Overview

overview

10

Static

static

3

Orcus.Admi...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1020s
  • max time network
    1016s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-02-2025 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Orcus.Administration-cracked.exe

  • Size

    4.0MB

  • MD5

    cc3670f1b3e60e00b43c86d787563a44

  • SHA1

    4f1f8908f0ca7dc5ad01c3029206cc8c9d735e09

  • SHA256

    9ca18641bc6b48708e4314b3f8275860aef6b9ea16cd6230d781f0abaa84c853

  • SHA512

    684e584d8f2c6ace168760faacdd6ef44fbb85ec519805046e7d183ccf9faf4eb6764b84326aba0a90223a5b8354c3f9d055cf2297416b4562ca417924da9442

  • SSDEEP

    49152:zB5DkV7F/Al4gU97zCvyRtQ5SH1veaEX6NrGAiAl4:zB5Dk7/Al4gU97zCvyRC5SBeJAl4

Score
10/10
chaosorcuscredential_accessdefense_evasiondiscoveryevasionexecutionimpactpersistenceransomwareratspywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\read_it.txt

Ransom Note
Don't worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send 3 of your encrypted files and we decrypt it for free. You must follow these steps To decrypt your files : 1) Write on our e-mail :[email protected] ( In case of no answer in 24 hours check your spam folder or write us to this e-mail: [email protected]) 2) Obtain Bitcoin (You have to pay for decryption in Bitcoins. After payment we will send you the tool that will decrypt all your files.)

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 4 IoCs
  • Chaos family
    chaos
  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus
  • Orcus family
    orcus
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Orcurs Rat Executable 1 IoCs
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Disables Task Manager via registry modification
    defense_evasion
  • Downloads MZ/PE file 1 IoCs
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 4 IoCs
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 4 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of SetWindowsHookEx 38 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Orcus.Administration-cracked.exe
    "C:\Users\Admin\AppData\Local\Temp\Orcus.Administration-cracked.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2336
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 876
      2⤵
      • Program crash
      PID:1528
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2336 -ip 2336
    1⤵
      PID:3540
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTk0QzgyNDAtNUM1MC00ODE2LUIyNTItM0I1QUJBNkFBRTI3fSIgdXNlcmlkPSJ7QkQ4QjBCRUYtN0NFNC00OURELThFMEMtM0ZGQjgxRTM1Njg1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QzAyQ0UzNDgtRkQwQi00QzlGLUFDNkEtQ0QxMDhCOEU2QUY5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI3IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY0MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODc1OTU2NTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTc4OTE3NzAyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      1⤵
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:4960
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2072
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 27421 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb3b81b4-55b6-407e-89b7-f6cbaffc5175} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" gpu
          3⤵
            PID:1036
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 27299 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b91ecec4-0c21-41e4-b1b4-a40c99a90916} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" socket
            3⤵
            • Checks processor information in registry
            PID:4372
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1496 -childID 1 -isForBrowser -prefsHandle 1616 -prefMapHandle 3136 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdc7a0a7-bca8-4fa8-a7f7-734b65f6d0c1} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" tab
            3⤵
              PID:3956
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4124 -childID 2 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 32673 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a6a2ad9-388e-468c-a699-fb47cc9ab24c} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" tab
              3⤵
                PID:2680
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4812 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4784 -prefMapHandle 4768 -prefsLen 32673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2b94e7f-80cf-4867-a573-6456c77ba975} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" utility
                3⤵
                • Checks processor information in registry
                PID:4380
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5224 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3affc284-3e06-498b-b7d8-6467efd17fd4} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" tab
                3⤵
                  PID:1804
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be22041d-b8f2-47fe-b715-a1fb4573e945} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" tab
                  3⤵
                    PID:3820
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f4526f4-ef33-4b16-9a1b-8053ed2326be} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" tab
                    3⤵
                      PID:2228
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4988 -childID 6 -isForBrowser -prefsHandle 5068 -prefMapHandle 5092 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7d891eb-9cfc-4a36-8f0c-7a9b48bef260} 2072 "\\.\pipe\gecko-crash-server-pipe.2072" tab
                      3⤵
                        PID:4424
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:5692
                    • C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Administration-cracked.exe
                      "C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Administration-cracked.exe"
                      1⤵
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      PID:5956
                    • C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Administration-cracked.exe
                      "C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Administration-cracked.exe"
                      1⤵
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of SetWindowsHookEx
                      PID:2200
                      • C:\Windows\SysWOW64\explorer.exe
                        "C:\Windows\System32\explorer.exe" /select, "C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Server.exe"
                        2⤵
                        • System Location Discovery: System Language Discovery
                        PID:3140
                    • C:\Windows\explorer.exe
                      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                      1⤵
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      • Suspicious behavior: AddClipboardFormatListener
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of SetWindowsHookEx
                      PID:2304
                      • C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Server.exe
                        "C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Server.exe"
                        2⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • System Location Discovery: System Language Discovery
                        PID:3448
                      • C:\Windows\system32\NOTEPAD.EXE
                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\log.txt
                        2⤵
                        • Opens file in notepad (likely ransom note)
                        PID:5680
                    • C:\Windows\system32\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BuilderSpyGate\BuilderSpyGate\SpyGate-RAT 3.2\Readme.txt
                      1⤵
                        PID:5428
                      • C:\Users\Admin\Downloads\BuilderSpyGate\BuilderSpyGate\SpyGate-RAT 3.2\SpyGate-RAT 3.2.exe
                        "C:\Users\Admin\Downloads\BuilderSpyGate\BuilderSpyGate\SpyGate-RAT 3.2\SpyGate-RAT 3.2.exe"
                        1⤵
                        • Executes dropped EXE
                        • Modifies registry class
                        • Suspicious behavior: GetForegroundWindowSpam
                        • Suspicious use of SendNotifyMessage
                        • Suspicious use of SetWindowsHookEx
                        PID:5676
                      • C:\Users\Admin\Downloads\Server.exe
                        "C:\Users\Admin\Downloads\Server.exe"
                        1⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4364
                        • C:\Users\Admin\AppData\Roaming\Microsoft\Svchost.exe
                          "C:\Users\Admin\AppData\Roaming\Microsoft\Svchost.exe"
                          2⤵
                          • Executes dropped EXE
                          • Adds Run key to start application
                          • Checks processor information in registry
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: GetForegroundWindowSpam
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1672
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                        1⤵
                        • Enumerates system info in registry
                        • Modifies data under HKEY_USERS
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of SendNotifyMessage
                        PID:4860
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xc4,0x12c,0x7ffaf289cc40,0x7ffaf289cc4c,0x7ffaf289cc58
                          2⤵
                            PID:372
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1980 /prefetch:2
                            2⤵
                              PID:6060
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2148 /prefetch:3
                              2⤵
                                PID:5332
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2336,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=580 /prefetch:8
                                2⤵
                                  PID:5144
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3188 /prefetch:1
                                  2⤵
                                    PID:2712
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3364 /prefetch:1
                                    2⤵
                                      PID:5772
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4528 /prefetch:1
                                      2⤵
                                        PID:6076
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3848,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4408 /prefetch:8
                                        2⤵
                                          PID:3164
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4856 /prefetch:8
                                          2⤵
                                            PID:3836
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5000 /prefetch:8
                                            2⤵
                                              PID:5072
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4852 /prefetch:8
                                              2⤵
                                                PID:4592
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5004,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5024 /prefetch:8
                                                2⤵
                                                  PID:5092
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4884 /prefetch:8
                                                  2⤵
                                                    PID:1696
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5072,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3852 /prefetch:1
                                                    2⤵
                                                      PID:1816
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4584,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5588 /prefetch:1
                                                      2⤵
                                                        PID:2008
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4492,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3536 /prefetch:8
                                                        2⤵
                                                          PID:1372
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4468 /prefetch:8
                                                          2⤵
                                                            PID:1072
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3512,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=244 /prefetch:1
                                                            2⤵
                                                              PID:4876
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5424,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4076 /prefetch:8
                                                              2⤵
                                                                PID:3356
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4556,i,8930676670019720751,7637558838722915146,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5628 /prefetch:8
                                                                2⤵
                                                                  PID:3580
                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                1⤵
                                                                  PID:216
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                  1⤵
                                                                    PID:2836
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                    1⤵
                                                                      PID:1524
                                                                    • C:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\Yashma ransomware builder v1.2.exe
                                                                      "C:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\Yashma ransomware builder v1.2.exe"
                                                                      1⤵
                                                                      • Modifies registry class
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5156
                                                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lkjcygxr\lkjcygxr.cmdline"
                                                                        2⤵
                                                                          PID:2556
                                                                          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES122C.tmp" "c:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\CSCA671086987484EE8BA12F8EE47AD3B29.TMP"
                                                                            3⤵
                                                                              PID:3464
                                                                        • C:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\rf.exe
                                                                          "C:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\rf.exe"
                                                                          1⤵
                                                                          • Checks computer location settings
                                                                          • Executes dropped EXE
                                                                          PID:1044
                                                                          • C:\Users\Admin\AppData\Roaming\svchost.exe
                                                                            "C:\Users\Admin\AppData\Roaming\svchost.exe"
                                                                            2⤵
                                                                            • Checks computer location settings
                                                                            • Drops startup file
                                                                            • Executes dropped EXE
                                                                            • Adds Run key to start application
                                                                            • Drops desktop.ini file(s)
                                                                            PID:648
                                                                            • C:\Windows\System32\cmd.exe
                                                                              "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
                                                                              3⤵
                                                                                PID:1996
                                                                                • C:\Windows\system32\vssadmin.exe
                                                                                  vssadmin delete shadows /all /quiet
                                                                                  4⤵
                                                                                  • Interacts with shadow copies
                                                                                  PID:1528
                                                                                • C:\Windows\System32\Wbem\WMIC.exe
                                                                                  wmic shadowcopy delete
                                                                                  4⤵
                                                                                    PID:640
                                                                                • C:\Windows\System32\cmd.exe
                                                                                  "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
                                                                                  3⤵
                                                                                    PID:4456
                                                                                    • C:\Windows\system32\bcdedit.exe
                                                                                      bcdedit /set {default} bootstatuspolicy ignoreallfailures
                                                                                      4⤵
                                                                                      • Modifies boot configuration data using bcdedit
                                                                                      PID:1924
                                                                                    • C:\Windows\system32\bcdedit.exe
                                                                                      bcdedit /set {default} recoveryenabled no
                                                                                      4⤵
                                                                                      • Modifies boot configuration data using bcdedit
                                                                                      PID:5452
                                                                                  • C:\Windows\System32\cmd.exe
                                                                                    "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                                                                    3⤵
                                                                                      PID:2208
                                                                                      • C:\Windows\system32\wbadmin.exe
                                                                                        wbadmin delete catalog -quiet
                                                                                        4⤵
                                                                                        • Deletes backup catalog
                                                                                        PID:4744
                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
                                                                                      3⤵
                                                                                      • Opens file in notepad (likely ransom note)
                                                                                      PID:5176
                                                                                • C:\Windows\system32\vssvc.exe
                                                                                  C:\Windows\system32\vssvc.exe
                                                                                  1⤵
                                                                                    PID:1020
                                                                                  • C:\Windows\system32\wbengine.exe
                                                                                    "C:\Windows\system32\wbengine.exe"
                                                                                    1⤵
                                                                                      PID:6136
                                                                                    • C:\Windows\System32\vdsldr.exe
                                                                                      C:\Windows\System32\vdsldr.exe -Embedding
                                                                                      1⤵
                                                                                        PID:1364
                                                                                      • C:\Windows\System32\vds.exe
                                                                                        C:\Windows\System32\vds.exe
                                                                                        1⤵
                                                                                        • Checks SCSI registry key(s)
                                                                                        PID:3468
                                                                                      • C:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\12-decrypter\Decrypter.exe
                                                                                        "C:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\12-decrypter\Decrypter.exe"
                                                                                        1⤵
                                                                                        • Drops startup file
                                                                                        • Executes dropped EXE
                                                                                        • Drops desktop.ini file(s)
                                                                                        • Sets desktop wallpaper using registry
                                                                                        PID:5160

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Reconnaissance

                                                                                      Resource Development

                                                                                      Initial Access

                                                                                      Execution

                                                                                      Command and Scripting Interpreter

                                                                                      1
                                                                                      T1059

                                                                                      Windows Management Instrumentation

                                                                                      1
                                                                                      T1047

                                                                                      Persistence

                                                                                      Boot or Logon Autostart Execution

                                                                                      1
                                                                                      T1547

                                                                                      Registry Run Keys / Startup Folder

                                                                                      1
                                                                                      T1547.001

                                                                                      Privilege Escalation

                                                                                      Boot or Logon Autostart Execution

                                                                                      1
                                                                                      T1547

                                                                                      Registry Run Keys / Startup Folder

                                                                                      1
                                                                                      T1547.001

                                                                                      Defense Evasion

                                                                                      Direct Volume Access

                                                                                      1
                                                                                      T1006

                                                                                      Indicator Removal

                                                                                      3
                                                                                      T1070

                                                                                      File Deletion

                                                                                      3
                                                                                      T1070.004

                                                                                      Modify Registry

                                                                                      3
                                                                                      T1112

                                                                                      Credential Access

                                                                                      Credentials from Password Stores

                                                                                      2
                                                                                      T1555

                                                                                      Credentials from Web Browsers

                                                                                      1
                                                                                      T1555.003

                                                                                      Windows Credential Manager

                                                                                      1
                                                                                      T1555.004

                                                                                      Unsecured Credentials

                                                                                      1
                                                                                      T1552

                                                                                      Credentials In Files

                                                                                      1
                                                                                      T1552.001

                                                                                      Discovery

                                                                                      Browser Information Discovery

                                                                                      1
                                                                                      T1217

                                                                                      Peripheral Device Discovery

                                                                                      1
                                                                                      T1120

                                                                                      Query Registry

                                                                                      5
                                                                                      T1012

                                                                                      System Information Discovery

                                                                                      5
                                                                                      T1082

                                                                                      System Location Discovery

                                                                                      1
                                                                                      T1614

                                                                                      System Language Discovery

                                                                                      1
                                                                                      T1614.001

                                                                                      System Network Configuration Discovery

                                                                                      1
                                                                                      T1016

                                                                                      Internet Connection Discovery

                                                                                      1
                                                                                      T1016.001

                                                                                      Lateral Movement

                                                                                      Collection

                                                                                      Data from Local System

                                                                                      1
                                                                                      T1005

                                                                                      Command and Control

                                                                                      Exfiltration

                                                                                      Impact

                                                                                      Defacement

                                                                                      1
                                                                                      T1491

                                                                                      Inhibit System Recovery

                                                                                      4
                                                                                      T1490

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        40B

                                                                                        MD5

                                                                                        0b4744b6addf5e1d09f6dbf135235ec1

                                                                                        SHA1

                                                                                        4ff95591677b3b27d36dad041aa51157f2260b09

                                                                                        SHA256

                                                                                        f09b5274a2c68906447aca2c0b5406b77b466a756f3bf44c648dcc442d83f2ab

                                                                                        SHA512

                                                                                        6492c75441a2e29c0b1b4193ca79c9d207cab4a72447a17d52ef4e1f8a6d6af0c17c56576f4dd8af7ea615d1f105321db61afe1c27d59643e257282b539d2202

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                        Filesize

                                                                                        649B

                                                                                        MD5

                                                                                        0236a543d31a54be079cccec3cf9018e

                                                                                        SHA1

                                                                                        4716573e5bb9be15bbaa14c25cbbf8c03ce3d846

                                                                                        SHA256

                                                                                        cf2ea8ba0e30cf2407834594a241d405e8b5c9ce8a0f60208e0e22ee6632c080

                                                                                        SHA512

                                                                                        50f749d5be74d8b963ce12bb11514242c32615b972e4df21183e5789cf9d3e45ae599c8c00ce4b63f4475d51998a5bcfff0640599ca2d090fff0872024e27d01

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                        Filesize

                                                                                        216B

                                                                                        MD5

                                                                                        9fd0dc741c612ac1a4e9c1cf1252087b

                                                                                        SHA1

                                                                                        73755f52ae00b714f72d4d9e94830167c84455a2

                                                                                        SHA256

                                                                                        ec6c68afeb69718470426aa991ca29c53327af9bf26caddbe72df0534e2c0144

                                                                                        SHA512

                                                                                        845cbf853ff1b98ce98ac14dce2fe95d4481653fdc4dfb3e1b46a0020ec984b4c80b89f92cd0f29efbe69dbcf318029905fd93df166f1b4583b0ed03a498dacb

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                        Filesize

                                                                                        192B

                                                                                        MD5

                                                                                        a197efc7eab3d9961da0c985f03dffce

                                                                                        SHA1

                                                                                        812afc848207e73091a8da044ae96327f5137dce

                                                                                        SHA256

                                                                                        7b469e71a026ac1e405f02ea71527c5f8a0bf147e546ec1227fa2c6070c2c33a

                                                                                        SHA512

                                                                                        926bbb87925220b840ada0ac19349cb5297107bf95279fe0b1285a0e9814bab356534bbfac928bbfcf8bbae8982804e23f0575068369d53d568b530cb8041175

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        f8bdd6ec696f3f9ba7ac625cc9acc9ce

                                                                                        SHA1

                                                                                        65f2737132dcb9dd4ec87fca8ad7dc43ee6e2a2a

                                                                                        SHA256

                                                                                        62d1795d7d489cc880d8293e9aef872674b65c11c366b1100c992da9d7f756b2

                                                                                        SHA512

                                                                                        f5bf29edfde1eb9f7d8a19a5a3cdc6976d27e3927dba7a564b8d7e3cb116068b1450a8bcf6c544d40681db0f463c1bde84b414a8080ca28d7dbbe125fb608695

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        f79282fac05350bb200a67015878c40d

                                                                                        SHA1

                                                                                        7f643105a3d69388c32c18cd25e5aab9d23a0bcb

                                                                                        SHA256

                                                                                        b896896740dd46fd78eaef7903e1a24e544409a725bf1237cbab3ee4fea0bc14

                                                                                        SHA512

                                                                                        d85b46151baa088203f3fc407e4ac49274d203157192c0ad61fc3663926166d06fc1a99556c2891b9c40502b088dba34bab16c3367a92af4068772b2eea44ecb

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        6d360f0776a6490108ac8bef2e38bd18

                                                                                        SHA1

                                                                                        bd61ed4a3762dd9d7d36defeab0b37ecf1f0d3f0

                                                                                        SHA256

                                                                                        83dbcba913a227450cd23e5976a308527505186ad22ba423eba4ea3718715f81

                                                                                        SHA512

                                                                                        1b0ec8eed51cbf37596aa8b4edc8c45cccb80e77ff857f678dee101ba76ef26407e6a568af3fc1e1fae292d98970a68bc8d5d49c7645177307fd9169daa7e07f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                        Filesize

                                                                                        2B

                                                                                        MD5

                                                                                        d751713988987e9331980363e24189ce

                                                                                        SHA1

                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                        SHA256

                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                        SHA512

                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                        Filesize

                                                                                        690B

                                                                                        MD5

                                                                                        f5a9babd2e7123bdad7893b27d77a6e4

                                                                                        SHA1

                                                                                        507aabeae701fb6c4c0bfb8562f9e0c84c965ca3

                                                                                        SHA256

                                                                                        78d52cadc372e9b6081d25090971ce4d67dc34ece121d0f56e63bcc3197b9f3c

                                                                                        SHA512

                                                                                        f8544b6ba9768fadc6c82c0bf6e33fafce928a66bd3df41e3d60c1153bf2c43100293e644df48220d24dd30029862a68d9b8f4fda79ebaef9a5bc8d01af2dd59

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                        Filesize

                                                                                        356B

                                                                                        MD5

                                                                                        d3a37d89c67173970c061ac692927c80

                                                                                        SHA1

                                                                                        4cf770253e9c30cd8c852c2800f906cf5d7d54d4

                                                                                        SHA256

                                                                                        31a9a33c67d3c8a93ba7729cb4addb328a8fd9b848f013d5ed40213fad0bb5cd

                                                                                        SHA512

                                                                                        fb38b0197850af3499721072813809bdcdb0d94506282b7ba4f8e367bcb5f12ffd7016dc4d3c7de8fc0081278fd56e576553b9c658018b9052fa0f8d01606bec

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                        Filesize

                                                                                        690B

                                                                                        MD5

                                                                                        a8826561abf5e2884219ef12cc49c822

                                                                                        SHA1

                                                                                        d8322938b09bcb4ff9daa0536e32a26d4f4c3960

                                                                                        SHA256

                                                                                        773d7cff951ec68563e9399a92e57b8db94bbd82e243aacbce328cd4f1fc77a5

                                                                                        SHA512

                                                                                        6711cf9e90426632644cc104ce9e734271564e3968162e6f592303f0332d3c88ea2fe247b2b2dd5b50a60dca0aaf055536b8b1219f28d3eadc1d5110cea412e3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                        Filesize

                                                                                        690B

                                                                                        MD5

                                                                                        6bcb9ddf8af63164bcab7fbf0dccff14

                                                                                        SHA1

                                                                                        b3a9b30986be9e715a7d5780a3d75d44cc1a4b92

                                                                                        SHA256

                                                                                        c2e8440310474720408dac6b63fce311ecee742ca96a7175eefb23dbf5893f7a

                                                                                        SHA512

                                                                                        db96ce2c72b8747f8ef96930f764e1199c8aa2087d0e89e5a1674a6458ff21719d9b5c1acf696a791641e74ce6394fe2570700e35d180459f2ce70bfa46a48d2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        b6f01ce6ff2e81f6827c218b399ab641

                                                                                        SHA1

                                                                                        233f68ef98af4730ba87e08335f182a06d3f0be1

                                                                                        SHA256

                                                                                        429b0a11022e4eea042bd418aaed1ae1e12d6d1412d7539b82399d18e8ba39f3

                                                                                        SHA512

                                                                                        4a3ba3508056fadbdca48536430f1ad515f61c31f6ae30a98c707acdd3484c51bfc57feb2c247d7d1753b2c3abbbcd0fe84378ba093830ced267d9d0234a7e34

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        e41a9fef2f998467a8a7dc3068fd3ce8

                                                                                        SHA1

                                                                                        531a55061cb41332d8dc5b3d55a5d0a35fa9d21b

                                                                                        SHA256

                                                                                        41c80955efe1bcd55827e5172848131e842c83fabf995b8924a6048c8f18c1ee

                                                                                        SHA512

                                                                                        2eeb4249023c7595e7d1dcc8372570e72141ea453512a9737999a5c6a9a1aa5d685309948ad58d759b7b3e41efe8cc9ed133455f7521851b5fd1fc2760c26241

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        e69b3d5f5ebf871c1bfac0858be9b254

                                                                                        SHA1

                                                                                        aedbc1729336c886ecfbb1ffd68a100eed144e1d

                                                                                        SHA256

                                                                                        68f84513cb80910e8f0ee9c871b8cb4f2044f492489fbd30613353d0b6676222

                                                                                        SHA512

                                                                                        fc760adae0cf7a8a1cd13f60bcd49851279a491db2861e9453e753b579d50f4cec33b8890d2c0c75f9338ba27489c2f121540e94ffc995355a03a8f2210ab533

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        b5aa09eb208dac6de385a7a987480a73

                                                                                        SHA1

                                                                                        8f75149a31cb446a46e0b9a7940059510d3264c3

                                                                                        SHA256

                                                                                        950b241c0846a84882798e05c21faeb25641167eb4348d53e02499c30c87cac4

                                                                                        SHA512

                                                                                        c5d588a24a7e6cfbdf9d31b9ae051982ab13bd15080fceaef220d9af4f79346c3197bd786d00b5c005f79d937ea0d4366e686bdd434b32b0c7fc0d6ef469e3dd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        8638ce91b0f1c35b8f26cbfb796fc89e

                                                                                        SHA1

                                                                                        cd45745616073d15327bada75b113f8456ef6e6b

                                                                                        SHA256

                                                                                        a39aa7edacc4ee16dcff845e157381016adbddf0075dac526d9a53120a9623b9

                                                                                        SHA512

                                                                                        02f5b5014b7540aaa6a328ea4bac96743cb3b7a7daf13688747e7b2af4342246fdda68aeb4d29c278cd4189f735f2171437c777c4ec616eec2009c74036150e1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        ac8053627ffd0f39418c349fd2510a88

                                                                                        SHA1

                                                                                        1b0fcb0c6e8b3ab25ee9c3bd6705de06e5aa466b

                                                                                        SHA256

                                                                                        47f377e0266ecfa37039c1ac97d7d51a4b8a0c3627c39c8524b2bfa52c4ec8a5

                                                                                        SHA512

                                                                                        16a3d25aeeae0c52aa9ec19bf349ce049cda2c034a8e231905018a62da5103ce0047b63a8c02afb55c846861fce6b5ca5ed0c09d3eb104ec06b2034db6ecac0e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        39f65e2f1b4f72038836c28ef7c064ac

                                                                                        SHA1

                                                                                        62909750eb7ab4e0a08da28188ad988ecb0cc16e

                                                                                        SHA256

                                                                                        b70a9c407b5049ab2d4a1fef8254087f7654336f7578971b7fb602abaceef3a2

                                                                                        SHA512

                                                                                        d3c9c021ec692f7f09cb2be52956c8af6847bbc9628334b68a7706c7097490eca29a9f0b3bd95a443bdeaf6780ab0ae3f9c942eb71aa4c2e374cdc4abd5d8379

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        d5db41c1d2fd5c21d95753fb1c061157

                                                                                        SHA1

                                                                                        76249651dd20fbe5b69cd1ce10f8cdd26e9cf7a8

                                                                                        SHA256

                                                                                        4b43a1f5b8639fda0ac009510f2577d96f66564df82fcebef0a9c7ff32a88787

                                                                                        SHA512

                                                                                        dccc7009b3f91cac3137ee31b8a40264ce51ed949adc89dde09635d5eac4e6f98d6623bd05f5dde82cbd7aca2eb5a0a6b867045ea496335cf99a52498cf976e4

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        8d7abb50ba774cdc63e2abbd1e5b2cb4

                                                                                        SHA1

                                                                                        cf8a2dcdda961c17ebc1bd6df499e77e7be9ac3f

                                                                                        SHA256

                                                                                        5874375dd5eed70c805d1416cc6258909e2e5b1642c8e3382ee054c40787f3cb

                                                                                        SHA512

                                                                                        75a58fcb6317e0d3aa9a78983863234ebecdabaca0e355ca1262c6ef82a4f6a6461bd1a419e9311f2a5201f4bfe5c700be28027748499c93d23d03dd463ccab5

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        073cfb4f3982498b77ccf966e7ec4703

                                                                                        SHA1

                                                                                        bd0bb78271dcd96f45cc7b133ab3ad809c61c6fa

                                                                                        SHA256

                                                                                        fff29b8ded29972dfda37902439dc325e9af23657ab8e365289a680ff759ca35

                                                                                        SHA512

                                                                                        24a8b87ec134c8438b60e7b195f5c37e614051dea5792f79568dda16fa60123fe013407e7a6609315ee8fbb6afc6c59c814a4688ab40de9d82a87fcafec5ff72

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        8d05cab5277933ad5472b873d53fda1b

                                                                                        SHA1

                                                                                        aec9d0f01ef8f0b14011580bcaada78aa200a742

                                                                                        SHA256

                                                                                        08b33ced4ebc2d86e60757030e5d4c20b29dd761405bb0be7cc4ed7e2fbb1e40

                                                                                        SHA512

                                                                                        94b6c6e8d6ac3617159bbf473fd84a2a604a669a9183f8b1eea0d59fae6426995aca07c29656e7c8b9a02f7c91ff1f2a6f31e56b7d911cd9c74e738851ad495f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        d803a66b883298c45e75358ca129ef9c

                                                                                        SHA1

                                                                                        bc1900d91d5531539fd85fb7c098ad66cf41940b

                                                                                        SHA256

                                                                                        5fd86abadf23c7808dbcd818e7d3c059dfb635c4d8246931610dcaa9ee5a1eaa

                                                                                        SHA512

                                                                                        8408e2fdb40c7287dec5818f9e7268562598afb6a1edf281afca2afebde0f31b31f40f99976b7e9b5270604a9a66077884060914b03dceeb31b936f8781723c2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        a851279905ae732e752eff31753cb978

                                                                                        SHA1

                                                                                        f7c6e218c4fd2af2d3f6b6f56d6ed49ab0d6152a

                                                                                        SHA256

                                                                                        f2a4f076f879e3bc0dfc41ce424e345f72da2369f6268b6027f8728f2312fd2c

                                                                                        SHA512

                                                                                        ce9a7fbffaf5c69fe77b8c2e747acbed61025a22e41d9041282f1dc831623ae6b5750d0da7b9a6af33f676419b1d917715d1d465d5b613fee7726fc52ddcd2cb

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        2063778102cf04dec7ef447a3b18cb90

                                                                                        SHA1

                                                                                        39e6be57482b8bf6b0f2ce2f6fa442ae11139ffd

                                                                                        SHA256

                                                                                        019ba372c9555d043181da3195bbccce36f8fa66dcea77ad06e6c86e1fb5c94f

                                                                                        SHA512

                                                                                        e1bbca173a103ff2e4069e084cdb8921803cb866080b08b87221451c53b92f169fa6705b329d8e32e011cf6a84726a13693df5e5577d85acaefafe756441e022

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        601a1fe695409031d973d9a5301d6a8c

                                                                                        SHA1

                                                                                        06c09893fb6f4e86844e53f6d9037c1e7ff8d8cf

                                                                                        SHA256

                                                                                        f19a6709041a82d188aea68eae144ff7c85b187098db605dda215e36124ae9d4

                                                                                        SHA512

                                                                                        4958707ff49f71156924b77f33082472eeb751f144a6261d7475a5fe5c9f55580c05ec66915627e1044da96287180a7c85658848851cfbaef0d99603137bfeee

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        c3667b19486e16ca122013ed489b9363

                                                                                        SHA1

                                                                                        70cd579fb20de50ea921004692c506a4bb51a412

                                                                                        SHA256

                                                                                        a4500dae01151e288b90c355346dcd936b8ae2979ae2b13e2d8ac9d2a2cf399b

                                                                                        SHA512

                                                                                        19055a660c9c4e7bf477ecc92e3d4a3601e39ede4c1757ddf989c644b0c252fe954bb5032a1d331d274507a665f8108ca83e813687b0a49552d7bf8b6991f171

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        7b39bdef98584bd6b2ed2ce5a53dd3ae

                                                                                        SHA1

                                                                                        25a01a49c882f50a513746665caeb24bd7e77d3f

                                                                                        SHA256

                                                                                        e51fc9bbb845a82f156bc304f02bea7d1bb45b99a423d71bc6e524591af8f1e9

                                                                                        SHA512

                                                                                        ffb64e7398e23316f4a44a966dc979fcd9a5329a6b501d27b127cf39831adf230997a0837c8f47d3da841e77bc8b5c5b256a53597b12d69546ae66bb72d395b6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        a4d73c2455c01be576bc8a88c24fb428

                                                                                        SHA1

                                                                                        047e57cf3788be7edb70da17991e6d57f45f9a57

                                                                                        SHA256

                                                                                        39a13bb31dad30ccef463a8e615d12a2396888fcebe5cf0c002b4a5aaee19141

                                                                                        SHA512

                                                                                        4ef85cd8515641a742451c857e83fce7c90084f3c09ca6689fb6b66f097a49824159736f21fd251bbc21acd172b5eba45156417b85ed48627685e23234a0e79f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        f81570c1c6d60eb4aa46696acbe6f55e

                                                                                        SHA1

                                                                                        b5a70bcea201e524aec8acd8f69663251163d9de

                                                                                        SHA256

                                                                                        27f37af2d9fa436637a9639590a0ec3bb56ba25bfa519d7f8eb72bbcc518cbc1

                                                                                        SHA512

                                                                                        055c843d450722da5e6219f9267ffea440e75c202fc2654e44ded87d8da803890f50502fb349180a2f20f4d39f92b231b629f70149a84844de8c7d4a4a9457bf

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                        Filesize

                                                                                        15KB

                                                                                        MD5

                                                                                        846401ec6911098a58cda89ddb331af4

                                                                                        SHA1

                                                                                        a56d4de33062fe4f7f76a23e85c81920c8f39813

                                                                                        SHA256

                                                                                        a1a621ba137ebe9cb63a84fa04c1e3424348a23b045a30e72d0d84f2012aec02

                                                                                        SHA512

                                                                                        208d351132c621f395ea5ecbca5957a1de3f799b8215bdca3a2d0ec1181c604eadc80ebcdae6a32d3fe2babe28406c485f9e2365d76adf63169c88e022b1afc6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
                                                                                        Filesize

                                                                                        373B

                                                                                        MD5

                                                                                        90201ff10e6679dfbe94d4d736edede9

                                                                                        SHA1

                                                                                        5908e75db9a5bc9542ec2a8bf5f62e2d030af444

                                                                                        SHA256

                                                                                        9adacbff02db1da411b031a22accfad8951e922a45685cedabd0eab6b9dde731

                                                                                        SHA512

                                                                                        2933ab1b2343581e789efa083bb9bf71d732b278ec3f7efe1bb524f683a5cd2b96fe90bfc04f50009f4c9c553b64abc0f25c74828bd102f1aefab841d9564008

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c226d958-bd80-48de-9dd3-3098f69917b6.tmp
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        d9baea22698594009992c0eb4fd57ffa

                                                                                        SHA1

                                                                                        0f0305e8759f14642a0a186f8bfd52bd069c6238

                                                                                        SHA256

                                                                                        0e0e21a333373303dda80df92aa15f2a337c387e10c19688a92bdec9f5a7c188

                                                                                        SHA512

                                                                                        5580960f1705fcbdba89da9ae68ae028aa7e56f1d9c455689b17528fd85894672db74d19da71d9d91f5e8566a53ad8e239696cfcc6ed0ff676e5da8b235489e3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
                                                                                        Filesize

                                                                                        17KB

                                                                                        MD5

                                                                                        5738530f0866542d4f670ced37993ba6

                                                                                        SHA1

                                                                                        799e528eb86e5ed9d7db42c2fee1793409da902b

                                                                                        SHA256

                                                                                        e9d0e4aa72b406db3e96b0313ec3b8328543c3228b664a69cc839269c402ce0c

                                                                                        SHA512

                                                                                        d3ffea1083334d607cba4781516794c961ce1b97ebe6ee353f94b1a3b674dccf63abbb79d56574cc4a6c543817c479e5e64996d4c1b0d1c6fad218be4eebf089

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        b3132a10fec3fd63476c499233c4f4b4

                                                                                        SHA1

                                                                                        72f1d177af8151c9225991da27c2648de88891a1

                                                                                        SHA256

                                                                                        585d3f409f1953f40c4f37fdf3b1d8114dad28df235183824110e5e674516cf8

                                                                                        SHA512

                                                                                        2d72cb0b073953b8081af19b33986fafac339e8e8a916f2a6cf84d627fb6cb296aa1489735b1e6d27647da76a4c2f40d3d796705521a83dfd4daf2202d5fc4d8

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                        Filesize

                                                                                        126KB

                                                                                        MD5

                                                                                        72909f75ce5e4572cd6e8bcc616734d8

                                                                                        SHA1

                                                                                        26f8b262fcb3a1e7565808fbd49611e2da8da82e

                                                                                        SHA256

                                                                                        0b0862a87e9f1b76e5c7be08687cdf5dfa0c3bfffd7fe28314dceee3ed311ed3

                                                                                        SHA512

                                                                                        bcc36eafacda808054fc070fd37eecdaaa25b757df07bd2a9e31c483c1d0c4fafeac53befe08a7e457c32c15b57a23f6dc88b83571a2e18b305c9affa7a1d496

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                        Filesize

                                                                                        248KB

                                                                                        MD5

                                                                                        570f473c5ae5a70ff30d32fcf795b007

                                                                                        SHA1

                                                                                        2878ee2e05b601845b941f13430437c7bfd441ac

                                                                                        SHA256

                                                                                        0685017aa50278f4e5482e76b69dfad2b6dcbd2a4b10f197f47f8c4a2ce7d410

                                                                                        SHA512

                                                                                        50beff49b264ce7688a9df5d111066a8ce72ee4756414d10392619cce4ee7be07594faa96f45a3f340768da5fb055d9490e95b34fd61f736fc5d8b3675c0a4c5

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                        Filesize

                                                                                        248KB

                                                                                        MD5

                                                                                        8a1047f12f1ded07d5ba27834068f75e

                                                                                        SHA1

                                                                                        4f262ed88e87fb446995ae7c421a79baa8fdd00e

                                                                                        SHA256

                                                                                        f79707feb716a46e80d65a9c6a79e2eb295ca0718f821362b8fdf2c741a83f67

                                                                                        SHA512

                                                                                        519a4e324912850cf5bef9e89a90459d8a16ecec460255f9c30986eacd39d476f73bc0ff9197bfc2ba3296e1d4ede6c250c6c3e6fbe0d5c59b4be7015091271c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                        Filesize

                                                                                        248KB

                                                                                        MD5

                                                                                        3586efd66ab01b4aa02a54e6456d8576

                                                                                        SHA1

                                                                                        0a2497433b9b1490bf9b55b754f5db824a5de109

                                                                                        SHA256

                                                                                        3bf3cd7631aa599f3919a4272ae62165a141d951145ad55459cdce1d1a7f760c

                                                                                        SHA512

                                                                                        3dcd3c489615a2fd157be0455b98fb4b846cd50b09777cc90a7f184054118f9a5d80b1f7a727728bc1ce3a88c1cbac9939c5f260cfe9d9c1045409c453a7712d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                        Filesize

                                                                                        279KB

                                                                                        MD5

                                                                                        fc12f3ee1d852cd40c6b9a80ea27685d

                                                                                        SHA1

                                                                                        c1dde3fdb2e8827d43baa4f0b288505ab63e78bc

                                                                                        SHA256

                                                                                        da0f8d9d1f990c432fd632d39fcd83e48e7f0a614185cdc642e84ee1d5357f48

                                                                                        SHA512

                                                                                        01ee0c93e0af33b7157ca2877ff515f598aa49155ad0d53a0206b6d4c6fa5780dfcafcef68f59a73fbdfaa07c7a9e1dd919dce081a398cc6b6978196b6781dd5

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db
                                                                                        Filesize

                                                                                        48KB

                                                                                        MD5

                                                                                        5a1706ef2fb06594e5ec3a3f15fb89e2

                                                                                        SHA1

                                                                                        983042bba239018b3dced4b56491a90d38ba084a

                                                                                        SHA256

                                                                                        87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

                                                                                        SHA512

                                                                                        c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Server.exe.log
                                                                                        Filesize

                                                                                        594B

                                                                                        MD5

                                                                                        44e889763d548d09132c31ed548f63f5

                                                                                        SHA1

                                                                                        d9829a1b5841338533a0be0509df50172cce73be

                                                                                        SHA256

                                                                                        d29f0e5fe1ab31998f200d4441c0e201a2e3bd6e416f638cbee2eb55354d48cc

                                                                                        SHA512

                                                                                        a1474aaef1132f459e8139157a618368c7623f4a25a754c6fc2672d92929b9506bfcc272eebf5c69901f4140d36e740f5f6bbfb90e000c6538ab492f5aa48a96

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\SpyGate-RAT 3.2.exe.log
                                                                                        Filesize

                                                                                        774B

                                                                                        MD5

                                                                                        1b2f0c7407b8bbbaaf86739abe069e81

                                                                                        SHA1

                                                                                        372380724c49f74a66176054790917f31134ec63

                                                                                        SHA256

                                                                                        3dd2fd61d338cf98cb575bd6efe579a67debb9e3b4535fd6c2dba57a120ffbfd

                                                                                        SHA512

                                                                                        ea3343f655b6ab1181174db403590199049340f3bf2fb51e44f6be8949102d83952d1e7c69d92066573187e56199827abd3c90defab86b05072b0896ab458ae9

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Yashma ransomware builder v1.2.exe.log
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        baf55b95da4a601229647f25dad12878

                                                                                        SHA1

                                                                                        abc16954ebfd213733c4493fc1910164d825cac8

                                                                                        SHA256

                                                                                        ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

                                                                                        SHA512

                                                                                        24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rf.exe.log
                                                                                        Filesize

                                                                                        660B

                                                                                        MD5

                                                                                        1c5e1d0ff3381486370760b0f2eb656b

                                                                                        SHA1

                                                                                        f9df6be8804ef611063f1ff277e323b1215372de

                                                                                        SHA256

                                                                                        f424c891fbc7385e9826beed2dd8755aeac5495744b5de0a1e370891a7beaf7a

                                                                                        SHA512

                                                                                        78f5fc40a185d04c9e4a02a3d1b10b4bd684c579a45a0d1e8f49f8dee9018ed7bc8875cbf21f98632f93ead667214a41904226ce54817b85caeeb4b0de54a743

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Orcus.Administration-cracked.exe.log
                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        5dc08fee9a82d0204e8a1dec063f1ae8

                                                                                        SHA1

                                                                                        cef60b0c2e1669d0b7e83fc1a9243a8a68d1b209

                                                                                        SHA256

                                                                                        b46ea1bbbd43d4dde2ee86a7cf751dbc35612369cec25517966b077159f2d7a1

                                                                                        SHA512

                                                                                        d8d9279227fa45ae5a92750eea10b0c30a63a7fb40aff21af4132aae96a47893694bbdc517795d68a9d5091a80819e95de967c64dbbca7a560a46eecef0d27d0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Orcus.Server.exe.log
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        32f3aa43d8a4b5ad34dc9fea5e90b006

                                                                                        SHA1

                                                                                        744edc7c4fa4d01bc81dc4d4f146e2680e8ed8b3

                                                                                        SHA256

                                                                                        44498f925f09bbea45f495ded2f7d427b54dba8dbe426c16f9d07f7654e84cbd

                                                                                        SHA512

                                                                                        b0a952632ead14246be41e32bad50c04650bfc9fdc38c7f70fa188e059465fb4ce00c417d0bbcfd26c7f134f62013ff5f3694deab6070e277630514cb0e18fab

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z4pcagzk.default-release\activity-stream.discovery_stream.json
                                                                                        Filesize

                                                                                        22KB

                                                                                        MD5

                                                                                        0306d6031e7059e4bd828964e5630a48

                                                                                        SHA1

                                                                                        80f54e4ca2e93bc11801f8e82d78f11375bd85a9

                                                                                        SHA256

                                                                                        fff15b6ca604a4df892e0f344f20c7796e09f1607db85b1e6122774f5a74fd6b

                                                                                        SHA512

                                                                                        17daf42d3f4ba19d99edb66acdf78341731951ecc18250ca307c1f3e2fb6371c4e937adbb78c95e920e985b20287c9822c0134c1409b8b72991e7c3873a22d2b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z4pcagzk.default-release\cache2\entries\013631E4BC27A3AEE0D9BF881905754A9B020ABA
                                                                                        Filesize

                                                                                        844KB

                                                                                        MD5

                                                                                        4eff113e30eaddf81bc65a8e00cbf624

                                                                                        SHA1

                                                                                        4eb00f083dabb951b8ed1bede5693514f518d382

                                                                                        SHA256

                                                                                        a843d6b5c3fb5afc7dadde15af1a41e94a9fbb3095985bdf074c4636d512fb6a

                                                                                        SHA512

                                                                                        dffa3d3476e49145b7ae18412788b089a5c085af02e46dbebe98bdfe9263f5e04a987fe1b78b6061fc99f019934a01c829380ccaf3cbd80432bcefc49906bf21

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z4pcagzk.default-release\cache2\entries\51B577CF94B61510CE6B32C34BC4CB935759EF1F
                                                                                        Filesize

                                                                                        35KB

                                                                                        MD5

                                                                                        001573e3bb354b146dac060efa4b9f05

                                                                                        SHA1

                                                                                        ecd472abc6cdf1d22e2e41b52ef2776e18ab4b9b

                                                                                        SHA256

                                                                                        93271ce16c5a5fa5fb510c754ad31e4f0c8f5f0e1217d7bfc878eed5e9970927

                                                                                        SHA512

                                                                                        127b7242e59f366f14218d50dee908d6dfa860c99bdb8bf616ba479ad3e4ee7eceba7a4f6a195e5ab6b961e89ee3c7e5ac15693796fbfd3cc306fc9aa96e1c73

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z4pcagzk.default-release\cache2\entries\764706273F6635ABCCA46F5EEA13466A9B1468AA
                                                                                        Filesize

                                                                                        23KB

                                                                                        MD5

                                                                                        571e6e21eabe43c3f836929d65551108

                                                                                        SHA1

                                                                                        a9ad6d5bacb26b74891096e118ecb8ef5898896f

                                                                                        SHA256

                                                                                        1ab86933294b653dbc01c14ef45372c16efb698d70d103219aebcb0c901085a1

                                                                                        SHA512

                                                                                        368be4649837f2e7f32b1256efa2ac2117641e7b70381f1fde3e5c6084f9af6971ae7efb71d60ff03242c1e7b0325185a828fcb95cf109c256b354b6be04b882

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z4pcagzk.default-release\jumpListCache\7f5CyHmJeS6ecUd53q1Hp8eW_OJwTVwciSyebPhznjo=.ico
                                                                                        Filesize

                                                                                        472B

                                                                                        MD5

                                                                                        5253e01a0c1007226a73081c283db0d4

                                                                                        SHA1

                                                                                        e3172da89ac4f125681373aecf71497dac518cc9

                                                                                        SHA256

                                                                                        67050ae618368f39f6556fe1c956a555662e3aa1b4138f8ef6b04f9e621883c9

                                                                                        SHA512

                                                                                        e70c7fcd2bd1af1ee695e13a66c52705acefd9628c08acc1f8fda363af89433a3c45e61604d190b5263f5ddd2550239f0b98a95bb5905efb7fc89c5165d99765

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Costura\21E29AD7CD88FD3C37963FFA4C49AEB2\32\sqlite3.dll
                                                                                        Filesize

                                                                                        626KB

                                                                                        MD5

                                                                                        d8aec01ff14e3e7ad43a4b71e30482e4

                                                                                        SHA1

                                                                                        e3015f56f17d845ec7eef11d41bbbc28cc16d096

                                                                                        SHA256

                                                                                        da1d608be064555ab3d3d35e6db64527b8c44f3fa5ddd7c3ec723f80fc99736e

                                                                                        SHA512

                                                                                        f5b2f4bda0cc13e1d1c541fb0caea14081ee4daffd497e31a3d4d55d5f9d85a61158b4891a6527efe623b2f32b697ac912320d9be5c0303812ca98dcc8866fcf

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\RES122C.tmp
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        29b336a313134816ecd46dfd214f9fd0

                                                                                        SHA1

                                                                                        de147e4fdcc13676d9ffad9def7a8ed6bdf506c3

                                                                                        SHA256

                                                                                        5d8800d91623c16816932b61fd35772433adaa5f0577ce510018a6127e97c4f7

                                                                                        SHA512

                                                                                        69f9f953278045ce892dd144707ff4cc0e16e3f3a558dad09c7ee3cf81d1ffc9fb77b0d55f153c9fd9915e100c68498aa015f986186e2731cf799decbb0b21ae

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\mlt.tmp
                                                                                        Filesize

                                                                                        35B

                                                                                        MD5

                                                                                        8a2766a055c5492015e03b8a2ac2255d

                                                                                        SHA1

                                                                                        8a557197da794d32987549a82db92589587bbf86

                                                                                        SHA256

                                                                                        858acf20413c3d44b191b42bd0480376db98a912132758c45d8167720fdb528b

                                                                                        SHA512

                                                                                        6ae2d0ad73a451c86e2345cb6412d3534f1a869b87212590c4b21e4d6ec84918c188577f3bf6fa10d94209ecb5cd6b50c4b527e7038822ffdb7857008c56312f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                        Filesize

                                                                                        479KB

                                                                                        MD5

                                                                                        09372174e83dbbf696ee732fd2e875bb

                                                                                        SHA1

                                                                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                        SHA256

                                                                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                        SHA512

                                                                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                                        Filesize

                                                                                        13.8MB

                                                                                        MD5

                                                                                        0a8747a2ac9ac08ae9508f36c6d75692

                                                                                        SHA1

                                                                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                        SHA256

                                                                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                        SHA512

                                                                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\read_it.txt
                                                                                        Filesize

                                                                                        581B

                                                                                        MD5

                                                                                        7eaee5780f7e3eaa7e12a7865a2e95d6

                                                                                        SHA1

                                                                                        89aff3bcf462f3576870c14d63b23dcb3a9dde23

                                                                                        SHA256

                                                                                        e10501a9d9fb17012f7d39cce4c2d02ac15fe2c013ca3d41091d6376744b1007

                                                                                        SHA512

                                                                                        b4036befb6001d54bc20b36c304112880a5866eb7f4d423796a0d07737bf08caa9a30de79770d6512b381b1e4909100c9beeff1036183f3c35770ec668189549

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                        Filesize

                                                                                        14KB

                                                                                        MD5

                                                                                        4d97425a35643918b6614128fb79b157

                                                                                        SHA1

                                                                                        edd07cedb85c43a7addcb63fd408874b6d9fc949

                                                                                        SHA256

                                                                                        fd572913000c49f72174df6c9bc43bfe6819dec561cd8374d29a2ea6ea537a20

                                                                                        SHA512

                                                                                        32396fc3f12a6094e595b9a37507f6ea5879a016e70921c375f71e9e2281bd8cec2f9d9e97cdb9196a88cdcfc9fe17cddc31d68e948410a8e1572d2b31d13fea

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Q7NFU84YNQPK5PY34FL8.temp
                                                                                        Filesize

                                                                                        17KB

                                                                                        MD5

                                                                                        19de3b35c459ab86607e1d0ead56039a

                                                                                        SHA1

                                                                                        5547960f457f21e16690acf8c80fe761e6dd1efd

                                                                                        SHA256

                                                                                        8ba83d22b5d98ce546444be59aac9db9cc5fc6dff7c91eaef34df97cb0ab5758

                                                                                        SHA512

                                                                                        ec9f7ffc9c9053207adc956f4a0b7bde4c78f2591c5b4fad218b273cabbdd547877dc48148ba38410ad0ba10d65a8671fd396019a6f1caf6192417148a78a6cd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\AlternateServices.bin
                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        1656e444bbfa56b0d1480ceee3f54301

                                                                                        SHA1

                                                                                        865ce9e460abe60f0f36805c1a93ce2dd2830ebb

                                                                                        SHA256

                                                                                        296e9e4f36de1dd82833be018871bd826b240e96eecc38c0c35265dbafa7ba21

                                                                                        SHA512

                                                                                        f4beda6e125766af5ac43de2a62f05204128202a7a03615c4fb2e423ab7b225bd954108c087f113a055307a90423711050bb1da5c7d2f4dc0e6a223e4f39af8a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\db\data.safe.bin
                                                                                        Filesize

                                                                                        52KB

                                                                                        MD5

                                                                                        0f45b61c0f000d829ab4c10d5419ea3a

                                                                                        SHA1

                                                                                        5158d3d55aa5fbc02b7d4a034b8777e6c0053790

                                                                                        SHA256

                                                                                        bdb451d33f9225d667f8c491daca324725ec2a317515ffcb674efc4636c683ed

                                                                                        SHA512

                                                                                        55f80f1f08c9ff067352243d4ef6e2d35b9934b89cb8d276aaf5c8343f1cedf1b772142a7f48035af83b34aa771b25075a8f1330d109c16772a9d6bdb8a11fdc

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\db\data.safe.tmp
                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        69108e13ba6092cf272b4d86d2132cbf

                                                                                        SHA1

                                                                                        11b4e4295a9ced102bc4a12662ddb90594d7e7f8

                                                                                        SHA256

                                                                                        ed5fbe3d63b6017a809b1c4b61afec4c23a11f9181186305b66bdd691817b371

                                                                                        SHA512

                                                                                        83850733fa792cf77d933c200e9aaa5de04154598f47d61a3ef09441b9ac1549dcd38e2e60ddee7052ae13e04e30e344854bb0d02baf51999e6289dde5ee05d5

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\db\data.safe.tmp
                                                                                        Filesize

                                                                                        42KB

                                                                                        MD5

                                                                                        854eda080c2d51a8b997ae80fd5b56de

                                                                                        SHA1

                                                                                        e352d9b3750ff390fd283fd0f6cd0ef9edb03b4b

                                                                                        SHA256

                                                                                        8cad63d731be415b45ec9fdc7529c8ee431ca8c3c831a08e0e9e4bfe4b558ffd

                                                                                        SHA512

                                                                                        047c00cfc22a032e310c4693cf3e7941ba0a45b7bbb1548d1684dc5d3af43df5efa3d9e56ddd45058ebe0a771295c8089ead53eda58842ff72f8f4d4d49a34c1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\db\data.safe.tmp
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        7975ff70f65e38e7509909d41c39411c

                                                                                        SHA1

                                                                                        0958e4dc63af8a73c8865c3f70a358f0b097f916

                                                                                        SHA256

                                                                                        e369142adb4c84accf2d5c19d542727492d6f7c6d3e2b91498dd8e211fe15058

                                                                                        SHA512

                                                                                        91c4ddd2383e80cf600fa6f4d82a3c9be8268176002ca901a656bf0aa42db299736cdcf3b846a31955eed3f33e4f40bbadf847367f989f99c852cf21dc2cecd9

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\70ea4e8b-e189-4de3-94ce-934be706adcd
                                                                                        Filesize

                                                                                        982B

                                                                                        MD5

                                                                                        7cc1308dab87b70b97bab960b509232f

                                                                                        SHA1

                                                                                        edc4e58e26b89de8f77c97588d3e7dfbac5d55d1

                                                                                        SHA256

                                                                                        34f02c7e42176e330ec6d8ffc278b04948cbe3aa6ac9096696ca4bdccf46b2c5

                                                                                        SHA512

                                                                                        2c1dd92a808147593f7cd1227bc3bb88860b3e661c8c01a16307cf1619e6080510fa796c3721b5ca4382291077c37db3963c08d1b204ff159fe30ef3f06bad21

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\f1471e45-085b-43a7-8bf2-79ed07ec11ae
                                                                                        Filesize

                                                                                        14KB

                                                                                        MD5

                                                                                        c43eb789983974d18afad242557b4e6b

                                                                                        SHA1

                                                                                        697ebecdffb95eaee92f0b23b03428a80e9f79ae

                                                                                        SHA256

                                                                                        b52d9cdaf7fef83804b2294b7906c549e1ac6d9d3002ed3b4b7ffafb3db078ac

                                                                                        SHA512

                                                                                        9293408f26a689ef9aa0d0284c40bbc1e8e769160365dabd9fadf825d1b3b2c0907263b34a03fe1de301c0fb02d859209bdae6a15afb8a97c2a25833e7de15b7

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\f2f7c193-50e1-4fc9-916b-2ab377ea1ecc
                                                                                        Filesize

                                                                                        28KB

                                                                                        MD5

                                                                                        f78fccded7a89cd683eb878cd268b100

                                                                                        SHA1

                                                                                        d0e5b47972b149f51c611b5531a55a3a892dab13

                                                                                        SHA256

                                                                                        0624dfaf1f24839ed8b598fdf137389931c140c51fdc63cbada5aca6e384077d

                                                                                        SHA512

                                                                                        2180b53e1ba4b8f93c4dfbcae0e865ed72c7210781a84fa6852aa159ab34a2691e21a45a69077274294f792f05f569434c9e8e010327689576f7dac6c43b4203

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\f44f3df0-2a16-49a5-9436-957225167e29
                                                                                        Filesize

                                                                                        671B

                                                                                        MD5

                                                                                        c1ce16a794e451a79d150be321489c05

                                                                                        SHA1

                                                                                        4378c7654f10065fa6b69c58fc26f5250e3cc723

                                                                                        SHA256

                                                                                        a391ea24501871218a81f3ff9b93a4afa20a374656f97e950f0dce17528907f9

                                                                                        SHA512

                                                                                        126abdd15619ee2030a133835a84b7f766d02488248bb0be60b5372b0e1c17ec467d1ebbf8f458d6c13cb9ac591858a4048bcbf35f69b370f6fba686cdddcd3a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                                        Filesize

                                                                                        1.1MB

                                                                                        MD5

                                                                                        842039753bf41fa5e11b3a1383061a87

                                                                                        SHA1

                                                                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                        SHA256

                                                                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                        SHA512

                                                                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                                        Filesize

                                                                                        116B

                                                                                        MD5

                                                                                        2a461e9eb87fd1955cea740a3444ee7a

                                                                                        SHA1

                                                                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                        SHA256

                                                                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                        SHA512

                                                                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt
                                                                                        Filesize

                                                                                        479B

                                                                                        MD5

                                                                                        49ddb419d96dceb9069018535fb2e2fc

                                                                                        SHA1

                                                                                        62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                                                                        SHA256

                                                                                        2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                                                                        SHA512

                                                                                        48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                                        Filesize

                                                                                        372B

                                                                                        MD5

                                                                                        bf957ad58b55f64219ab3f793e374316

                                                                                        SHA1

                                                                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                        SHA256

                                                                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                        SHA512

                                                                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                                        Filesize

                                                                                        17.8MB

                                                                                        MD5

                                                                                        daf7ef3acccab478aaa7d6dc1c60f865

                                                                                        SHA1

                                                                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                        SHA256

                                                                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                        SHA512

                                                                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs-1.js
                                                                                        Filesize

                                                                                        10KB

                                                                                        MD5

                                                                                        7d6703122699d5362db25632e3ed8218

                                                                                        SHA1

                                                                                        3c0289bff4dbc341356f0a694fb5360fb638a515

                                                                                        SHA256

                                                                                        a1a564992c2a66acd32f493e4fe4fe10d652fa2826a7d4c3cab8ccdc7c369f88

                                                                                        SHA512

                                                                                        85392fc718a4f3c5e92c6d3ec1453bb289d76cb5449338f6ddebc6efef5797dbe0493ec05e415f76568c36180167e0365641ea0e3400c1880864f6313270fbc1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs-1.js
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        0d83842a529f5ada5c8fd9ee619966ba

                                                                                        SHA1

                                                                                        e4ee02070927e67a24f603f843924546f0b9bec8

                                                                                        SHA256

                                                                                        dd72fb0a0e1d120e9273ef27b3c9ad45484e95d894eb03f80e778acb44c41879

                                                                                        SHA512

                                                                                        75ffbe51c0ba738658092ec126ebd7c6194a7096c6d5fe9d2226666dc6d14295f323e94a3a652d40e96dbc511439359dc3d31393649d962510593fa444bd3686

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs-1.js
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        6c5053e25d33c95950336360a8240977

                                                                                        SHA1

                                                                                        837dec64cdf53558f7f9e27aa2206d0b28a7202c

                                                                                        SHA256

                                                                                        c87ad4d33cc56aaa6af42deafdb5c3d5945e88c884f8cc102d5a9fa33ded3049

                                                                                        SHA512

                                                                                        badbcae340d11493048ced61c1e5161aa7aad32cd78330a75023375b638588620f873de3dc4996b04f6b79c3116b0dec0cda0019076840ba058aeb09aa158d94

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs-1.js
                                                                                        Filesize

                                                                                        10KB

                                                                                        MD5

                                                                                        dca7763451e206234fcd0d35fdc6ed0d

                                                                                        SHA1

                                                                                        5c85d3c66a4ef50ab1bbbe1518f7eeace099fcf8

                                                                                        SHA256

                                                                                        a6342637d646e5cfdfcc608c882cc69deaa33ce0c22777f4423c9e2eeaddb4f6

                                                                                        SHA512

                                                                                        a68b15bd33ce4fac234a11ff68a6374712dae2aa301a7a558270f4ed73742e1ae296a0f116280d79f30d5b99d4a297f1e9962eed8149191410e43217bcc43ea7

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs-1.js
                                                                                        Filesize

                                                                                        10KB

                                                                                        MD5

                                                                                        985ee56ebf1d0758ec1a1bd1e74e923e

                                                                                        SHA1

                                                                                        70638b4409b18d1b6369547fac3fbbf2bfd8c999

                                                                                        SHA256

                                                                                        049dfc63991b43f96b1db5a02de26f2cf961292a5eba1a4f9165bd4d1f79752c

                                                                                        SHA512

                                                                                        2b672bf7731944007e4b42e246b8efe3c467679b77095c7b452ee9c1e04dcdb6c7ab303ef92fbfc4e9f3bf4ab2df8a1e29ff7c385ab8a72aa27c90a090b100db

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs.js
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        94ba593abc1e3445d5859ad519d3cafd

                                                                                        SHA1

                                                                                        cc3aefa6050f6656c0ec8cef8c9cba210ebb3529

                                                                                        SHA256

                                                                                        b867c3e6a0fb363491ea28752b4da6fc013cf92e717d81454e6a0da1a1a607e5

                                                                                        SHA512

                                                                                        1421448ece8bb4bff896976a3d8e1958fea5032268219ec69497fd16f0db78d4bd1d1b5c2b568747dab486494b746c49e24d49e0fa4d4aa08c13bfdbe0987951

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs.js
                                                                                        Filesize

                                                                                        10KB

                                                                                        MD5

                                                                                        b3bb674f8b9c9c49727f7ddf748b1b26

                                                                                        SHA1

                                                                                        f6f8195429b703a4c0eef630c17b7c9ab113e583

                                                                                        SHA256

                                                                                        fba0b7b9adfbab9f2e54aff713777cc3e3e8ccd58f5493a9dd42ce7f46f95ede

                                                                                        SHA512

                                                                                        6300f2f709d09e2f182bc57510c13dd6847893316351b10d34c9b98104447b110a62ddcad2457fc2f6ccf9ea9403e101d22ed5f27f61c9eb28e6e0ea0e08f52b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        3c6e1524c971f3e4c9a0111c54b1f5b2

                                                                                        SHA1

                                                                                        f20212a27039678af9a35f17aecc5a210e68402e

                                                                                        SHA256

                                                                                        4e4558358284b3ace6d59b40919a18cbcef97a7e12aed38caf641a51ad89ee93

                                                                                        SHA512

                                                                                        89fd65a291a819abb0c69d7c1088c881203317d009af30f4b7fb58622172547cc152fe5c74bcb3beacc6f4b3e9388fd9d48fd0a6494962ff7a125dc2ae8615b5

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        facea5a7f6cf3606f862231ca12cc703

                                                                                        SHA1

                                                                                        9720c40edf816dff866fa7d8724e5a9000f9faa6

                                                                                        SHA256

                                                                                        d973c0d00282a59c7bac0246eb96ff9d86458efcd6640004b842b6f2f4c997b7

                                                                                        SHA512

                                                                                        695a80f142f845ee849b45eeb8d75d9144e8c504d168221b8afb1df8425edf0a005d7dcf8c621bc3fc301aadde156180345e181e297d0cec05dba1d854009281

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        272f2936e8ef14b70fa876f46a280434

                                                                                        SHA1

                                                                                        6e57ff6f8741f9644543830f890cf5e4845add51

                                                                                        SHA256

                                                                                        f91ce6d59766e800fb2b14beeea2bfb06130062c7f90200381195537715182c7

                                                                                        SHA512

                                                                                        e03d0a268b2c12efcc3ee93809bd4e7fc8d8b77de1f1b4375c08d6a01dc6c9766a7b1c85d278ad485be3df7e5cf7a8324347dbdcf6f97b94f749d9fa1fc8e3d3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        9df0c2774f05746b71e01769617bf0e1

                                                                                        SHA1

                                                                                        2e14e95c28b73cf59a43138892c2fb0d38382c07

                                                                                        SHA256

                                                                                        bfeeb94833d97863c120ec44d691496c9b9858f17447e214844b3db9b2cc3ad3

                                                                                        SHA512

                                                                                        af884b261bab27012536786132b8e7056484e71eb9e10219fe7ebdc89fcaf6e5068455ff25c64ffef0767db89da974aff68a0590dcee262831f95192d3347b44

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        a7a8b4528187b99d360dd6ac95ffb88e

                                                                                        SHA1

                                                                                        f918c154a985fb073a978daf704d41ad1527e3bc

                                                                                        SHA256

                                                                                        8d27367b688d33ab415e4ed663a1496bb0a6d22cb8c47cbc998a9fb0275bda7a

                                                                                        SHA512

                                                                                        71690811a27c0ce49ae0906ae077c197dad375ce121a7aabdbc8d5c10227037d713a185e565b0937ec9696a8cdff0ecee7c1f68321fa09be0f6788656d52af84

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        14KB

                                                                                        MD5

                                                                                        02868dce0056ea18c57a36937fd972d2

                                                                                        SHA1

                                                                                        abcda2da6f836d8d571feac211e79bdd9dc36377

                                                                                        SHA256

                                                                                        72632089fe3bd61c3911ba78710a124e4a36150a888a255d2a30fec45a4f0b1d

                                                                                        SHA512

                                                                                        7c3148d14cf72519b8cff7feec771d78e03ceaad14107672ba4faeebead1a24dd7ed397c30b5bab9a4a86b82cea60d8d010f60bdcab9c7b583da52951ef95f36

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        9f1c9f1f73ffd8fa242af494ccab03ec

                                                                                        SHA1

                                                                                        1b28e7714817cbfe680b6b1474dd89b285141fc4

                                                                                        SHA256

                                                                                        6cec5faeb537a98e717550984c79854ca6ff2440f015d79405d1067053ac55ec

                                                                                        SHA512

                                                                                        0d017509c7f5d837f8d3ee1da3db423aab45fbbb4c3269a8229d3a5d9c779b4d95f26a1a5918ae21a8a74af2e94bbd436a78656b5d14d8be12bdd12a865f0441

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        d70246b9ada756020e97b7d473cb060d

                                                                                        SHA1

                                                                                        9d91fb3cc2814739a9e9b295547a8358af0a505b

                                                                                        SHA256

                                                                                        51d1c1e40ad24ec4ed3f1f05209db3d2907dd41a4cc41922c441e511b2ec10a7

                                                                                        SHA512

                                                                                        0b7e8450b6b6963a2945089f68a842298d6d761e861866542fe236dc42ece6e4c77f0493531f9afd00149fcd3be92e4e3ba6242f179cac9d44f60e092279b52c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        d585c27a8929a4b5568122f2e75a556a

                                                                                        SHA1

                                                                                        68c124e20719c65d6930232f1b37a825a0b21917

                                                                                        SHA256

                                                                                        cc9ad519b1568d5695f1a244d9cff9e4f03ba50677bc19189858255524d17e07

                                                                                        SHA512

                                                                                        e8a2c1f92aca76d25fb49c23b5500ba47fdf451fa401f62451c28c563e9319180f452cd7b09b5ea52d5fc5a1c8b0b4bb2a3256726963858086c4e986b33a5943

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Desktop\EditConvertTo.ini
                                                                                        Filesize

                                                                                        1B

                                                                                        MD5

                                                                                        d1457b72c3fb323a2671125aef3eab5d

                                                                                        SHA1

                                                                                        5bab61eb53176449e25c2c82f172b82cb13ffb9d

                                                                                        SHA256

                                                                                        8a8de823d5ed3e12746a62ef169bcf372be0ca44f0a1236abc35df05d96928e1

                                                                                        SHA512

                                                                                        ca63c07ad35d8c9fb0c92d6146759b122d4ec5d3f67ebe2f30ddb69f9e6c9fd3bf31a5e408b08f1d4d9cd68120cced9e57f010bef3cde97653fed5470da7d1a0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderOrcus.BFMMw5oc.zip.part
                                                                                        Filesize

                                                                                        19.8MB

                                                                                        MD5

                                                                                        f61dc7cde4aa1a4f7c52420d458094ee

                                                                                        SHA1

                                                                                        9b73a858e04b1f9d5c6d713c8051f97ab0964f41

                                                                                        SHA256

                                                                                        17254453b9aa0c8b16998f52f847b7d31187265001f5451faa2bffee7eadeb52

                                                                                        SHA512

                                                                                        ad37c3ddfb4c941283ddee9fe8d6252e5176560e6747ebb7ee5e5d0407ee2f2048b07aa6e1351529e2b9bfbfbe6d7e7feb2aa3b312d0a6105f8ed5d152f75f15

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\Orcus.Server.exe
                                                                                        Filesize

                                                                                        3.2MB

                                                                                        MD5

                                                                                        700a14ba55fb47f9b8a99ffa92267125

                                                                                        SHA1

                                                                                        43ef6ab246ba72d39cd1a72dd83fee68aceba493

                                                                                        SHA256

                                                                                        594f18a0b5b83c1c64c75830f8e9b2bd4d4629c9c5b9c70b3aa5f0f17b22789a

                                                                                        SHA512

                                                                                        c4ab308a65f267edee887085d358df1ddf83e55fa8f3507209cebc5b44e755f17d583956d170e57e6644d70505a175d58a17f1cdaab13ba7431c4185594804b4

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\log.txt
                                                                                        Filesize

                                                                                        373B

                                                                                        MD5

                                                                                        9c9f04a28f0e2f30cd5557aa23290180

                                                                                        SHA1

                                                                                        54c23e9f8b057276c0462160fc16c667d969e774

                                                                                        SHA256

                                                                                        debc0d9b0b44a3781e1779b05dee87cd3cc6956a2f8b6756ccaf2a550a21890b

                                                                                        SHA512

                                                                                        55da1753bf623eec7edfb992b16535b01ff9174028385acd43ee96e90c4b208c9584e99d09c43cf74f2a8aa175f259e24e88e2ea339ddb370ad0baee5d05923d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderOrcus\BuilderOrcus\settings.json
                                                                                        Filesize

                                                                                        929B

                                                                                        MD5

                                                                                        5554d5272f721052002f8ac2381150c4

                                                                                        SHA1

                                                                                        bb461aa4786c2115e59c40e0beea87a4677860d9

                                                                                        SHA256

                                                                                        605615b7ad9471b9a46b2698e35930470a462e41c4673101b4912765ddc343f5

                                                                                        SHA512

                                                                                        fe9920e27ff4dee09ee18128d39940c8a09755cbb34ad5275b23d5364b885092d2949cf8344720617172e71d217dae807f4fd3a2790216a7d119512c831f63f3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderSpyGate.zWoQcQza.zip.part
                                                                                        Filesize

                                                                                        938KB

                                                                                        MD5

                                                                                        f579e7c2a4bf23bc9b10711e33e4019d

                                                                                        SHA1

                                                                                        8cc0a49e7c63b42684418175b1849c51226a5ed5

                                                                                        SHA256

                                                                                        32084737fefc94109fef9e43b33dbb169fb2ca1784ab847e6c913c1ad64d9c9a

                                                                                        SHA512

                                                                                        255ebece667e172801767473dffa70099913cd395b4f187c9cb4e8362a8e4eed2ecef798208cb08e02ad5f528171ac58d9326b066544de5c81a9b677c5ab7006

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderSpyGate\BuilderSpyGate\SpyGate-RAT 3.2\Mono.Cecil.dll
                                                                                        Filesize

                                                                                        305KB

                                                                                        MD5

                                                                                        851ec9d84343fbd089520d420348a902

                                                                                        SHA1

                                                                                        f8e2a80130058e4db3cf569cf4297d07d05c93e0

                                                                                        SHA256

                                                                                        cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9

                                                                                        SHA512

                                                                                        5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderSpyGate\BuilderSpyGate\SpyGate-RAT 3.2\Readme.txt
                                                                                        Filesize

                                                                                        734B

                                                                                        MD5

                                                                                        ad45d7606006664fcee358cb32d36945

                                                                                        SHA1

                                                                                        87b049b418beeeb76e69f9310ad7f63a81bc6d2f

                                                                                        SHA256

                                                                                        b64e3cdef4331afe09fa4df96973be628ff4216336e9d1e5d188c224b139b31d

                                                                                        SHA512

                                                                                        e3c7610549b4c9eefb23a023ac476d60651d5b7a51ec71c6f3eba0f77827b89ac45515794f51aac1647bc1105078defdf57f19f185c98bbe2601c2b696311a65

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderSpyGate\BuilderSpyGate\SpyGate-RAT 3.2\SpyGate-RAT 3.2.exe
                                                                                        Filesize

                                                                                        3.5MB

                                                                                        MD5

                                                                                        46bb00674e7c8d751f8edec5938e320d

                                                                                        SHA1

                                                                                        a9da68979e81249bbc0b83fbfd32e58883f29bad

                                                                                        SHA256

                                                                                        d638f69107aa7957c7b4df0ae94e60f36d3a52b91dcc182710b6e9e8cd2696a3

                                                                                        SHA512

                                                                                        e4010678807e80364cd6787958450107ec3ca4cc1b8218f1b6513c6ebeb1f5f9487d7ec5a13beca9465642d5a33883e35407ecd59ac36b39f20c113201300ac1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\BuilderSpyGate\BuilderSpyGate\SpyGate-RAT 3.2\Stub.exe
                                                                                        Filesize

                                                                                        82KB

                                                                                        MD5

                                                                                        16be6a4484e3877dbfbedab9b5a37ddb

                                                                                        SHA1

                                                                                        dcad5b1630c4916744e27a5f7c01d636a342fe2a

                                                                                        SHA256

                                                                                        f5523c0081af67436ef06a92aa48d12f865cea26232c074f6e8f74a52d2e9e7f

                                                                                        SHA512

                                                                                        5ef23d5e58ac10747fd3aa5c08b2fcfc6142679084748012f18a86ec5cb819081a0c78cdf0b4a037c2aeef4b2cd1087db5c7a017912a16e4aa56b255dd9679ce

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\Orcus Builder.vkTqI-S3.7z.part
                                                                                        Filesize

                                                                                        14.9MB

                                                                                        MD5

                                                                                        5e5c0ddd3fbe0e3356008555470df7ce

                                                                                        SHA1

                                                                                        e454c54a4bc4b45415a63ed5284813bb9137bc9d

                                                                                        SHA256

                                                                                        34dc23dc522fa686eca7994fbbd7d6cc28b0b74749db7fe691992777db1c85eb

                                                                                        SHA512

                                                                                        eced7749c6c3df366bae81500de03bb531bac5b45d6c74919a28a8d2fcdb37ebe534afad92d598d57fea01359e81818b6381946aa1ed73f9d3e7c96807593f00

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\Server.exe
                                                                                        Filesize

                                                                                        82KB

                                                                                        MD5

                                                                                        682cf08242c214c17f27960f7935ac07

                                                                                        SHA1

                                                                                        5566f0825bbce959a618d714f4161d2d248f261b

                                                                                        SHA256

                                                                                        012f5d4d2ef272f2897b4a95f788393e39f131005cacfa9cccd865f1cd6fca72

                                                                                        SHA512

                                                                                        419a45327842fc9480d0777cd4b4e9caa7440056428e9224efce6803e25422a7d92a4340a3d1ceb28d9fda1972ced097d9fcadc510f208929d9a677319bbb18d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\Yashma Ransomware Builder.D2FlLMKU.rar.part
                                                                                        Filesize

                                                                                        80KB

                                                                                        MD5

                                                                                        0969995f59b3cd80ecc575b99176b86b

                                                                                        SHA1

                                                                                        58d4db7f8b2de3f1d82e8cc0358ca1f30e87e490

                                                                                        SHA256

                                                                                        87f67ac8ea32e14f10b9c1c4794bc6fbd9e63e6785cef709525da9768a6c1ca0

                                                                                        SHA512

                                                                                        68048405998b51d9c582b9f41f77f97570970f8bb19b6bf832f12e0c27d99f8347e256966833e3f72a18f45b3a7da6ea1b048219aaf139305baaffd05cf6869c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\Yashma Ransomware Builder.zip.crdownload
                                                                                        Filesize

                                                                                        94KB

                                                                                        MD5

                                                                                        c99dcc9d4345e2ae66fc51d8827d68c0

                                                                                        SHA1

                                                                                        125be51bcc1c5a98041061ae5f402c67bfb3fd5c

                                                                                        SHA256

                                                                                        77a9db8a3042aa7f6189620e3662c8da2c8cb99f9cf0dba726a5e4d8f42cad6c

                                                                                        SHA512

                                                                                        63a6fd9bf37850369c63864e85519a5431ba0c9dabc44ce22adb438a2a63e1e5992bd3c0ab978b482eab41a6e6d20fc7cb1f293c5d6bb18062ab49fe6bb873ee

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\rf.exe
                                                                                        Filesize

                                                                                        27KB

                                                                                        MD5

                                                                                        fa26987e7986cef2dfc5e1fb656c6fca

                                                                                        SHA1

                                                                                        977396174c2d0d7ab8a74e0096b9186f6758d541

                                                                                        SHA256

                                                                                        8e4755a0f00394ada7a725e081d6bfa8c24963a290ccb252e35371923414163f

                                                                                        SHA512

                                                                                        4a70c080ef87d3082219f8da8bd85b1a0a1f8357bb003d68f188e6ea1e377296bf7dee7bdca7d1804ad594c7e30d40fe9db4bb35075aeb35635f916a74919a9c

                                                                                        Download Submit

                                                                                      • C:\Users\All Users\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                                        Filesize

                                                                                        1.2MB

                                                                                        MD5

                                                                                        9122237958b0d20308725834315a7809

                                                                                        SHA1

                                                                                        6caa469eb5f4aad9ebd7cc82476f373ba5afd45e

                                                                                        SHA256

                                                                                        50cea6958094adadc666033b8833cb64850a908eb843b30994a14d7533ea8b15

                                                                                        SHA512

                                                                                        9c99c343c23036fcf5aaae9081e21b2d5463ba15154f76cef1e38cc288086c782d6f5d41b2928c57dd74b1717780540bdc787577a39faf64d7077e5319b75685

                                                                                        Download Submit

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\lkjcygxr\lkjcygxr.0.cs
                                                                                        Filesize

                                                                                        39KB

                                                                                        MD5

                                                                                        a47abb80195d9689a822be5e5fc18764

                                                                                        SHA1

                                                                                        a65f831fd0c69e61ab8e712b8402e756bf617673

                                                                                        SHA256

                                                                                        5372f45d7c0e4a2ef82da91e687e1c0d54a724355dff2b163e80cb9f85788c19

                                                                                        SHA512

                                                                                        1a5466f8f0e9e28dc7a93c18e4fe5b1a5a2dac98e10abb36be2f9f9c87c4f38fec2d0bb57d35ce31fd8e7773088d035b53063376093572bded108303d7563326

                                                                                        Download Submit

                                                                                      • \??\c:\Users\Admin\AppData\Local\Temp\lkjcygxr\lkjcygxr.cmdline
                                                                                        Filesize

                                                                                        438B

                                                                                        MD5

                                                                                        4e7880db7e7a782f0c8c820e0006928a

                                                                                        SHA1

                                                                                        758cb9922fc1330dfcb36b977062d8defaf44c1b

                                                                                        SHA256

                                                                                        679f3017fff8f83f97727bd44be70b18177c41fc7a29de01d2a1e9e9445bd437

                                                                                        SHA512

                                                                                        b898ab9d354c5a2be1a920b4c196280da51c2ba2ed01869e998c29413c66297c2e614b1cd6b9e99fff266ef379ffe3bd795d05a070710abb77e25bd53c98fcfd

                                                                                        Download Submit

                                                                                      • \??\c:\Users\Admin\Downloads\Yashma Ransomware Builder\Yashma Ransomware Builder\CSCA671086987484EE8BA12F8EE47AD3B29.TMP
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        127566c5b8a7095a7a1c44e58ea57cf1

                                                                                        SHA1

                                                                                        2a18918ca3ff90d1786f2ff1df2d57ef21b4f717

                                                                                        SHA256

                                                                                        b0992830db35c658c8cdff335440d047f5cd19daab37147d369f123c78ca01ed

                                                                                        SHA512

                                                                                        e2689f086d973e31f13f0ad34c9ea99c411f6664a1610dca9fa494242d4c059d0190f2b66b768325daad92c64cf28894164cdd9c3bda7edcba2b7fb95f73b8e8

                                                                                        Download Submit

                                                                                      • memory/1044-1409-0x0000000000B70000-0x0000000000B7E000-memory.dmp

                                                                                        Filesize

                                                                                        56KB

                                                                                        Download

                                                                                      • memory/1672-933-0x000000001D5E0000-0x000000001D600000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/1672-932-0x000000001EA30000-0x000000001EA92000-memory.dmp

                                                                                        Filesize

                                                                                        392KB

                                                                                        Download

                                                                                      • memory/2200-682-0x0000000012DE0000-0x0000000013BEE000-memory.dmp

                                                                                        Filesize

                                                                                        14.1MB

                                                                                        Download

                                                                                      • memory/2336-0-0x000000007458E000-0x000000007458F000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/2336-1-0x00000000001D0000-0x00000000005CA000-memory.dmp

                                                                                        Filesize

                                                                                        4.0MB

                                                                                        Download

                                                                                      • memory/3448-686-0x0000000000710000-0x0000000000A48000-memory.dmp

                                                                                        Filesize

                                                                                        3.2MB

                                                                                        Download

                                                                                      • memory/3448-703-0x00000000079C0000-0x00000000079FC000-memory.dmp

                                                                                        Filesize

                                                                                        240KB

                                                                                        Download

                                                                                      • memory/3448-699-0x00000000076F0000-0x00000000078B2000-memory.dmp

                                                                                        Filesize

                                                                                        1.8MB

                                                                                        Download

                                                                                      • memory/3448-697-0x0000000006FE0000-0x0000000007072000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                        Download

                                                                                      • memory/3448-698-0x0000000007080000-0x00000000070DC000-memory.dmp

                                                                                        Filesize

                                                                                        368KB

                                                                                        Download

                                                                                      • memory/3448-701-0x00000000075A0000-0x00000000075D0000-memory.dmp

                                                                                        Filesize

                                                                                        192KB

                                                                                        Download

                                                                                      • memory/3448-695-0x00000000059E0000-0x0000000005C76000-memory.dmp

                                                                                        Filesize

                                                                                        2.6MB

                                                                                        Download

                                                                                      • memory/3448-693-0x00000000057A0000-0x0000000005838000-memory.dmp

                                                                                        Filesize

                                                                                        608KB

                                                                                        Download

                                                                                      • memory/3448-692-0x0000000005660000-0x000000000569E000-memory.dmp

                                                                                        Filesize

                                                                                        248KB

                                                                                        Download

                                                                                      • memory/3448-732-0x0000000060900000-0x0000000060992000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                        Download

                                                                                      • memory/3448-702-0x00000000075D0000-0x000000000761C000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                        Download

                                                                                      • memory/3448-700-0x0000000007DF0000-0x000000000831C000-memory.dmp

                                                                                        Filesize

                                                                                        5.2MB

                                                                                        Download

                                                                                      • memory/3448-704-0x0000000007690000-0x00000000076B1000-memory.dmp

                                                                                        Filesize

                                                                                        132KB

                                                                                        Download

                                                                                      • memory/5156-1288-0x00000000002A0000-0x000000000032C000-memory.dmp

                                                                                        Filesize

                                                                                        560KB

                                                                                        Download

                                                                                      • memory/5160-2926-0x0000000000020000-0x000000000005A000-memory.dmp

                                                                                        Filesize

                                                                                        232KB

                                                                                        Download

                                                                                      • memory/5676-890-0x000000001B4C0000-0x000000001B566000-memory.dmp

                                                                                        Filesize

                                                                                        664KB

                                                                                        Download

                                                                                      • memory/5676-891-0x000000001BA40000-0x000000001BF0E000-memory.dmp

                                                                                        Filesize

                                                                                        4.8MB

                                                                                        Download

                                                                                      • memory/5676-892-0x000000001BFB0000-0x000000001C04C000-memory.dmp

                                                                                        Filesize

                                                                                        624KB

                                                                                        Download

                                                                                      • memory/5676-893-0x0000000000DC0000-0x0000000000DC8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                        Download

                                                                                      • memory/5676-894-0x000000001C080000-0x000000001C0CC000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                        Download

                                                                                      • memory/5676-917-0x0000000020890000-0x00000000208E2000-memory.dmp

                                                                                        Filesize

                                                                                        328KB

                                                                                        Download

                                                                                      • memory/5956-666-0x000000000E010000-0x000000000E628000-memory.dmp

                                                                                        Filesize

                                                                                        6.1MB

                                                                                        Download

                                                                                      • memory/5956-664-0x000000000C940000-0x000000000C978000-memory.dmp

                                                                                        Filesize

                                                                                        224KB

                                                                                        Download

                                                                                      • memory/5956-665-0x000000000A2B0000-0x000000000A2BE000-memory.dmp

                                                                                        Filesize

                                                                                        56KB

                                                                                        Download

                                                                                      • memory/5956-667-0x000000000CA10000-0x000000000CA1C000-memory.dmp

                                                                                        Filesize

                                                                                        48KB

                                                                                        Download

                                                                                      • memory/5956-663-0x000000000A0B0000-0x000000000A0B8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                        Download

                                                                                      • memory/5956-662-0x00000000079F0000-0x00000000079F8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                        Download

                                                                                      • memory/5956-661-0x00000000071B0000-0x00000000071B8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                        Download

                                                                                      • memory/5956-660-0x0000000006CF0000-0x0000000006D08000-memory.dmp

                                                                                        Filesize

                                                                                        96KB

                                                                                        Download

                                                                                      • memory/5956-659-0x0000000007200000-0x00000000077A4000-memory.dmp

                                                                                        Filesize

                                                                                        5.6MB

                                                                                        Download

                                                                                      • memory/5956-668-0x0000000073F50000-0x0000000074700000-memory.dmp

                                                                                        Filesize

                                                                                        7.7MB

                                                                                        Download

                                                                                      • memory/5956-658-0x0000000006BE0000-0x0000000006C46000-memory.dmp

                                                                                        Filesize

                                                                                        408KB

                                                                                        Download

                                                                                      • memory/5956-657-0x00000000066C0000-0x00000000066D0000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/5956-656-0x0000000006710000-0x00000000067A8000-memory.dmp

                                                                                        Filesize

                                                                                        608KB

                                                                                        Download

                                                                                      • memory/5956-655-0x0000000006200000-0x0000000006554000-memory.dmp

                                                                                        Filesize

                                                                                        3.3MB

                                                                                        Download

                                                                                      • memory/5956-654-0x0000000006110000-0x0000000006132000-memory.dmp

                                                                                        Filesize

                                                                                        136KB

                                                                                        Download

                                                                                      • memory/5956-653-0x0000000006170000-0x00000000061F6000-memory.dmp

                                                                                        Filesize

                                                                                        536KB

                                                                                        Download

                                                                                      • memory/5956-652-0x0000000006080000-0x00000000060DC000-memory.dmp

                                                                                        Filesize

                                                                                        368KB

                                                                                        Download

                                                                                      • memory/5956-651-0x0000000005FF0000-0x0000000005FFE000-memory.dmp

                                                                                        Filesize

                                                                                        56KB

                                                                                        Download

                                                                                      • memory/5956-650-0x0000000006000000-0x0000000006012000-memory.dmp

                                                                                        Filesize

                                                                                        72KB

                                                                                        Download

                                                                                      • memory/5956-648-0x0000000005F50000-0x0000000005FD8000-memory.dmp

                                                                                        Filesize

                                                                                        544KB

                                                                                        Download

                                                                                      • memory/5956-649-0x0000000005C00000-0x0000000005C10000-memory.dmp

                                                                                        Filesize

                                                                                        64KB

                                                                                        Download

                                                                                      • memory/5956-647-0x0000000005C40000-0x0000000005C74000-memory.dmp

                                                                                        Filesize

                                                                                        208KB

                                                                                        Download

                                                                                      • memory/5956-646-0x0000000005BE0000-0x0000000005BFC000-memory.dmp

                                                                                        Filesize

                                                                                        112KB

                                                                                        Download

                                                                                      • memory/5956-669-0x0000000073F50000-0x0000000074700000-memory.dmp

                                                                                        Filesize

                                                                                        7.7MB

                                                                                        Download

                                                                                      • memory/5956-645-0x0000000005810000-0x0000000005824000-memory.dmp

                                                                                        Filesize

                                                                                        80KB

                                                                                        Download

                                                                                      • memory/5956-644-0x0000000005E40000-0x0000000005F48000-memory.dmp

                                                                                        Filesize

                                                                                        1.0MB

                                                                                        Download

                                                                                      • memory/5956-643-0x00000000057C0000-0x00000000057E2000-memory.dmp

                                                                                        Filesize

                                                                                        136KB

                                                                                        Download

                                                                                      • memory/5956-642-0x0000000005D10000-0x0000000005E3C000-memory.dmp

                                                                                        Filesize

                                                                                        1.2MB

                                                                                        Download

                                                                                      • memory/5956-641-0x0000000005AD0000-0x0000000005BD6000-memory.dmp

                                                                                        Filesize

                                                                                        1.0MB

                                                                                        Download

                                                                                      • memory/5956-640-0x0000000073F50000-0x0000000074700000-memory.dmp

                                                                                        Filesize

                                                                                        7.7MB

                                                                                        Download

                                                                                      • memory/5956-639-0x0000000005830000-0x0000000005AC6000-memory.dmp

                                                                                        Filesize

                                                                                        2.6MB

                                                                                        Download

                                                                                      • memory/5956-638-0x0000000073F50000-0x0000000074700000-memory.dmp

                                                                                        Filesize

                                                                                        7.7MB

                                                                                        Download

                                                                                      • memory/5956-637-0x0000000005250000-0x000000000530A000-memory.dmp

                                                                                        Filesize

                                                                                        744KB

                                                                                        Download

                                                                                      • memory/5956-672-0x000000000BED0000-0x000000000BEE2000-memory.dmp

                                                                                        Filesize

                                                                                        72KB

                                                                                        Download

                                                                                      • memory/5956-676-0x0000000073F50000-0x0000000074700000-memory.dmp

                                                                                        Filesize

                                                                                        7.7MB

                                                                                        Download