Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

10

Analysis

  • max time kernel
    199s
  • max time network
    226s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/01/2025, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
crimsonratdarkcometnjratwarzoneratdefense_evasiondiscoveryinfostealerpersistenceprivilege_escalationratrezer0trojanupx

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Extracted

Family

warzonerat

C2

168.61.222.215:5400

Signatures

  • CrimsonRAT main payload 1 IoCs
  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat
  • Crimsonrat family
    crimsonrat
  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 4 IoCs
    persistence
  • Njrat family
    njrat
  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat
  • Warzonerat family
    warzonerat
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Warzone RAT payload 2 IoCs
    rat
  • Downloads MZ/PE file 7 IoCs
  • Manipulates Digital Signatures 1 TTPs 12 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    defense_evasion
  • Sets file to hidden 1 TTPs 6 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    defense_evasion
  • Drops startup file 4 IoCs
  • Executes dropped EXE 13 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
    defense_evasion
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 9 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • NTFS ADS 20 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 6 IoCs
    defense_evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fc763cb8,0x7ff9fc763cc8,0x7ff9fc763cd8
      2⤵
        PID:4064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2068 /prefetch:2
        2⤵
          PID:2592
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
          2⤵
            PID:4116
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:976
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:1008
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3608
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4664
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                2⤵
                  PID:2420
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5980 /prefetch:8
                  2⤵
                    PID:416
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
                    2⤵
                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                    • NTFS ADS
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4712
                  • C:\Users\Admin\Downloads\Blackkomet.exe
                    "C:\Users\Admin\Downloads\Blackkomet.exe"
                    2⤵
                    • Modifies WinLogon for persistence
                    • Executes dropped EXE
                    • Adds Run key to start application
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of AdjustPrivilegeToken
                    PID:3020
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h
                      3⤵
                      • Sets file to hidden
                      • System Location Discovery: System Language Discovery
                      • Views/modifies file attributes
                      PID:4624
                    • C:\Windows\SysWOW64\attrib.exe
                      attrib "C:\Users\Admin\Downloads" +s +h
                      3⤵
                      • Sets file to hidden
                      • System Location Discovery: System Language Discovery
                      • Views/modifies file attributes
                      PID:5012
                    • C:\Windows\SysWOW64\Windupdt\winupdate.exe
                      "C:\Windows\system32\Windupdt\winupdate.exe"
                      3⤵
                      • Modifies WinLogon for persistence
                      • Executes dropped EXE
                      • Adds Run key to start application
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2776
                      • C:\Windows\SysWOW64\attrib.exe
                        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
                        4⤵
                        • Sets file to hidden
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Views/modifies file attributes
                        PID:3580
                      • C:\Windows\SysWOW64\attrib.exe
                        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
                        4⤵
                        • Sets file to hidden
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Views/modifies file attributes
                        PID:1152
                      • C:\Windows\SysWOW64\Windupdt\winupdate.exe
                        "C:\Windows\system32\Windupdt\winupdate.exe"
                        4⤵
                        • Modifies WinLogon for persistence
                        • Executes dropped EXE
                        • Adds Run key to start application
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4776
                        • C:\Windows\SysWOW64\attrib.exe
                          attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
                          5⤵
                          • Sets file to hidden
                          • Drops file in System32 directory
                          • System Location Discovery: System Language Discovery
                          • Views/modifies file attributes
                          PID:3112
                        • C:\Windows\SysWOW64\attrib.exe
                          attrib "C:\Windows\SysWOW64\Windupdt" +s +h
                          5⤵
                          • Sets file to hidden
                          • Drops file in System32 directory
                          • System Location Discovery: System Language Discovery
                          • Views/modifies file attributes
                          PID:3460
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                    2⤵
                      PID:2836
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
                      2⤵
                        PID:4980
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 /prefetch:8
                        2⤵
                          PID:3788
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
                          2⤵
                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                          • NTFS ADS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1124
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                          2⤵
                            PID:4884
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6324 /prefetch:8
                            2⤵
                              PID:1888
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
                              2⤵
                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                              • NTFS ADS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4512
                            • C:\Users\Admin\Downloads\CrimsonRAT.exe
                              "C:\Users\Admin\Downloads\CrimsonRAT.exe"
                              2⤵
                              • Executes dropped EXE
                              PID:4668
                              • C:\ProgramData\Hdlharas\dlrarhsiva.exe
                                "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
                                3⤵
                                • Executes dropped EXE
                                PID:3112
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                              2⤵
                                PID:2956
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
                                2⤵
                                  PID:2428
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
                                  2⤵
                                    PID:2824
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
                                    2⤵
                                      PID:1936
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                      2⤵
                                        PID:760
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6748 /prefetch:8
                                        2⤵
                                          PID:1108
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
                                          2⤵
                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                          • NTFS ADS
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3180
                                        • C:\Users\Admin\Downloads\WarzoneRAT.exe
                                          "C:\Users\Admin\Downloads\WarzoneRAT.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetThreadContext
                                          • System Location Discovery: System Language Discovery
                                          • NTFS ADS
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1064
                                          • C:\Windows\SysWOW64\schtasks.exe
                                            "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmpBBE.tmp"
                                            3⤵
                                            • System Location Discovery: System Language Discovery
                                            • Scheduled Task/Job: Scheduled Task
                                            PID:2256
                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                            3⤵
                                              PID:3044
                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                              3⤵
                                                PID:2528
                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                3⤵
                                                  PID:4712
                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2796
                                              • C:\Users\Admin\Downloads\WarzoneRAT.exe
                                                "C:\Users\Admin\Downloads\WarzoneRAT.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetThreadContext
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4628
                                                • C:\Windows\SysWOW64\schtasks.exe
                                                  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2541.tmp"
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Scheduled Task/Job: Scheduled Task
                                                  PID:3104
                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4956
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
                                                2⤵
                                                  PID:2272
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6716 /prefetch:8
                                                  2⤵
                                                    PID:428
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4888 /prefetch:2
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4608
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:8
                                                    2⤵
                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                    • NTFS ADS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4280
                                                  • C:\Users\Admin\Downloads\NJRat.exe
                                                    "C:\Users\Admin\Downloads\NJRat.exe"
                                                    2⤵
                                                    • Drops startup file
                                                    • Executes dropped EXE
                                                    • Adds Run key to start application
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:2024
                                                    • C:\Windows\SysWOW64\netsh.exe
                                                      netsh firewall add allowedprogram "C:\Users\Admin\Downloads\NJRat.exe" "NJRat.exe" ENABLE
                                                      3⤵
                                                      • Modifies Windows Firewall
                                                      • Event Triggered Execution: Netsh Helper DLL
                                                      • System Location Discovery: System Language Discovery
                                                      PID:4760
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
                                                    2⤵
                                                      PID:1824
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 /prefetch:8
                                                      2⤵
                                                        PID:3304
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
                                                        2⤵
                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                        • NTFS ADS
                                                        PID:3344
                                                      • C:\Users\Admin\Downloads\WarzoneRAT (1).exe
                                                        "C:\Users\Admin\Downloads\WarzoneRAT (1).exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of SetThreadContext
                                                        • System Location Discovery: System Language Discovery
                                                        PID:2412
                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                          "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmpB9F0.tmp"
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Scheduled Task/Job: Scheduled Task
                                                          PID:2896
                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:2480
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
                                                        2⤵
                                                          PID:1360
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                                                          2⤵
                                                            PID:3984
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7152 /prefetch:8
                                                            2⤵
                                                              PID:1984
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7056 /prefetch:8
                                                              2⤵
                                                                PID:4900
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4968 /prefetch:8
                                                                2⤵
                                                                  PID:1120
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:8
                                                                  2⤵
                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                  • NTFS ADS
                                                                  PID:4688
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
                                                                  2⤵
                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                  • NTFS ADS
                                                                  PID:1012
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
                                                                  2⤵
                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                  • NTFS ADS
                                                                  PID:2844
                                                                • C:\Users\Admin\Downloads\Bezilom.exe
                                                                  "C:\Users\Admin\Downloads\Bezilom.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Adds Run key to start application
                                                                  • Drops file in Windows directory
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:3968
                                                                • C:\Users\Admin\Downloads\Bezilom.exe
                                                                  "C:\Users\Admin\Downloads\Bezilom.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:2444
                                                                • C:\Users\Admin\Downloads\Bezilom (1).exe
                                                                  "C:\Users\Admin\Downloads\Bezilom (1).exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:1176
                                                                • C:\Users\Admin\Downloads\Fagot.a.exe
                                                                  "C:\Users\Admin\Downloads\Fagot.a.exe"
                                                                  2⤵
                                                                  • Modifies WinLogon for persistence
                                                                  • Manipulates Digital Signatures
                                                                  • Executes dropped EXE
                                                                  • Impair Defenses: Safe Mode Boot
                                                                  • Adds Run key to start application
                                                                  • Modifies WinLogon
                                                                  • Drops file in System32 directory
                                                                  • Drops file in Windows directory
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Checks processor information in registry
                                                                  • Enumerates system info in registry
                                                                  • Modifies Internet Explorer settings
                                                                  • Modifies Internet Explorer start page
                                                                  • Modifies registry class
                                                                  PID:1500
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                                                  2⤵
                                                                    PID:4944
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6392 /prefetch:8
                                                                    2⤵
                                                                      PID:5040
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3656 /prefetch:2
                                                                      2⤵
                                                                        PID:3296
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2496 /prefetch:2
                                                                        2⤵
                                                                          PID:648
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17296985305116700219,9124604236104212248,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2064 /prefetch:2
                                                                          2⤵
                                                                            PID:396
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:2380
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:3844
                                                                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                              1⤵
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:2428
                                                                            • C:\Windows\system32\LogonUI.exe
                                                                              "LogonUI.exe" /flags:0x0 /state0:0xa39ca055 /state1:0x41c64e6d
                                                                              1⤵
                                                                                PID:764

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Reconnaissance

                                                                              Resource Development

                                                                              Initial Access

                                                                              Execution

                                                                              Scheduled Task/Job

                                                                              1
                                                                              T1053

                                                                              Scheduled Task

                                                                              1
                                                                              T1053.005

                                                                              Persistence

                                                                              Boot or Logon Autostart Execution

                                                                              3
                                                                              T1547

                                                                              Registry Run Keys / Startup Folder

                                                                              1
                                                                              T1547.001

                                                                              Winlogon Helper DLL

                                                                              2
                                                                              T1547.004

                                                                              Create or Modify System Process

                                                                              1
                                                                              T1543

                                                                              Windows Service

                                                                              1
                                                                              T1543.003

                                                                              Event Triggered Execution

                                                                              1
                                                                              T1546

                                                                              Netsh Helper DLL

                                                                              1
                                                                              T1546.007

                                                                              Scheduled Task/Job

                                                                              1
                                                                              T1053

                                                                              Scheduled Task

                                                                              1
                                                                              T1053.005

                                                                              Privilege Escalation

                                                                              Boot or Logon Autostart Execution

                                                                              3
                                                                              T1547

                                                                              Registry Run Keys / Startup Folder

                                                                              1
                                                                              T1547.001

                                                                              Winlogon Helper DLL

                                                                              2
                                                                              T1547.004

                                                                              Create or Modify System Process

                                                                              1
                                                                              T1543

                                                                              Windows Service

                                                                              1
                                                                              T1543.003

                                                                              Event Triggered Execution

                                                                              1
                                                                              T1546

                                                                              Netsh Helper DLL

                                                                              1
                                                                              T1546.007

                                                                              Scheduled Task/Job

                                                                              1
                                                                              T1053

                                                                              Scheduled Task

                                                                              1
                                                                              T1053.005

                                                                              Defense Evasion

                                                                              Hide Artifacts

                                                                              2
                                                                              T1564

                                                                              Hidden Files and Directories

                                                                              2
                                                                              T1564.001

                                                                              Impair Defenses

                                                                              2
                                                                              T1562

                                                                              Disable or Modify System Firewall

                                                                              1
                                                                              T1562.004

                                                                              Safe Mode Boot

                                                                              1
                                                                              T1562.009

                                                                              Modify Registry

                                                                              5
                                                                              T1112

                                                                              Subvert Trust Controls

                                                                              2
                                                                              T1553

                                                                              SIP and Trust Provider Hijacking

                                                                              2
                                                                              T1553.003

                                                                              Credential Access

                                                                              Discovery

                                                                              Browser Information Discovery

                                                                              1
                                                                              T1217

                                                                              Query Registry

                                                                              2
                                                                              T1012

                                                                              System Information Discovery

                                                                              3
                                                                              T1082

                                                                              System Location Discovery

                                                                              1
                                                                              T1614

                                                                              System Language Discovery

                                                                              1
                                                                              T1614.001

                                                                              Lateral Movement

                                                                              Collection

                                                                              Command and Control

                                                                              Web Service

                                                                              1
                                                                              T1102

                                                                              Exfiltration

                                                                              Impact

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\ProgramData\Hdlharas\dlrarhsiva.exe
                                                                                Filesize

                                                                                9.1MB

                                                                                MD5

                                                                                64261d5f3b07671f15b7f10f2f78da3f

                                                                                SHA1

                                                                                d4f978177394024bb4d0e5b6b972a5f72f830181

                                                                                SHA256

                                                                                87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

                                                                                SHA512

                                                                                3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

                                                                                Download Submit

                                                                              • C:\ProgramData\Hdlharas\mdkhm.zip
                                                                                Filesize

                                                                                56KB

                                                                                MD5

                                                                                b635f6f767e485c7e17833411d567712

                                                                                SHA1

                                                                                5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

                                                                                SHA256

                                                                                6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

                                                                                SHA512

                                                                                551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WarzoneRAT.exe.log
                                                                                Filesize

                                                                                507B

                                                                                MD5

                                                                                a0c3e1aca0335d2d3a6c16038a5e1feb

                                                                                SHA1

                                                                                865132ecfd8bc3781419e10a57ef33686d80f83f

                                                                                SHA256

                                                                                68e52b0dae9281848730d457702a3fbe0868a0209d2740c9b5435dcf872d1072

                                                                                SHA512

                                                                                6b5dc7bb61bebea323e806e4eeaac8383621c84be7545af744923445dc4545b9395abcd8f7b82f8b30fddc28872e3f47a010a271f588b5dd725cdd1be2ee4ed8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                4c1a24fa898d2a98b540b20272c8e47b

                                                                                SHA1

                                                                                3218bff9ce95b52842fa1b8bd00be073177141ef

                                                                                SHA256

                                                                                bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

                                                                                SHA512

                                                                                e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                f1d2c7fd2ca29bb77a5da2d1847fbb92

                                                                                SHA1

                                                                                840de2cf36c22ba10ac96f90890b6a12a56526c6

                                                                                SHA256

                                                                                58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

                                                                                SHA512

                                                                                ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                Filesize

                                                                                21KB

                                                                                MD5

                                                                                6ff1a4dbde24234c02a746915c7d8b8d

                                                                                SHA1

                                                                                3a97be8e446af5cac8b5eaccd2f238d5173b3cb3

                                                                                SHA256

                                                                                2faaca6a253d69be3efb96620ba30e53ecb3de12d5285b83ecdba8cbc36e7311

                                                                                SHA512

                                                                                f117b822aeb0a434a0750c44cbf4cdf627bfebc0d59e266993a4fcb17a7a0519659e13b3bcf8706eed7d80d0ce33b0ce5915afe5872c37c010a401dd6bb1187b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                d2093921c8711428c5f2be9efc8d509a

                                                                                SHA1

                                                                                86c5ab0018fa102fc0c9ba9eb2f9d0d30166d31c

                                                                                SHA256

                                                                                bc5cf20a8cfd75e6309c8a43377e28300a9c9d295b080d16c043ff5b5a994d15

                                                                                SHA512

                                                                                cfbca833a2803397f7b3b1e449be2d3ae23b48c7a6a22104a719b6e672008d43660c6cbac355dcabba2bc669df23c25debda6b8fc99faea4c96bcd3c43b622fe

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                579B

                                                                                MD5

                                                                                a9b93c44a3b933cd2fe95ce7be131065

                                                                                SHA1

                                                                                8bfa9cb88cff73e74a996c758995a90837016683

                                                                                SHA256

                                                                                1d23635deba81bd23f79977e539967cd95e4bfc3f0a7d3798bea0c732a8b3fa7

                                                                                SHA512

                                                                                f5690976b9514962edb6be03b425f43c835ec83ee846e94260774c794dd2d29d98615618d8b98d633f2e165ed091f8a1a67104ad03e09fcd770ab9f1d238f2a9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                111B

                                                                                MD5

                                                                                807419ca9a4734feaf8d8563a003b048

                                                                                SHA1

                                                                                a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                SHA256

                                                                                aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                SHA512

                                                                                f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                9878e026ce1a20bbf325465ca3e1cef6

                                                                                SHA1

                                                                                25afc49a5fcf7dce7bba4104acb7caff947cfaf3

                                                                                SHA256

                                                                                121456748e4813b42c44ab71dc4d53b9212a0b1fbc4250e5e2eb801cdbb19b10

                                                                                SHA512

                                                                                8d552c39748c750d2f64e27397db71b6bc0a2a617cf19362355d7e5bb184ba2cb4cd9e01116eef68d599b2ddecbae417b52a71410446125ddb789bea499f585d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                176d738f94034a75c54209e2a38a36ec

                                                                                SHA1

                                                                                5f15ba7fa94c26281212d97d0c8cdcbd7879e3cd

                                                                                SHA256

                                                                                1190758abc92e56cc8cb0a49085bd04c8fea1e4f2877c59279dc7fc984c2fd08

                                                                                SHA512

                                                                                68e95ee0096ce5de6039054416dea6341f63dfd9e8faff5dded67cd0a016f9221922ff503d844b2b3b225864ff07c3015b7be1f02c08be248d1482e2aa05398c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                bc3a03bbf49153af29282725f76faf45

                                                                                SHA1

                                                                                1f6106aed03b451b71783d405db7c6ded4c896f6

                                                                                SHA256

                                                                                7a3b5a72bf88e9ae5dde2512720640288950ce372528e9e0f83d32c3e0d9b87e

                                                                                SHA512

                                                                                0143a58c3aecf26e884c2ad570680fe33c0a9280c501b85d112324b987508cf630ecd2328303a230a7f4b93041304588ae4bc6ebe157b95fef190ad20ad68e4d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                7d388853d381a122dfa7ee9400391094

                                                                                SHA1

                                                                                296f92066f8caf15abeb495687932eefc96ed37b

                                                                                SHA256

                                                                                80f6ac7004895cd2c3056e033cd349c9300e7821930f7fd1a1888395811ae520

                                                                                SHA512

                                                                                2456f4925331010692def4cb83be491aa1a07d1ba66b3416889910f1ee0b9d46a3bb9f68cd44fbc8989e084d7bb68a912ea4851ff66aab9d8d0c8cfe3dada485

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                5597b033f4d6ea8627624b42a8462382

                                                                                SHA1

                                                                                1bb4ba29a0c813e8fc3ea8fe99c574a48363bcfe

                                                                                SHA256

                                                                                1dc5304516395ddb92450b16e26dcf3a9436feb1d009ef7d78496c010a46950a

                                                                                SHA512

                                                                                5aee83640d3826b67b63ef7708db1d1dda95065e93f83a71c40d1b831dd83bfacf45cbf34d3a8d7cbd3a7b68082cfb04e499700ff016b8dd532e6c064153690a

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                d4ae953514a6a714cd38166dab07b59f

                                                                                SHA1

                                                                                13cd35e92b8cc570a7f79c6f8d70271b3b4089e8

                                                                                SHA256

                                                                                f5d7399ea33dc7e6cd577bcc2a0c94b52e64118c067ebe4430bafc7cb5ec1663

                                                                                SHA512

                                                                                7de643c9f1d352af9d4ffef3fc47a0f2deedec47f7f94b26b4355fc290a646c0e615a9c9706ff769f0923e2998d56afe90933af57d0aeb9d27c94eb52497dd07

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                ad9b6569e781ecc0c9d2e8857cbd8a91

                                                                                SHA1

                                                                                9dff0ea7b94be20ceb6ad797e12b7dbcd1788dd4

                                                                                SHA256

                                                                                bcfb79b8e5076ade1b9fd00bd1284d1c62e0d39d265b9cebea21a982c131c013

                                                                                SHA512

                                                                                2afab4ffcadff12452972a367891487a22ef6e4c57745aa24fb2f4c7972d7d29454889828cb960fc33068582254ef9dbcb08a6d42599f26cfc696b6e8713f837

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                8d3f66d31b54073f284116276274924c

                                                                                SHA1

                                                                                96dd35ee241836987f5e0187d69ff651251c85e1

                                                                                SHA256

                                                                                92cfd90da06c0c413fa1cc6685655726d8bd7d0c1af4c3637dfbd58811a1c1ce

                                                                                SHA512

                                                                                5c9cd9415659547d6709c6fe51ef65a1b81b74e39de6aa239c68f70ca91038bfe0b2631c971a0ab4c8f5be069c6d8dc76d6d41dc5287fc16b8ffd30da252205e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                085b1af867ff501c64065fff6f379ff3

                                                                                SHA1

                                                                                d14ee8b72fa911fdc5782dbcb3668574398d786a

                                                                                SHA256

                                                                                4f54e62975905cc99f0418a25c765a11586864c6ae2c1d17ed61c26511608df4

                                                                                SHA512

                                                                                31f815c15f73922734364df499cfba14ea049b478a4a5aad84f933ea1c66c55286bc4a9e275408a3ccb64d4871f140e8439fff60cd43243580a0d85d133e0fbb

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                2638282f64f11d2cf699026a0b771a0b

                                                                                SHA1

                                                                                2a04871203d841516cf2eabd440b195581298d83

                                                                                SHA256

                                                                                7ded556f12ff0c5f6a564c2ed869c739b6859f55b2da1dd8fd903838d7b68b1b

                                                                                SHA512

                                                                                d1abe4e01b3f88138051e17721057def2863cda1ef5be9372b301c9550ebb0fa87e2850991b266b4eacb185f21f2ee741db972e84b45cb3765ecc8286da46e99

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                6a6a7bd1646fda6a61d75535672e5363

                                                                                SHA1

                                                                                702865f2749256b3eff5e9902877075ca0b83f41

                                                                                SHA256

                                                                                33f0aa16e51244f9aeedad86979bd1e577f2ad1345402f82c71b9220a41298b1

                                                                                SHA512

                                                                                3e86d336e4212d77993bf835c00cb063f7e92262eaea92fe6e6803a3a4c7d6e9f336a8ee8c9b57e9edbb7d9831edba4dc918c3f524371cca8070a007877c97d6

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                fa7a981fa96f49bc8fa4fd451af6e5ab

                                                                                SHA1

                                                                                0f3d5c7b3b93056639cbbe1a9da9dc564606a92b

                                                                                SHA256

                                                                                11a54c80c7c067b020e3cfda0c6ffaf3a547780821cd8d42fe96a44465e574cd

                                                                                SHA512

                                                                                ff67f7a6c2ea15ffa15d9fabf6c046022112962934fcf3c8b49ac8c4a5fa709f7fcf0ed4eabef78c360ad4d0617d3ca1f080d307432a817cf9288b39ec6602ce

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                767eb35ac073a115282323d5a6516369

                                                                                SHA1

                                                                                74400cbc90db4a6ef5082650bcc67346764e0c78

                                                                                SHA256

                                                                                f1dcd598200e25592c8aa20c9cf071c5203b3f4f30f98dc337a9e46041b85df2

                                                                                SHA512

                                                                                1582f2025306db872e93fa2503e92cd9f08f4c106aa5391981c239de866f79f5332e8e3a86da99113e3862bbd6860239182521bbb247707dfe409f64f17be898

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                5d4dcf1b97d3e77038fc33e5b760b382

                                                                                SHA1

                                                                                ec7c2541528fc626d21d0e3e0a3d7e4b73abd9f4

                                                                                SHA256

                                                                                a7a6386cf3407cb733c67599ed8fdb66e3d59dca83c1135c14ae6e3f50e0d150

                                                                                SHA512

                                                                                b3b73b0c3b14b1c7cf83a559d16c559a975f15b9e2f70c3a3b35c4dd503017dc8980a98979c1556fb2a8c5bb1c0a109d36843632ac0c7964296722ecf7b3054c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f676.TMP
                                                                                Filesize

                                                                                874B

                                                                                MD5

                                                                                405ac2042e30cdda1570ba13a7843945

                                                                                SHA1

                                                                                082a4b7e13feda182fd321d2d8ef690a1b5b099e

                                                                                SHA256

                                                                                fca4b948a4745abfbe53124796308d179da432d083b50b2669e9e77c9a0535ce

                                                                                SHA512

                                                                                cfbf03d0638b907a18f91ebda0d95752d104b50529aafb6f4d64a29fc617918a5f9ed8a6ce79e2b8296ecdbdebc7bdde77b1dea8a5a8b6ea3102cb66841f328d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                46295cac801e5d4857d09837238a6394

                                                                                SHA1

                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                SHA256

                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                SHA512

                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                206702161f94c5cd39fadd03f4014d98

                                                                                SHA1

                                                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                SHA256

                                                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                SHA512

                                                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                                Filesize

                                                                                44KB

                                                                                MD5

                                                                                4618b456b8907fea84c3f496a6758305

                                                                                SHA1

                                                                                de06ade85155fb20e999df22e0f3f69db2932b31

                                                                                SHA256

                                                                                110ed8d363959316f33d9008c9bf75b58ae6925d847470088a57a039c01125da

                                                                                SHA512

                                                                                bb0fad336de60f5348cb435b5c09a66f3707a3d6d1804f59f6fc45f30f61132f12bdf98bd84694117529eddb00681cd940b1fa6e8dda9d923361724754b4db3a

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                ba5de2ba05bbcbba2ca3dacd6e6d9f01

                                                                                SHA1

                                                                                a35dec063f5118f1217556f42d36265716198ed4

                                                                                SHA256

                                                                                549c7740c0bde63650204f967ab91f77b9ed65aad56d6bfd5f1d2c8f279b7ce8

                                                                                SHA512

                                                                                c39fc9d3f8661699e4fa599460e602675d59a5baf0bb1da7317114a9a58f8aa87dc9e955c7ca2c12c76f62930727dcf605776f4eddb30f7bcd5bfb40d87433f9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                                Filesize

                                                                                4.0MB

                                                                                MD5

                                                                                fb80d0453d755cb06374e823a4b2cc99

                                                                                SHA1

                                                                                4ff8fefcc945569d07b9a49a99cc951cbe9a8de9

                                                                                SHA256

                                                                                1a3f9ffb39ed4f9d82741168ef380bc3b86c68cb1fdf2a2861a65f2f7d186925

                                                                                SHA512

                                                                                caa0aa3f1601dcdc5a1998a334d7fb0ac3f54e866137059c82b0dcdee90dc37516d327e41bec5538282d9ddea1dadaea4e573c212927f262230e3cd481a79f6b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
                                                                                Filesize

                                                                                20KB

                                                                                MD5

                                                                                2a029687e73114ebcb4fad10c0114e8a

                                                                                SHA1

                                                                                f09cbbed46b9f8c731568bdcee13024e89bda397

                                                                                SHA256

                                                                                fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

                                                                                SHA512

                                                                                211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                821f978228584ec8c68f40d8fc4e7fcc

                                                                                SHA1

                                                                                43b53482221a106d94e97add888194e4d654efbd

                                                                                SHA256

                                                                                1327fca3faf2be90d3a359afb49e2df5facd0502aecbc02d1c143de1710b40e2

                                                                                SHA512

                                                                                b01901c7d39f96bcea0a54d23da074d97cb613a2fbd5554c08619795fb03a9df5d9f36cc20235f76f1ed86884807366fd40c1b6f84299e2cba947884c0cdaf8e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                6d0c2cb7dfe9ae725db07c551d911460

                                                                                SHA1

                                                                                231579e38a15fcf4566697c4253cba87019a8efd

                                                                                SHA256

                                                                                dd69f7c076782423d6a59fa97adeb79c9bfc9e733ba3418ba65c4800b21e0577

                                                                                SHA512

                                                                                a4f5ce7c04da72f84493f45e5f4fd355bee59af5bd51c9354ce6efc514b584f37d43ba07040ac80ebe7e506cc189672a4e58d5a35181dc9a4a31b371b5794371

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                970920587eed8637bedd92506e768bb2

                                                                                SHA1

                                                                                5bb4931e329e8ccfee8cbe08aa412ab730b99ec8

                                                                                SHA256

                                                                                9b943ded86cefce61927e74693f863f7647e17806fdbb310eb3b0b132119bc93

                                                                                SHA512

                                                                                e0deb01ba9691b13bacab4e0faf4fecdaba1fe1ed207a10d391407d693a2b290d2ea1c32e633b3ac4fe5a2255d7730acf6c4478e78b80addc041d1d7fe8d4137

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                058ca21fd9b15b0181dbe5db51ddded2

                                                                                SHA1

                                                                                44c997acfb7449b96b81cf8b3a7932aab5544f7d

                                                                                SHA256

                                                                                1c15a0d8260baadfdb30df97efe7e9174ea42ab2955d9345ac6fa79f39c24767

                                                                                SHA512

                                                                                471ea42f7f93f7bd18291a99e0765eaa8b3b592d9043ec1bc03fffc43d5fc820f5e0a5b0eac23313ba9fcb5a5770259d3d0470c27d02f9fe38d5e7c134596df0

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                b98034c374fe67c534f88dc8ec4fdb86

                                                                                SHA1

                                                                                d4e5998b6fc63f384484d2ee0bd00bb186630da7

                                                                                SHA256

                                                                                58b7b82bc806cdf675c0488234165f5a438b567f01c8a2efe7e1fe01aca410f5

                                                                                SHA512

                                                                                617a3a30744bd97390b4ee9deddc7039ea4870213202ae01b2159b948d5783a30cb2ec150fed2e790b0d84044e7f0993fcc7779a4d499c3fe2bb8390415ef467

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                76bd1d3f6063a1eda948241f8cf7e46e

                                                                                SHA1

                                                                                c2f1c4bee3cb2b00ebd22677a46ddfc2a8cdb34e

                                                                                SHA256

                                                                                e272fd2b4240214b3bf6d292c02fbfe5d80afc3e27ac589d71ff2bc1b0e861d3

                                                                                SHA512

                                                                                a7bb1fc9b842a20ebc474790ccf469c93d907d6cad02faf46f7846041a7685d76436dc7058fc3f84a551e5aaa32f7568af82af70ec7c970a48406f0fd4316b94

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                785073822344ae3813284ebc92bb596a

                                                                                SHA1

                                                                                96e2a933b38352ed2c8e6e34e94756b70c143214

                                                                                SHA256

                                                                                36ef4cbbc494deacf81f364b546281223a39bea01a32b0c4b0e2324f984d6817

                                                                                SHA512

                                                                                28b21e17fdf026a025503a2ae1014ea4e8ce5385e42396007a7a23aba3aecb591d225e2a90d47f6f9e02d34792d74b89547715d66899265dbf8372258ccf4498

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                327975ba2c226434c0009085b3702a06

                                                                                SHA1

                                                                                b7b8b25656b3caefad9c5a657f101f06e2024bbd

                                                                                SHA256

                                                                                6fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c

                                                                                SHA512

                                                                                150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpBBE.tmp
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                d053c70cc876acc47a96dd23d3396807

                                                                                SHA1

                                                                                f5f1ac80e36cacc1de96bbfc51ef974822305414

                                                                                SHA256

                                                                                0a07437d544186b2ec4399c98af8686605b47c8e222babb47760d8adfc921a9b

                                                                                SHA512

                                                                                b71c6cb10a916c6237ff3f61b1253d5e83d474938b1d8582bd7f45dff0715193ec4bcf74d11e361e3f9f2255aa0c8a01f1c9074efa26bf6656c65d041df7f49c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                e9842ba2dc01b14aff3916853df439af

                                                                                SHA1

                                                                                ae4e131249c9f97df247584c58b72c8ed3eb50df

                                                                                SHA256

                                                                                82144fc6b16a84f1ca6d0b5a20615aa88d284352c013aec98d5d4db38ac72313

                                                                                SHA512

                                                                                aade85e2fa5037c048ad3f976535454f1c7f81f7d66d5f9fb81aef72249eeed590d5319e5944a0cbdce7618793fe33a8d0f59c38b715d48e9f8762ecb5f77f9e

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Blackkomet.exe:Zone.Identifier
                                                                                Filesize

                                                                                26B

                                                                                MD5

                                                                                fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                SHA1

                                                                                d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                SHA256

                                                                                eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                SHA512

                                                                                aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 155862.crdownload
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                fe537a3346590c04d81d357e3c4be6e8

                                                                                SHA1

                                                                                b1285f1d8618292e17e490857d1bdf0a79104837

                                                                                SHA256

                                                                                bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a

                                                                                SHA512

                                                                                50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 194012.crdownload
                                                                                Filesize

                                                                                321KB

                                                                                MD5

                                                                                600e0dbaefc03f7bf50abb0def3fb465

                                                                                SHA1

                                                                                1b5f0ac48e06edc4ed8243be61d71077f770f2b4

                                                                                SHA256

                                                                                61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

                                                                                SHA512

                                                                                151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 194012.crdownload:SmartScreen
                                                                                Filesize

                                                                                7B

                                                                                MD5

                                                                                4047530ecbc0170039e76fe1657bdb01

                                                                                SHA1

                                                                                32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                SHA256

                                                                                82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                SHA512

                                                                                8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 288917.crdownload
                                                                                Filesize

                                                                                756KB

                                                                                MD5

                                                                                c7dcd585b7e8b046f209052bcd6dd84b

                                                                                SHA1

                                                                                604dcfae9eed4f65c80a4a39454db409291e08fa

                                                                                SHA256

                                                                                0e8336ed51fe4551ced7d9aa5ce2dde945df8a0cc4e7c60199c24dd1cf7ccd48

                                                                                SHA512

                                                                                c5ba102b12d2c685312d7dc8d58d98891b73243f56a8491ea7c41c2edaaad44ad90b8bc0748dbd8c84e92e9ae9bbd0b0157265ebe35fb9b63668c57d0e1ed5f2

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 312883.crdownload
                                                                                Filesize

                                                                                26KB

                                                                                MD5

                                                                                b6c78677b83c0a5b02f48648a9b8e86d

                                                                                SHA1

                                                                                0d90c40d2e9e8c58c1dafb528d6eab45e15fda81

                                                                                SHA256

                                                                                706fce69fea67622b03fafb51ece076c1fdd38892318f8cce9f2ec80aabca822

                                                                                SHA512

                                                                                302acca8c5dd310f86b65104f7accd290014e38d354e97e4ffafe1702b0a13b90e4823c274b51bcc9285419e69ff7111343ac0a64fd3c8b67c48d7bbd382337b

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 419357.crdownload
                                                                                Filesize

                                                                                373KB

                                                                                MD5

                                                                                30cdab5cf1d607ee7b34f44ab38e9190

                                                                                SHA1

                                                                                d4823f90d14eba0801653e8c970f47d54f655d36

                                                                                SHA256

                                                                                1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f

                                                                                SHA512

                                                                                b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 458014.crdownload
                                                                                Filesize

                                                                                28KB

                                                                                MD5

                                                                                8e9d7feb3b955e6def8365fd83007080

                                                                                SHA1

                                                                                df7522e270506b1a2c874700a9beeb9d3d233e23

                                                                                SHA256

                                                                                94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022

                                                                                SHA512

                                                                                4157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 461667.crdownload
                                                                                Filesize

                                                                                84KB

                                                                                MD5

                                                                                b6e148ee1a2a3b460dd2a0adbf1dd39c

                                                                                SHA1

                                                                                ec0efbe8fd2fa5300164e9e4eded0d40da549c60

                                                                                SHA256

                                                                                dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

                                                                                SHA512

                                                                                4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 49157.crdownload
                                                                                Filesize

                                                                                31KB

                                                                                MD5

                                                                                29a37b6532a7acefa7580b826f23f6dd

                                                                                SHA1

                                                                                a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f

                                                                                SHA256

                                                                                7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69

                                                                                SHA512

                                                                                a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818

                                                                                Download Submit

                                                                              • C:\Windows\SysWOW64\Windupdt\winupdate.exe:Zone.Identifier
                                                                                Filesize

                                                                                55B

                                                                                MD5

                                                                                0f98a5550abe0fb880568b1480c96a1c

                                                                                SHA1

                                                                                d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                SHA256

                                                                                2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                SHA512

                                                                                dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                Download Submit

                                                                              • memory/1064-542-0x0000000005550000-0x00000000055E2000-memory.dmp

                                                                                Filesize

                                                                                584KB

                                                                                Download

                                                                              • memory/1064-541-0x0000000005920000-0x0000000005EC6000-memory.dmp

                                                                                Filesize

                                                                                5.6MB

                                                                                Download

                                                                              • memory/1064-544-0x0000000005F70000-0x000000000600C000-memory.dmp

                                                                                Filesize

                                                                                624KB

                                                                                Download

                                                                              • memory/1064-540-0x0000000000690000-0x00000000006E6000-memory.dmp

                                                                                Filesize

                                                                                344KB

                                                                                Download

                                                                              • memory/1064-543-0x0000000005520000-0x0000000005528000-memory.dmp

                                                                                Filesize

                                                                                32KB

                                                                                Download

                                                                              • memory/1064-545-0x00000000058D0000-0x00000000058F8000-memory.dmp

                                                                                Filesize

                                                                                160KB

                                                                                Download

                                                                              • memory/1500-909-0x0000000000400000-0x0000000000463000-memory.dmp

                                                                                Filesize

                                                                                396KB

                                                                                Download

                                                                              • memory/2776-363-0x0000000013140000-0x000000001320F000-memory.dmp

                                                                                Filesize

                                                                                828KB

                                                                                Download

                                                                              • memory/2796-555-0x0000000000400000-0x0000000000553000-memory.dmp

                                                                                Filesize

                                                                                1.3MB

                                                                                Download

                                                                              • memory/2796-553-0x0000000000400000-0x0000000000553000-memory.dmp

                                                                                Filesize

                                                                                1.3MB

                                                                                Download

                                                                              • memory/3020-339-0x0000000013140000-0x000000001320F000-memory.dmp

                                                                                Filesize

                                                                                828KB

                                                                                Download

                                                                              • memory/3112-479-0x000001AF20E60000-0x000001AF21774000-memory.dmp

                                                                                Filesize

                                                                                9.1MB

                                                                                Download

                                                                              • memory/4668-444-0x000001D7B0240000-0x000001D7B025E000-memory.dmp

                                                                                Filesize

                                                                                120KB

                                                                                Download

                                                                              • memory/4776-382-0x0000000013140000-0x000000001320F000-memory.dmp

                                                                                Filesize

                                                                                828KB

                                                                                Download