
                  1⤵
                  • Executes dropped EXE
                  • Suspicious use of WriteProcessMemory
                  PID:3008
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense.exe"
                    2⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of WriteProcessMemory
                    PID:5092
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c "ver"
                      3⤵
                        PID:5056
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:3648
                    • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe
                      "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe"
                      2⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:4300
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c "ver"
                        3⤵
                        • System Location Discovery: System Language Discovery
                        PID:4224
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe" "C:\Users\Admin\Desktop\disk spoofer.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:4440
                    • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe
                      "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense x32.exe" "C:\Users\Admin\Desktop\disk spoofer.exe"
                      2⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:1056
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c "ver"
                        3⤵
                        • System Location Discovery: System Language Discovery
                        PID:2012
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\VMPDump\VMPDump.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\VMPDump\VMPDump.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:2208
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\VMPDump\VMPDump.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\VMPDump\VMPDump.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:2532
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\VMPDump\VMPDump.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\VMPDump\VMPDump.exe" "C:\Users\Admin\Desktop\disk spoofer.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:2204
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PIDGet.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PIDGet.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:2740
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pssuspend.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pssuspend.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:2900
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pssuspend64.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pssuspend64.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:2360
                  • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pssuspend64.exe
                    "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pssuspend64.exe"
                    1⤵
                    • Executes dropped EXE
                    PID:2080
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
                    1⤵
                    • Enumerates system info in registry
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of WriteProcessMemory
                    PID:1004
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffff1f246f8,0x7ffff1f24708,0x7ffff1f24718
                      2⤵
                        PID:4064
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
                        2⤵
                          PID:4008
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
                          2⤵
                            PID:4360
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
                            2⤵
                              PID:3584
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
                              2⤵
                                PID:4328
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
                                2⤵
                                  PID:2876
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
                                  2⤵
                                    PID:4376
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                                    2⤵
                                      PID:3736
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
                                      2⤵
                                        PID:668
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                        2⤵
                                        • Drops file in Program Files directory
                                        PID:2808
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a8,0x2ac,0x2b0,0x284,0x2b4,0x7ff782bb5460,0x7ff782bb5470,0x7ff782bb5480
                                          3⤵
                                            PID:2004
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
                                          2⤵
                                            PID:1480
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                                            2⤵
                                              PID:1904
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
                                              2⤵
                                                PID:4776
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                                                2⤵
                                                  PID:384
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                                  2⤵
                                                    PID:2116
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                                                    2⤵
                                                      PID:4504
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                                                      2⤵
                                                        PID:3284
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,37476852852186432,18230625155136721938,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 /prefetch:2
                                                        2⤵
                                                          PID:4044
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:2144
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:4648
                                                          • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe
                                                            "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\rtg.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:764
                                                          • C:\Program Files\7-Zip\7zG.exe
                                                            "C:\Program Files\7-Zip\7zG.exe" a -i#7zMap3216:906:7zEvent21974 -ad -saa -- "C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\dumper"
                                                            1⤵
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:4776

                                                          Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  501a25f290332c25255eaaf70ee6f240

                                                                  SHA1

                                                                  23cba10495d7098ad6de6936cf31c1b0eefd1246

                                                                  SHA256

                                                                  420c031363bcb69b4cc540b0afad7180d21b4957a2d6eabe23a40e669aeeebcc

                                                                  SHA512

                                                                  84ba813e4036be7d9fa08d5fab885421017d008f8fe8d99f56313b54f490c9151a27a67734bb17101691df563efef7e5379250f476e869a848f225786a913081

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  4c2eb126a03012e4645cbf12fa576adb

                                                                  SHA1

                                                                  f4fc0dbbe2fca0aab23014eeee6d533aad91b5fb

                                                                  SHA256

                                                                  ce9774b847a66f7dce4153518d56469986dedfe78acbcca8e97a64d21df5a1ec

                                                                  SHA512

                                                                  40008285483a37d186c6feaaea96e92f8d665193eb2cd4af0ccd2e77544fa2afedd8aa89b8f09e49e1d6960cbe8543389151d2413c8be408794b70da0eb122e7

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ef80423-6e60-4c11-b2a6-2128fb8735f2.tmp

                                                                  Filesize

                                                                  24KB

                                                                  MD5

                                                                  ef30b5850d78b050b13ae82ee13c6b28

                                                                  SHA1

                                                                  25bcd922ab2c62d47c9bfac3fafcca08317ad8e5

                                                                  SHA256

                                                                  dfd732ede1af0d6dc560b9fbef26f92f9fdf83a72da3e6910cb39843be4fed30

                                                                  SHA512

                                                                  f9bdbddff6fe99cacf3a670ab5504849668c9049053eca2a4b51f74eb050ea4d60629ce29a571223b1cf293101d646067f9f00e4fb3039738921e1c042419f8e

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  144B

                                                                  MD5

                                                                  5ded83fd632c71faeddd45a56aee167e

                                                                  SHA1

                                                                  d59bab7c90c4c0b199111a0c2a53302883da5a44

                                                                  SHA256

                                                                  a77c5a41d6e14c79286a796cc65ec6087dd93d9cfaa948f5440b646fce4831ef

                                                                  SHA512

                                                                  f649d56b9f6c5ca03346bf7e4fdb7d59ddeb92fbc42b6c65dedeb00b60a0615dae49c197964bde769c7b162203be8b0fe02a814988963205e65d755bf56e756d

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  168B

                                                                  MD5

                                                                  0a3e5c57f1118a9a917da5550c221af9

                                                                  SHA1

                                                                  f0c971acf10e4176e9d6f4864bcc78f5df33329c

                                                                  SHA256

                                                                  373c4ea25dfc99437a2c05a3a7dd968b292debd9d8e585f662d8dd7971428659

                                                                  SHA512

                                                                  59bd5095f47f991b993aba7f3151a1b41326189ab0355d0157e0d843b31d7c9ded17c24244afe711b19abeb6f1b7811aed0b221e1ecb391759c8e1683f2a6e42

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  48B

                                                                  MD5

                                                                  28db184439a9340e826aa4de4806627b

                                                                  SHA1

                                                                  9d2800c68758c72789a3b00c6d1a2005ea6bd367

                                                                  SHA256

                                                                  d028b6ed5f56d2a4faba4f0a8ae81ef0bff022a99d27582516d06dca0b736cfa

                                                                  SHA512

                                                                  5ebbba421683a4de476b5d73523ca15a133079198417de133d004d39d12470f08e90c093237fb960ddeabcc6fc92bbf274239cb54c763f54af811f3f84e0da7c

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                                  Filesize

                                                                  70KB

                                                                  MD5

                                                                  e5e3377341056643b0494b6842c0b544

                                                                  SHA1

                                                                  d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                  SHA256

                                                                  e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                  SHA512

                                                                  83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                  Filesize

                                                                  539B

                                                                  MD5

                                                                  2e4f9595b536ad470285e7c7c8b23a9f

                                                                  SHA1

                                                                  8a44c7d3dfd9f38e6aaa4df1900c9d7b3b20f72a

                                                                  SHA256

                                                                  9f9a9b7437c96c7f68730deaa9f22a8409a6af82283ca29335f8b7e3e9e2081e

                                                                  SHA512

                                                                  a7a29902792f0eb02222f6c19bed56567dd3682e4db9ad8acb1620cb95a88ea4738a42dca109b2bb82368cd33dbde5b3e263d928d229dd02ac06ab62eab64748

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe6106e5.TMP

                                                                  Filesize

                                                                  59B

                                                                  MD5

                                                                  2800881c775077e1c4b6e06bf4676de4

                                                                  SHA1

                                                                  2873631068c8b3b9495638c865915be822442c8b

                                                                  SHA256

                                                                  226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                  SHA512

                                                                  e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  4ba8f857e340312462fcebaa8e0e8cab

                                                                  SHA1

                                                                  826bd824433f3b38c466b46e65f846402516b5f8

                                                                  SHA256

                                                                  3bc5f5cde97c4a0cf198fdb0b97157c9b8b45372916f4657c7a847696fe17e9c

                                                                  SHA512

                                                                  70ed1ca5a492d4b2cc70421b4470a16fde8b6a36c4701f554d44c1ea777e79aa0531842fe2adf613f129083d0dd806610dfd1f37cd13385a8ee91af72555ca97

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  e72d1293485e93c67a0454d1f205f1cd

                                                                  SHA1

                                                                  7cf77d04ebf2589f9c1ee1d6f7001029ace92948

                                                                  SHA256

                                                                  60925981fb231c356d5a7c44b821530adb226257517d43508a822e1e3604c32b

                                                                  SHA512

                                                                  74eccb1308e3186a63ff937e2fd0d136c7bf46f1025643beca579d70fbaa3e45810fd5e9597cfda234ef7a4260b331aaf2cadb299ea076c462324392c57e9852

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  13b52959dead8f4d25a4ed5f847207e3

                                                                  SHA1

                                                                  ca4be2942f4ad6f3192dbbfaa258e034aec78b45

                                                                  SHA256

                                                                  7751e55ca85d17d52557bf029407c82086fb3197f052243805d05dc132add6c9

                                                                  SHA512

                                                                  0ab87d909b2e81dfc1ec9feb5adf2b7249ee8cc6e8dbdf2795433cb3398d600fa1aed623e9c279f9b8351374ae9b06331bd4cf045d14a0960f7a8d5de4219fff

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  d2e278c1baa069779e7beffe3ca08d04

                                                                  SHA1

                                                                  dd218eb3cf151a6d4cefcc3b86573800f0752afb

                                                                  SHA256

                                                                  2510a4b3579d46fefb3d0a56c31beca7071808c54a508f42520a674ef0cb5ac8

                                                                  SHA512

                                                                  01615184148924b5965701d1ec632315a49b45244bd26056de134b4e2bc1d7eb92661be046ccff090a44b416d40e79134f075ca8f02ca8ac38abf5a6aabb8675

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                  Filesize

                                                                  24KB

                                                                  MD5

                                                                  94ce4b2ff0abce6d838ac24a1b0f4e73

                                                                  SHA1

                                                                  02f4a956ed4f2e2e0ca9c4b75bf8e7245a1cec88

                                                                  SHA256

                                                                  06180545891f02875414f56a2a8ca3f21c2f415e03644674cff1c9674cb9b222

                                                                  SHA512

                                                                  b3bf05777fa4abbd7c475657dea5ca9c00600ab6226843150eff563837c3232c3b513afc0ac5ff1976e35979a51f34710ab74582d1316282bdcb67cc17493c90

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                  Filesize

                                                                  538B

                                                                  MD5

                                                                  51029537075f0fb208b7f4c22dc1b0f1

                                                                  SHA1

                                                                  4b3d530a449d0bad73ac04c8a82f0af542d26ed2

                                                                  SHA256

                                                                  9a9fccf3c06fd9448ce47271dafd98291e46fb2b6f682c79c1659c2dc666c7df

                                                                  SHA512

                                                                  b5c544ba9f7a399e6a555e914c17b2fece78f5f73be1f547f14170c0766050b0b7b6f9c3f8afcba08f3384914bd96a087c1d4b54b727fd87e04ceea0631b2e8b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe60cc9b.TMP

                                                                  Filesize

                                                                  370B

                                                                  MD5

                                                                  030ed795e95fc93175ac626e7ea0e2dd

                                                                  SHA1

                                                                  c0d3a6239d9d7f28c8f9f7dddb75fc10825159d7

                                                                  SHA256

                                                                  c00477f3b293cdb88de97ad2cf3f66db18f2b1415e292c34c09ccd8d6fa51539

                                                                  SHA512

                                                                  f8998ec883152dcffec70a449b65d9882597988bae7272f68545f3eb8d983e35e9ef452b74ad821299e05d26f02ebb9535234c94ed3281f234d7df194ee1285c

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  206702161f94c5cd39fadd03f4014d98

                                                                  SHA1

                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                  SHA256

                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                  SHA512

                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                  Filesize

                                                                  41B

                                                                  MD5

                                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                                  SHA1

                                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                  SHA256

                                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                  SHA512

                                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  b12e14866070aba729151513b81cde8f

                                                                  SHA1

                                                                  af010ac7ddb67a4946b8db2bdb36bddb34c7b711

                                                                  SHA256

                                                                  7970a0aed6161802e7925fac5282add6dde9d1c77944b5ca8c365c0a82b4f54c

                                                                  SHA512

                                                                  ef8cefaa8dc9fabde44d511a30fc59131aa73134cbc146e770aa7a99bf0185938ee78d847529bca7c711229adabb143926418971c0383178c49482bf6ddc171a

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  8b29f80286830ae6cd8d6f2ccbddc5c2

                                                                  SHA1

                                                                  428a1b32864e1367fc5d3a280cb86cf5f822cd31

                                                                  SHA256

                                                                  08d70545ec2a87362566a1b9160c7ebb38fe62b16f93e608db2db4c62125621e

                                                                  SHA512

                                                                  fa69c58b8cc9ce736f7d5ae309cf2dfbf7d7d49d7c522a83d9034c065aff5e748e64f2257a43acb8af37328d1c5ab1be73c3bc1c055220cf81bc5c29b708491a

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  8KB

                                                                  MD5

                                                                  93e16149f0b0c4dab35887280040f22c

                                                                  SHA1

                                                                  f0c409c9a70a5ed3908e0774cd6399850e24c49c

                                                                  SHA256

                                                                  d160f5fbde3aad5d9131553bd63f2737e5efc62de9ed5774c9542e4fda942d30

                                                                  SHA512

                                                                  62943960861b57ecf1658b3d52855f88c59bad796efc515396795ed88d612120841877a4d2fbd0e628007f9b0aef6ada06aacc9ebf9e940f36aeb6a12cb8cfbc

                                                                • C:\Users\Admin\AppData\Local\Temp\7zEC20EE228\Cracking Tools2\Cracking Tools\Cracking Tools\Filegrab\New folder (2)\tWWirfQzHUpgWSeHyp

                                                                  Filesize

                                                                  33KB

                                                                  MD5

                                                                  1898ceda3247213c084f43637ef163b3

                                                                  SHA1

                                                                  d04e5db5b6c848a29732bfd52029001f23c3da75

                                                                  SHA256

                                                                  4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b

                                                                  SHA512

                                                                  84c3ccc657f83725b24a20f83b87577603f580993920cc42d6da58648c6888d950fd19fbb8b404ce51a3eab674066c5cefe275763fbdb32e1ae1ba98097ab377

                                                                • C:\Users\Admin\AppData\Local\Temp\7zEC20EE228\Cracking Tools2\Cracking Tools\Cracking Tools\Filegrab\nmew\BrowserMetrics-65ACF2AC-2910.pma

                                                                  Filesize

                                                                  4.0MB

                                                                  MD5

                                                                  6f64ca90f4dde19acccc01c1a5f75978

                                                                  SHA1

                                                                  f7d358f39d48f34000c78b43063678fa9a7128af

                                                                  SHA256

                                                                  1da0b24c2b5c335c210ab28521770205a219d9f736ed1f5f76eacccceef6fd2b

                                                                  SHA512

                                                                  cc216f54d6e429045a8e5ac977fed9190a59d6503b112d198c3bb1a39d2452e60a266eddd207c26a0cd4d2b93af7fde3fa4ed93623159c44daac8e929f597878

                                                                • C:\Users\Admin\AppData\Local\Temp\7zEC20EE228\Cracking Tools2\Cracking Tools\Cracking Tools\Filegrab\nmew\f_00004b

                                                                  Filesize

                                                                  1.2MB

                                                                  MD5

                                                                  3ad1246ad83b3da15cb79566f692e912

                                                                  SHA1

                                                                  731b4fe9a0cad4259de8287bb03055abeb3028f7

                                                                  SHA256

                                                                  da3b2870e87608fa40c9cdbe8a340b4e2d36979c5318eb06f33eee7c45de6893

                                                                  SHA512

                                                                  a96361db6369c6e0c0f6cbe70e4e11b9fd60d8043eae7d747fec71659b6525f9baa0412a05055a7f9b90f8114ec07a2a43cef128332e5d147643e551b87c1c88

                                                                • C:\Users\Admin\AppData\Local\Temp\7zEC20EE228\Cracking Tools2\Cracking Tools\Cracking Tools\Filegrab\nmew\transH07OIXKR.gif

                                                                  Filesize

                                                                  43B

                                                                  MD5

                                                                  325472601571f31e1bf00674c368d335

                                                                  SHA1

                                                                  2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

                                                                  SHA256

                                                                  b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

                                                                  SHA512

                                                                  717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

                                                                • C:\Users\Admin\AppData\Local\Temp\7zEC20EE228\Cracking Tools2\Cracking Tools\Cracking Tools\UD\x64\Reverse x64.ini

                                                                  Filesize

                                                                  47KB

                                                                  MD5

                                                                  97f48bb67a20a16f0a06788c5cd0c7cd

                                                                  SHA1

                                                                  a68643027106314c5f6a5492e60755693af3f257

                                                                  SHA256

                                                                  6a091ad252b3b946a12e1f8eb55648a8c019b40ada187b85fd589f4f1ae1bafc

                                                                  SHA512

                                                                  47d7d795d09977adf04d9bb5b2806c647925747fde3dc2f6e5a4d644936e094003bb10ee3b8f30e9b0acf96b5b203c90956d8b0069dbcb00bac6ab71763c8aec

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI30082\VCRUNTIME140.dll

                                                                  Filesize

                                                                  106KB

                                                                  MD5

                                                                  4585a96cc4eef6aafd5e27ea09147dc6

                                                                  SHA1

                                                                  489cfff1b19abbec98fda26ac8958005e88dd0cb

                                                                  SHA256

                                                                  a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

                                                                  SHA512

                                                                  d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI30082\python311.dll

                                                                  Filesize

                                                                  5.5MB

                                                                  MD5

                                                                  5a5dd7cad8028097842b0afef45bfbcf

                                                                  SHA1

                                                                  e247a2e460687c607253949c52ae2801ff35dc4a

                                                                  SHA256

                                                                  a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

                                                                  SHA512

                                                                  e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI30082\ucrtbase.dll

                                                                  Filesize

                                                                  987KB

                                                                  MD5

                                                                  6169dac91a2ab01314395d972fc48642

                                                                  SHA1

                                                                  a8d9df6020668e57b97c01c8fd155a65218018af

                                                                  SHA256

                                                                  293e867204c66f6ea557da9dfba34501c1b49fde6ba8ca36e8af064508707b4e

                                                                  SHA512

                                                                  5f42f268426069314c7e9a90ce9ca33e9cd8c1512dcd5cc38d33442aa24dd5c40fa806cc8a2f1c1189acae6a2e680b6e12fb8e79a3c73e38ae21a154be975199

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  a52cc66cc109eed229de4c00779f1590

                                                                  SHA1

                                                                  1afe3489b70b1102fbb896424f9b227c9302ec18

                                                                  SHA256

                                                                  ad06b32e65279289a16b7db2e355a52249e66f024e494e27b42a84fda5fe0ffb

                                                                  SHA512

                                                                  5d20fd0239634593ad45f5c66ace2fd192342116997ab7ef633b3d5f7dd7815aebf0e8b327729ff83a1f5a9b99e64dcb29dc0197734069507565c6cf506d6a24

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  869da3d836eb3fa33ee357bdfb9f5284

                                                                  SHA1

                                                                  26a19f0f4ac0926c9326fe15c91887304fc57ad1

                                                                  SHA256

                                                                  faa9f8ec4647c6a0e96103159a1c7ce028fbdf9a44847798248b0bbf3aa552f6

                                                                  SHA512

                                                                  64dcbbc8de6521e8fb20d79530e7838850550956ff57813b4aee958d2dcf4ac153dfeb1ae3d1fe155db2bcd622248d40a4993915e04a767127b0e14682809a8d

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Filegrab\FileGrab.exe

                                                                  Filesize

                                                                  49KB

                                                                  MD5

                                                                  27f87ebebb071afec1891e00fd0700a4

                                                                  SHA1

                                                                  fbfc0a10ecf83da88df02356568bcac2399b3b9d

                                                                  SHA256

                                                                  11b8cdd387370de1d162516b82376ecf28d321dc8f46ebcce389dccc2a5a4cc9

                                                                  SHA512

                                                                  5386cae4eef9b767082d1143962851727479295b75321e07927bf7ebd60c5e051aeb78d6fa306ed6ef1c1d0182a16f1132a23263aefe9ed5d9d446b70b43a25d

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\PE-bear.exe

                                                                  Filesize

                                                                  5.1MB

                                                                  MD5

                                                                  bd54da575cc249f47935647c55adfb49

                                                                  SHA1

                                                                  c100dee9ec367fbc9484e7a2f6208830af7c0d03

                                                                  SHA256

                                                                  4d3144aeb0713616d1136416625c16f2c5a42c9198eef370b64c3f45cddc5957

                                                                  SHA512

                                                                  6c4f8c51ba37cd8758d64144e6ce2c2f3a058ee14d07e4256d3e4fb92ceda9e242880c94e567a285cb1f63d2a75082f27d45bf6b1a1827aa46452184abf499fd

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\Qt5Core.dll

                                                                  Filesize

                                                                  5.7MB

                                                                  MD5

                                                                  817520432a42efa345b2d97f5c24510e

                                                                  SHA1

                                                                  fea7b9c61569d7e76af5effd726b7ff6147961e5

                                                                  SHA256

                                                                  8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a

                                                                  SHA512

                                                                  8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\Qt5Gui.dll

                                                                  Filesize

                                                                  6.7MB

                                                                  MD5

                                                                  47307a1e2e9987ab422f09771d590ff1

                                                                  SHA1

                                                                  0dfc3a947e56c749a75f921f4a850a3dcbf04248

                                                                  SHA256

                                                                  5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e

                                                                  SHA512

                                                                  21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\Qt5Widgets.dll

                                                                  Filesize

                                                                  5.2MB

                                                                  MD5

                                                                  4cd1f8fdcd617932db131c3688845ea8

                                                                  SHA1

                                                                  b090ed884b07d2d98747141aefd25590b8b254f9

                                                                  SHA256

                                                                  3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358

                                                                  SHA512

                                                                  7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\imageformats\qico.dll

                                                                  Filesize

                                                                  37KB

                                                                  MD5

                                                                  a9abd4329ca364d4f430eddcb471be59

                                                                  SHA1

                                                                  c00a629419509929507a05aebb706562c837e337

                                                                  SHA256

                                                                  1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b

                                                                  SHA512

                                                                  004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\platforms\qwindows.dll

                                                                  Filesize

                                                                  1.4MB

                                                                  MD5

                                                                  4931fcd0e86c4d4f83128dc74e01eaad

                                                                  SHA1

                                                                  ac1d0242d36896d4dda53b95812f11692e87d8df

                                                                  SHA256

                                                                  3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85

                                                                  SHA512

                                                                  0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\PE-bear_0.7.0_qt5_x64_win_vs19\styles\qwindowsvistastyle.dll

                                                                  Filesize

                                                                  140KB

                                                                  MD5

                                                                  53a85f51054b7d58d8ad7c36975acb96

                                                                  SHA1

                                                                  893a757ca01472a96fb913d436aa9f8cfb2a297f

                                                                  SHA256

                                                                  d9b21182952682fe7ba63af1df24e23ace592c35b3f31eceef9f0eabeb5881b9

                                                                  SHA512

                                                                  35957964213b41f1f21b860b03458404fbf11daf03d102fbea8c2b2f249050cefbb348edc3f22d8ecc3cb8abfdc44215c2dc9da029b4f93a7f40197bd0c16960

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\Unlicense\unlicense.exe

                                                                  Filesize

                                                                  47.2MB

                                                                  MD5

                                                                  69e2318d24da523c4d6623385a81f201

                                                                  SHA1

                                                                  62f8fbf59fabad8052dc215fc6f7527d7fd4e33f

                                                                  SHA256

                                                                  33c27d4deaaf54f832849d71ce65ce568eb2ca2bb1f24c21f9cf9f0dde7af955

                                                                  SHA512

                                                                  ccdad88cef3469e87d6952779f76b326246dc6e00b22028667924e44fcfa1a19140d73e591014a05e6148169622ea0f7b19c695e096acf44348daa774ce47632

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\certificate.crt

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  e3eff8b29b2d04da7a2e09e214f0949b

                                                                  SHA1

                                                                  34a05a3e6a8fc1710d22b9fb891f6c7a400c5701

                                                                  SHA256

                                                                  dfea79c5653186395f8c5c06942471144d1528a2bb0a270321b1a53bcab32f58

                                                                  SHA512

                                                                  bd7207bed45d100a522228ed21d1bee079e4cbd449369f114a9feda56d0ca7df1fc05c8451454f60b77ae27a12a1467eae667c9f1a992a9dab755dcd7f3344c5

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\prada\1337.exe

                                                                  Filesize

                                                                  388KB

                                                                  MD5

                                                                  abf8e6493f91c4b609b95aca7deadeed

                                                                  SHA1

                                                                  b1e5943ee728e5ceebd4213bcd679e6406daee48

                                                                  SHA256

                                                                  e6b06b2412176e9f9b1dc4df36edc34774e16c0e21de8d6b319ad3be6ab42b9a

                                                                  SHA512

                                                                  6e9f9604333fabd2cf3c7cbe1defbb4c84ef0691d42d4c7ef7d3913f29052e87c566dd1f47afdb5a37d0089463e48a517ace16fa5bcd4557261832955e19eacb

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\auth swapper\scripting.bat

                                                                  Filesize

                                                                  955B

                                                                  MD5

                                                                  0276a98b46cd55649271dd7fdacd96b5

                                                                  SHA1

                                                                  a8005f3c25816edf2d1e78e486fc891bdcb27f3e

                                                                  SHA256

                                                                  b1f446297da443eab61fe6156f574899526cefa95caeddc051c820d2b843850b

                                                                  SHA512

                                                                  a66c0544cc65f15b314d88205a7207f31457c3fdb3e1c2ac12fe2854c77444aae4b1879c3c61e6a97ec1895fe4c3b1da0ad54d8e82271566bb1fbcc27000e66e

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\diwness_dumped_68.bin

                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  ca126ceeaa5549074e7701d1a5adaf55

                                                                  SHA1

                                                                  93a5835091ab3ebc6d686fc99919c77df42ff015

                                                                  SHA256

                                                                  7d1e964d1c1b981e94acaa69d76fca471d310b22a1a157c46f62c6a95e5ffccb

                                                                  SHA512

                                                                  84ea1e57826cfdf4c822c3989ba61cf24098f2285026ce90eca3550eb3f12964cb3304742870ae40b781e84f97daff74737b2b55f4f35961a8ff24b1406ec083

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\dumper\dumper.exe

                                                                  Filesize

                                                                  52KB

                                                                  MD5

                                                                  268b9215fb788aac11dc5700ee851cb9

                                                                  SHA1

                                                                  490f8837a4007cee8c8c2c79b5b18f81d2485126

                                                                  SHA256

                                                                  a48b336c2e46bb6a724b55b9c97f9b5c6b24300c72a746f2428fdd0775470783

                                                                  SHA512

                                                                  fc341cc631322b9c65a9308e98a8d52a31c22e49b44680b14a096fc27bfcb1842dc0c8599953c20b707b76a5ba5fb81faa551fbbc4d6d1f2d836b0af204443cc

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\all auth tools\ownerid & secret fetcher\fetcher.log

                                                                  Filesize

                                                                  274B

                                                                  MD5

                                                                  999679cf427724d049349e7b79e58794

                                                                  SHA1

                                                                  2901d98f163da191e3b8a57bf00e11056166fb03

                                                                  SHA256

                                                                  4463559ae071c1f0385cb4a6cc60decfd001811d6226747f61385bad0eafec44

                                                                  SHA512

                                                                  596f5660f08afe8ee74b27153169a3964f3b12c6e835d325388ccfa6284ee5e466715bb1d65b0ae8df8634abb2722150369a8714c990fb462e1e819b9172d632

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pestudio-9.59\pestudio\peparser.dll

                                                                  Filesize

                                                                  1.4MB

                                                                  MD5

                                                                  2b30f638c419b06a1ab2d2877259b641

                                                                  SHA1

                                                                  0f2621f218da90d9c618443bb18f3ad0b725a5ee

                                                                  SHA256

                                                                  915313ce47204159e31e8ff7a04f2af41f477819198b39554c4d68b39a5a1aca

                                                                  SHA512

                                                                  41246d91e376b7747b7433e76aae9d5d56978f50a6a611b488a4ab6017efc8407b9cbeb57f86d99a89297494e3c67005a680699fa1e8e277108c254dbff6f2be

                                                                • C:\Users\Admin\Desktop\Cracking Tools2\Cracking Tools\Cracking Tools\pestudio-9.59\pestudio\pestudio.exe

                                                                  Filesize

                                                                  888KB

                                                                  MD5

                                                                  bd850d7328e8d1a5e532cd5415188c73

                                                                  SHA1

                                                                  d0f6cb25570cd6edad588f102f05318b127a220a

                                                                  SHA256

                                                                  a769e435bb4b699f32e39c8fe0219e5a428709b0d07c1dac9b63aa730c9fbda0

                                                                  SHA512

                                                                  5478fed4730c228cf12bc1afb46d5750224f91b4639904cca9d3ee21eac7fd5873257013bde2a982a070f35feec6a45bcda9800d0a86a3a8ddcddbf9798b9fca

                                                                • C:\Users\Admin\Desktop\disk spoofer.exe

                                                                  Filesize

                                                                  848KB

                                                                  MD5

                                                                  c3fc72c74f38bad40cbc3dfe7832530e

                                                                  SHA1

                                                                  89f0c5318a2cf4d29242b89f0b5bfb71fb956161

                                                                  SHA256

                                                                  75c918110defb1261c5781f11fa47da18fbb00ac4850758a5fb28da2e5292d3b

                                                                  SHA512

                                                                  91650946e015aaf9cd95a0da57ce77978a9e79701339c2a8480c19f404a16e0b82a33c11795b6c8e571052a4dc11d4503155efe488743b43ac2db5bff8a5aac4

                                                                • C:\Users\Admin\Desktop\spoof.exe

                                                                  Filesize

                                                                  154KB

                                                                  MD5

                                                                  82b200c3ae6d1e7eee7a0e15ed68d571

                                                                  SHA1

                                                                  5f0b2437b9304fce9fc3ac84f9f8d7b79f47c7b6

                                                                  SHA256

                                                                  e2c2b48c49eb4a71c8d5ae43b818bfed41404f199d6d50960bec9853d0e50562

                                                                  SHA512

                                                                  7de4b503f2a75a640d03ccdf0612113c608e26f4f66c305d73e9afbe32770d343c7d976befd7686eacfd2109eef5841a236cc743dc70a2fa29177ee3bd6a8420

                                                                • C:\Windows\System32\drivers\etc\hosts

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  b5d7874bab86954fd02bec29ed18e7af

                                                                  SHA1

                                                                  6c734db5bbe940e4ae3ca14ef37f462d2548acea

                                                                  SHA256

                                                                  f981c26cff1a3ea2c23effb85c3155fe01da590603d6bed8d17dd0c962d2c6e4

                                                                  SHA512

                                                                  a2e934ab5ec4998e1a7b02d8427fc44246e35c7bc851e6d94db1d1e456dbce5809da4bdf8ff00257bf164b9bd7bd7cf15de19b9129284925a24ed1d1646e3c5d

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\functions.xml

                                                                  Filesize

                                                                  434KB

                                                                  MD5

                                                                  2f76771b12ec93863ff7a7cb46d214cf

                                                                  SHA1

                                                                  db69fc2575c2765b38f1e69953b38eb6c047157d

                                                                  SHA256

                                                                  3395b3d7503470555043e0281a075689221b35e401e6b8e243acea1d6f09e5e4

                                                                  SHA512

                                                                  b118b248e42d7343665be2b7f032af6c57678726c5002474937e33f0dd72d38108bfc95e96c995911a13b9bb7031fd2957d1ff5103d00493f9f5dc25f7fcb0c1

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\indicators.xml

                                                                  Filesize

                                                                  16KB

                                                                  MD5

                                                                  c24c172d203170da0841a99829cf3e14

                                                                  SHA1

                                                                  477606e26edca415e2ac29d2233b88565927f39c

                                                                  SHA256

                                                                  8cc49f33ecfcce4f4e027cb4c6d24701c3b56c7b71f0f5ea60402167baa06b6a

                                                                  SHA512

                                                                  ccbc38ccd036ebf0138972fb6b2ab2e70e03f9c1397cc973a84ff1eb1235eba48fbe6488ef6729f122a3aa0e0402a512ccf6a43f94a5c97624adab8e60b54695

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\languages.xml

                                                                  Filesize

                                                                  16KB

                                                                  MD5

                                                                  70f5461a0f51a8d954772802795b9e1c

                                                                  SHA1

                                                                  3ba8614bb2ef62e51bd905d53904092b77f34dfb

                                                                  SHA256

                                                                  69aa80a4e4d3f6388b673cb6e7fbb21e8a52f5c47177082beca24aa3db756508

                                                                  SHA512

                                                                  a09f23a8915e3cdc003d5e3a4f8b7fd9b99f72a72ba25dce39cffefab567fdb83c909989e481abb2416ffacaaa484c4773433c202ac9bf75c9e9e8149504e1ec

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\mitre.xml

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  1399464d9449e6d2acf50ff291ca4c50

                                                                  SHA1

                                                                  ece2e5f0bf2004b475e83b88205422bcae8884cf

                                                                  SHA256

                                                                  4b4e8c1b269ed962462a1bea47f74f7747f2c35bc53d813ee019d6d7944d1cac

                                                                  SHA512

                                                                  9a8738ee7deed212aa0295f974fd14c996d5fa5fb74490c6e13e70a06ac6c24584262872d5bbe342b448d6fb43d4dfa06f9f84fb6b0070d35730ab6beab1666f

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\namespaces.xml

                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  a9d75e1988f5c72f18c55b6cd50179e5

                                                                  SHA1

                                                                  30507ad1b9b99f11e3d243183774c5d4c13113d4

                                                                  SHA256

                                                                  c8185f0cd30e3ad48f78e11a42e48b330f9e8155066d181d4fd18db4568c1c3b

                                                                  SHA512

                                                                  7d316f60665c435b9fdea7c1a4534acdef784730757f9f8c0f3da1e102d0d8e33574fe18f9655c5f103d1a810cc4a6ae7832cb3e6dcffe7b3cef299d42384212

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\rich.xml

                                                                  Filesize

                                                                  35KB

                                                                  MD5

                                                                  7e890ec434de406b0ee6a7e0ee289804

                                                                  SHA1

                                                                  fe65fcc8367f01bfed7455a32681a884cab5345e

                                                                  SHA256

                                                                  1201faefe571a70d7d4649638717a9a99341cb3455caa1155439af05d0b4ddc7

                                                                  SHA512

                                                                  83a92d3f533df64d3e8f885f3a3ccd7910242a0387223e01121a00bd0339cdc840b97984c1e9d69b6a2a6b8830f5ea95cc9ab16dfa2f65c137e18cfba5800df7

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\settings.xml

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  ad522c71927765d5eb0abd8f51c9d113

                                                                  SHA1

                                                                  90b6795634f28c7fa44371094bfa53df3ecd3e31

                                                                  SHA256

                                                                  5d6bb1158eb3deb57922764452bcacc143528b407c6c09b28af70afbaa1014b7

                                                                  SHA512

                                                                  3c017048d338641966f914846e012e268a7376fdc44e2e21dd9fe06febd95945fda7e9ccf285566df8e43f442e68a4e1154e30f4c1f42bd4d279b8bf8fb973db

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\signatures.xml

                                                                  Filesize

                                                                  369KB

                                                                  MD5

                                                                  74fa8cde79c65e8c946435e82b435b1b

                                                                  SHA1

                                                                  6fc08deaa81c8d659b089f71e41a105f0d7d57cd

                                                                  SHA256

                                                                  8272a8617b6a5df3e7a35679127c929cbb83d98c6dd01fe86fe7064d23f655b9

                                                                  SHA512

                                                                  6ad623d90023eab366a4197a65d86e04c5f59ea33add0a3d576f98b032349049e4c358f405ea29cf15aab36fddc2d60f0d3f16e2b3f18b57314f5c43b3f064e2

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\strings.xml

                                                                  Filesize

                                                                  63KB

                                                                  MD5

                                                                  897ad35c847b8c24b6d6ce704f20bc64

                                                                  SHA1

                                                                  83efa9d60a9122b52579f583f32fbc0f8d337bf1

                                                                  SHA256

                                                                  8747d8fc0bd12cdfb34800ca73e468f0b2f0e5feaaf7779d5b33f8904ed85055

                                                                  SHA512

                                                                  598b9d30b34acaf4b8f1bd32973b88ca1c96a9add029b24746d49103e995678b2b56adc3357e20de097075366e8e96ced777bcfe2af42255d1fcd966d2288946

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\thresholds.xml

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  aac239f529031c9d30204b1957fbf73f

                                                                  SHA1

                                                                  b0637f58fe9b5f29629df457f4bcf62c8fb061e0

                                                                  SHA256

                                                                  eae66d8ad576934f6af9edad5882bcdcf752b5dc9e68838565c0523a1f100bca

                                                                  SHA512

                                                                  5146bc899dea08f49f5058714a12cf7a5910ea3bfa4ad24f0da53ed841f99961f54eb3f1527364226cb9df99e1acd9ffafd019ba44a6baad2510b62fbd40bccf

                                                                • \??\c:\users\admin\desktop\cracking tools2\cracking tools\cracking tools\pestudio-9.59\pestudio\xml\translations.xml

                                                                  Filesize

                                                                  41KB

                                                                  MD5

                                                                  f8f91bd6d493ceb50b2135eb65bfe1ce

                                                                  SHA1

                                                                  af72780f22aaed9bffbf2e8d907bf0b14af8996f

                                                                  SHA256

                                                                  11341d6720dcf3445c507331b159c79ed7a502f7aa7bcbde29ab271b2b5dcb0d

                                                                  SHA512

                                                                  b0c015efd68ae6b03adae65aa9e0b1b512fddb99f60c1488048c26c6975963b4a46625586a86f4e8730a4ed76a9121af5c5c451f23cdb3e22d1d706f4aee1c2f

                                                                • memory/1188-6934-0x00007FFFF2B90000-0x00007FFFF30D1000-memory.dmp

                                                                  Filesize

                                                                  5.3MB

                                                                • memory/3720-6636-0x0000020A03E90000-0x0000020A03F6A000-memory.dmp

                                                                  Filesize

                                                                  872KB

                                                                • memory/3720-6637-0x0000020A04360000-0x0000020A04372000-memory.dmp

                                                                  Filesize

                                                                  72KB

                                                                • memory/3792-6923-0x00007FFFF2B90000-0x00007FFFF30D1000-memory.dmp

                                                                  Filesize

                                                                  5.3MB

                                                                • memory/4952-6648-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6649-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6650-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6651-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6652-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6640-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6641-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6642-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6647-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/4952-6646-0x000001D0374D0000-0x000001D0374D1000-memory.dmp

                                                                  Filesize

                                                                  4KB