0a94f337aae816f2b1a613624123b26c965b8ac4a8d2d0e7bb4e250717357de7

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
31/03/2025, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Phoenix-Nuker/Phoenix-Nuker.exe
Size

17.9MB
MD5

bfefa239c8a99e0f3cd1e9cfeea7ef16
SHA1

62c36544d88a15ac26de901a35e39874472638c5
SHA256

ad764db8191b3cd576f25a8be8a028df7ee1fcd477c5c583f4ad7d515cbc0511
SHA512

d36042a744bdafc527021662fa184086610a5292ae69bb35dda0c11812340fdf6b73b7eb5445bf2375928b6f74131e1b7cf18de9f502d4f8a12afb3b88a5889e
SSDEEP

393216:nqPnLFXlrHQpDOETgsvfGmkgPAMYvNZX2MqY19:qPLFXNHQoE4C2E

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3684	dat.txt
6128	dat.txt

Loads dropped DLL 64 IoCs

pid	Process
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000\Software\Microsoft\Windows\CurrentVersion\Run\empyrean = "C:\\Users\\Admin\\AppData\\Roaming\\empyrean\\run.bat"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
9	discord.com
10	raw.githubusercontent.com
13	discord.com
14	raw.githubusercontent.com
4	discord.com
4	camo.githubusercontent.com
6	raw.githubusercontent.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	ipapi.co
7	ipapi.co
12	ipapi.co
16	ipapi.co
18	ipapi.co

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\login_db	dat.txt
File created	C:\Windows\System32\cookie_db	dat.txt
File opened for modification	C:\Windows\System32\cards_db	dat.txt
File created	C:\Windows\System32\login_db	dat.txt
File opened for modification	C:\Windows\system32\cookie_db	dat.txt
File opened for modification	C:\Windows\system32\web_history_db	dat.txt
File created	C:\Windows\System32\downloads_db	dat.txt
File opened for modification	C:\Windows\System32\downloads_db	dat.txt
File opened for modification	C:\Windows\system32\login_db	dat.txt
File opened for modification	C:\Windows\System32\cookie_db	dat.txt
File created	C:\Windows\System32\web_history_db	dat.txt
File opened for modification	C:\Windows\System32\web_history_db	dat.txt
File opened for modification	C:\Windows\system32\downloads_db	dat.txt
File created	C:\Windows\System32\cards_db	dat.txt
File opened for modification	C:\Windows\system32\cards_db	dat.txt
File created	C:\Windows\System32\vault.zip	dat.txt

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002b181-114.dat	upx
behavioral1/memory/2708-118-0x00007FF95A140000-0x00007FF95A5AE000-memory.dmp	upx
behavioral1/files/0x001900000002b156-120.dat	upx
behavioral1/memory/2708-126-0x00007FF96BED0000-0x00007FF96BEF4000-memory.dmp	upx
behavioral1/files/0x001c00000002b170-125.dat	upx
behavioral1/memory/2708-128-0x00007FF975490000-0x00007FF97549F000-memory.dmp	upx
behavioral1/files/0x001900000002b163-129.dat	upx
behavioral1/files/0x001900000002b184-131.dat	upx
behavioral1/memory/2708-132-0x00007FF971180000-0x00007FF971199000-memory.dmp	upx
behavioral1/files/0x001900000002b183-134.dat	upx
behavioral1/files/0x001900000002b155-141.dat	upx
behavioral1/memory/2708-138-0x00007FF96BD40000-0x00007FF96BD6E000-memory.dmp	upx
behavioral1/memory/2708-135-0x00007FF975430000-0x00007FF97543D000-memory.dmp	upx
behavioral1/files/0x001900000002b15d-142.dat	upx
behavioral1/memory/2708-143-0x00007FF9710C0000-0x00007FF9710D9000-memory.dmp	upx
behavioral1/memory/2708-145-0x00007FF96BD10000-0x00007FF96BD3D000-memory.dmp	upx
behavioral1/files/0x001c00000002b182-148.dat	upx
behavioral1/memory/2708-150-0x00007FF96B550000-0x00007FF96B60C000-memory.dmp	upx
behavioral1/files/0x001900000002b189-151.dat	upx
behavioral1/memory/2708-153-0x00007FF96BB30000-0x00007FF96BB5B000-memory.dmp	upx
behavioral1/files/0x001900000002b17d-154.dat	upx
behavioral1/files/0x001900000002b160-156.dat	upx
behavioral1/memory/2708-161-0x00007FF96BED0000-0x00007FF96BEF4000-memory.dmp	upx
behavioral1/memory/2708-160-0x00007FF96EC70000-0x00007FF96EC7D000-memory.dmp	upx
behavioral1/memory/2708-159-0x00007FF96B060000-0x00007FF96B094000-memory.dmp	upx
behavioral1/memory/2708-158-0x00007FF95A140000-0x00007FF95A5AE000-memory.dmp	upx
behavioral1/files/0x001900000002b157-162.dat	upx
behavioral1/memory/2708-164-0x00007FF96AE10000-0x00007FF96AE52000-memory.dmp	upx
behavioral1/files/0x001900000002b166-165.dat	upx
behavioral1/memory/2708-167-0x00007FF971180000-0x00007FF971199000-memory.dmp	upx
behavioral1/memory/2708-168-0x00007FF96EAF0000-0x00007FF96EAFA000-memory.dmp	upx
behavioral1/files/0x001c00000002b17c-169.dat	upx
behavioral1/memory/2708-171-0x00007FF96D440000-0x00007FF96D45C000-memory.dmp	upx
behavioral1/files/0x004600000002b165-172.dat	upx
behavioral1/files/0x001900000002b16f-174.dat	upx
behavioral1/memory/2708-176-0x00007FF96BD40000-0x00007FF96BD6E000-memory.dmp	upx
behavioral1/memory/2708-177-0x00007FF9603B0000-0x00007FF9603DE000-memory.dmp	upx
behavioral1/files/0x001900000002b171-175.dat	upx
behavioral1/memory/2708-181-0x00007FF959960000-0x00007FF959A18000-memory.dmp	upx
behavioral1/memory/2708-182-0x00007FF9595E0000-0x00007FF959955000-memory.dmp	upx
behavioral1/files/0x001900000002b15a-184.dat	upx
behavioral1/memory/2708-186-0x00007FF96B550000-0x00007FF96B60C000-memory.dmp	upx
behavioral1/memory/2708-187-0x00007FF96F2A0000-0x00007FF96F2B4000-memory.dmp	upx
behavioral1/files/0x001900000002b16b-189.dat	upx
behavioral1/memory/2708-194-0x00007FF96B030000-0x00007FF96B055000-memory.dmp	upx
behavioral1/memory/2708-193-0x00007FF96F290000-0x00007FF96F29B000-memory.dmp	upx
behavioral1/memory/2708-192-0x00007FF96BB30000-0x00007FF96BB5B000-memory.dmp	upx
behavioral1/files/0x001c00000002b188-195.dat	upx
behavioral1/memory/2708-197-0x00007FF959CE0000-0x00007FF959DF8000-memory.dmp	upx
behavioral1/files/0x001900000002b16c-191.dat	upx
behavioral1/files/0x001c00000002b164-199.dat	upx
behavioral1/memory/2708-201-0x00007FF96AE10000-0x00007FF96AE52000-memory.dmp	upx
behavioral1/memory/2708-202-0x00007FF96B010000-0x00007FF96B02F000-memory.dmp	upx
behavioral1/files/0x001900000002b187-200.dat	upx
behavioral1/memory/2708-204-0x00007FF9591F0000-0x00007FF959361000-memory.dmp	upx
behavioral1/files/0x001c00000002b117-207.dat	upx
behavioral1/files/0x001900000002b11e-206.dat	upx
behavioral1/memory/2708-211-0x00007FF96BE40000-0x00007FF96BE4B000-memory.dmp	upx
behavioral1/memory/2708-213-0x00007FF9603B0000-0x00007FF9603DE000-memory.dmp	upx
behavioral1/files/0x001c00000002b123-214.dat	upx
behavioral1/files/0x004600000002b118-212.dat	upx
behavioral1/memory/2708-210-0x00007FF96D460000-0x00007FF96D46B000-memory.dmp	upx
behavioral1/memory/2708-215-0x00007FF959960000-0x00007FF959A18000-memory.dmp	upx
behavioral1/memory/2708-225-0x00007FF960330000-0x00007FF96033C000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 29 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879041544551267"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2081498128-3109241912-2948996266-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
2488	reg.exe
3868	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Phoenix-discord-nuker-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5400	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
2708	Phoenix-Nuker.exe
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
6128	dat.txt
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2708	Phoenix-Nuker.exe
Token: SeIncreaseQuotaPrivilege	5544	WMIC.exe
Token: SeSecurityPrivilege	5544	WMIC.exe
Token: SeTakeOwnershipPrivilege	5544	WMIC.exe
Token: SeLoadDriverPrivilege	5544	WMIC.exe
Token: SeSystemProfilePrivilege	5544	WMIC.exe
Token: SeSystemtimePrivilege	5544	WMIC.exe
Token: SeProfSingleProcessPrivilege	5544	WMIC.exe
Token: SeIncBasePriorityPrivilege	5544	WMIC.exe
Token: SeCreatePagefilePrivilege	5544	WMIC.exe
Token: SeBackupPrivilege	5544	WMIC.exe
Token: SeRestorePrivilege	5544	WMIC.exe
Token: SeShutdownPrivilege	5544	WMIC.exe
Token: SeDebugPrivilege	5544	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5544	WMIC.exe
Token: SeRemoteShutdownPrivilege	5544	WMIC.exe
Token: SeUndockPrivilege	5544	WMIC.exe
Token: SeManageVolumePrivilege	5544	WMIC.exe
Token: 33	5544	WMIC.exe
Token: 34	5544	WMIC.exe
Token: 35	5544	WMIC.exe
Token: 36	5544	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5544	WMIC.exe
Token: SeSecurityPrivilege	5544	WMIC.exe
Token: SeTakeOwnershipPrivilege	5544	WMIC.exe
Token: SeLoadDriverPrivilege	5544	WMIC.exe
Token: SeSystemProfilePrivilege	5544	WMIC.exe
Token: SeSystemtimePrivilege	5544	WMIC.exe
Token: SeProfSingleProcessPrivilege	5544	WMIC.exe
Token: SeIncBasePriorityPrivilege	5544	WMIC.exe
Token: SeCreatePagefilePrivilege	5544	WMIC.exe
Token: SeBackupPrivilege	5544	WMIC.exe
Token: SeRestorePrivilege	5544	WMIC.exe
Token: SeShutdownPrivilege	5544	WMIC.exe
Token: SeDebugPrivilege	5544	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5544	WMIC.exe
Token: SeRemoteShutdownPrivilege	5544	WMIC.exe
Token: SeUndockPrivilege	5544	WMIC.exe
Token: SeManageVolumePrivilege	5544	WMIC.exe
Token: 33	5544	WMIC.exe
Token: 34	5544	WMIC.exe
Token: 35	5544	WMIC.exe
Token: 36	5544	WMIC.exe
Token: SeDebugPrivilege	6128	dat.txt
Token: SeIncreaseQuotaPrivilege	4500	WMIC.exe
Token: SeSecurityPrivilege	4500	WMIC.exe
Token: SeTakeOwnershipPrivilege	4500	WMIC.exe
Token: SeLoadDriverPrivilege	4500	WMIC.exe
Token: SeSystemProfilePrivilege	4500	WMIC.exe
Token: SeSystemtimePrivilege	4500	WMIC.exe
Token: SeProfSingleProcessPrivilege	4500	WMIC.exe
Token: SeIncBasePriorityPrivilege	4500	WMIC.exe
Token: SeCreatePagefilePrivilege	4500	WMIC.exe
Token: SeBackupPrivilege	4500	WMIC.exe
Token: SeRestorePrivilege	4500	WMIC.exe
Token: SeShutdownPrivilege	4500	WMIC.exe
Token: SeDebugPrivilege	4500	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4500	WMIC.exe
Token: SeRemoteShutdownPrivilege	4500	WMIC.exe
Token: SeUndockPrivilege	4500	WMIC.exe
Token: SeManageVolumePrivilege	4500	WMIC.exe
Token: 33	4500	WMIC.exe
Token: 34	4500	WMIC.exe
Token: 35	4500	WMIC.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe
4176	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
3896	firefox.exe
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE
5400	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2708	1464	Phoenix-Nuker.exe	81
PID 1464 wrote to memory of 2708	1464	Phoenix-Nuker.exe	81
PID 2708 wrote to memory of 2208	2708	Phoenix-Nuker.exe	83
PID 2708 wrote to memory of 2208	2708	Phoenix-Nuker.exe	83
PID 2708 wrote to memory of 5248	2708	Phoenix-Nuker.exe	85
PID 2708 wrote to memory of 5248	2708	Phoenix-Nuker.exe	85
PID 5248 wrote to memory of 5544	5248	cmd.exe	87
PID 5248 wrote to memory of 5544	5248	cmd.exe	87
PID 2708 wrote to memory of 2716	2708	Phoenix-Nuker.exe	89
PID 2708 wrote to memory of 2716	2708	Phoenix-Nuker.exe	89
PID 2716 wrote to memory of 2488	2716	cmd.exe	91
PID 2716 wrote to memory of 2488	2716	cmd.exe	91
PID 2708 wrote to memory of 792	2708	Phoenix-Nuker.exe	92
PID 2708 wrote to memory of 792	2708	Phoenix-Nuker.exe	92
PID 792 wrote to memory of 3868	792	cmd.exe	94
PID 792 wrote to memory of 3868	792	cmd.exe	94
PID 1356 wrote to memory of 3684	1356	cmd.exe	97
PID 1356 wrote to memory of 3684	1356	cmd.exe	97
PID 3684 wrote to memory of 6128	3684	dat.txt	98
PID 3684 wrote to memory of 6128	3684	dat.txt	98
PID 6128 wrote to memory of 4656	6128	dat.txt	99
PID 6128 wrote to memory of 4656	6128	dat.txt	99
PID 2708 wrote to memory of 764	2708	Phoenix-Nuker.exe	101
PID 2708 wrote to memory of 764	2708	Phoenix-Nuker.exe	101
PID 764 wrote to memory of 4500	764	cmd.exe	103
PID 764 wrote to memory of 4500	764	cmd.exe	103
PID 6128 wrote to memory of 1988	6128	dat.txt	104
PID 6128 wrote to memory of 1988	6128	dat.txt	104
PID 1988 wrote to memory of 6036	1988	cmd.exe	106
PID 1988 wrote to memory of 6036	1988	cmd.exe	106
PID 2708 wrote to memory of 4524	2708	Phoenix-Nuker.exe	107
PID 2708 wrote to memory of 4524	2708	Phoenix-Nuker.exe	107
PID 4524 wrote to memory of 5048	4524	cmd.exe	109
PID 4524 wrote to memory of 5048	4524	cmd.exe	109
PID 2708 wrote to memory of 3128	2708	Phoenix-Nuker.exe	110
PID 2708 wrote to memory of 3128	2708	Phoenix-Nuker.exe	110
PID 3128 wrote to memory of 5044	3128	cmd.exe	112
PID 3128 wrote to memory of 5044	3128	cmd.exe	112
PID 6128 wrote to memory of 3892	6128	dat.txt	113
PID 6128 wrote to memory of 3892	6128	dat.txt	113
PID 3892 wrote to memory of 4792	3892	cmd.exe	115
PID 3892 wrote to memory of 4792	3892	cmd.exe	115
PID 6128 wrote to memory of 1288	6128	dat.txt	117
PID 6128 wrote to memory of 1288	6128	dat.txt	117
PID 1288 wrote to memory of 5268	1288	cmd.exe	119
PID 1288 wrote to memory of 5268	1288	cmd.exe	119
PID 6128 wrote to memory of 2460	6128	dat.txt	120
PID 6128 wrote to memory of 2460	6128	dat.txt	120
PID 2460 wrote to memory of 5492	2460	cmd.exe	122
PID 2460 wrote to memory of 5492	2460	cmd.exe	122
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 4980 wrote to memory of 3896	4980	firefox.exe	127
PID 3896 wrote to memory of 2216	3896	firefox.exe	128
PID 3896 wrote to memory of 2216	3896	firefox.exe	128
PID 3896 wrote to memory of 2216	3896	firefox.exe	128

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Phoenix-Nuker\Phoenix-Nuker.exe
"C:\Users\Admin\AppData\Local\Temp\Phoenix-Nuker\Phoenix-Nuker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Users\Admin\AppData\Local\Temp\Phoenix-Nuker\Phoenix-Nuker.exe
  "C:\Users\Admin\AppData\Local\Temp\Phoenix-Nuker\Phoenix-Nuker.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5248
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Windows\system32\reg.exe
      reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /f
      4⤵
      Modifies registry key
      PID:2488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\Admin\AppData\Roaming\empyrean\run.bat /f"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:792
  - - C:\Windows\system32\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v empyrean /t REG_SZ /d C:\Users\Admin\AppData\Roaming\empyrean\run.bat /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:3868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:764
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4524
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3128
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      PID:5044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\empyrean\run.bat
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Users\Admin\AppData\Roaming\empyrean\dat.txt
  C:\Users\Admin\AppData\Roaming\empyrean\dat.txt
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Users\Admin\AppData\Roaming\empyrean\dat.txt
    C:\Users\Admin\AppData\Roaming\empyrean\dat.txt
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:6128
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1988
    - - C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        5⤵
        
        PID:6036
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3892
    - - C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        5⤵
        
        PID:4792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1288
    - - C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        5⤵
        
        PID:5268
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2460
    - - C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        5⤵
        
        PID:5492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1972 -prefsLen 27097 -prefMapHandle 1976 -prefMapSize 270279 -ipcHandle 2068 -initialChannelId {cb1a840d-c487-4979-88cf-8c8aed071e6f} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:2216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2336 -prefsLen 27133 -prefMapHandle 2316 -prefMapSize 270279 -ipcHandle 2416 -initialChannelId {2c099f4f-99cb-43cd-a362-5967330db601} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:5324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3904 -prefsLen 27274 -prefMapHandle 3908 -prefMapSize 270279 -jsInitHandle 3912 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3920 -initialChannelId {1b8ab943-d1dc-42e5-a8dd-57a6bacbb011} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:2184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4088 -prefsLen 27274 -prefMapHandle 4092 -prefMapSize 270279 -ipcHandle 4164 -initialChannelId {8e897bda-b68c-4d1a-8cb0-3604e6a4f3ab} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3268 -prefsLen 34773 -prefMapHandle 2728 -prefMapSize 270279 -jsInitHandle 2956 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1676 -initialChannelId {27d5c628-e515-49d5-9220-8829145eefe0} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5044 -prefsLen 34903 -prefMapHandle 5048 -prefMapSize 270279 -ipcHandle 5056 -initialChannelId {7fb21791-52b1-4c62-9dca-57465491c26e} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4640 -prefsLen 32952 -prefMapHandle 4612 -prefMapSize 270279 -jsInitHandle 2796 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4608 -initialChannelId {1cea5fdf-9608-4953-ab9f-7835278690e7} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:3060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5704 -prefsLen 32952 -prefMapHandle 5708 -prefMapSize 270279 -jsInitHandle 5712 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5720 -initialChannelId {49816456-1537-4903-9984-5453890716b9} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5892 -prefsLen 32952 -prefMapHandle 5896 -prefMapSize 270279 -jsInitHandle 5900 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5908 -initialChannelId {39c1ced1-e3cf-43f3-81a5-79fef8c9480c} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:5956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6208 -prefsLen 33071 -prefMapHandle 6204 -prefMapSize 270279 -jsInitHandle 3104 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6348 -initialChannelId {2432f373-e7be-4e2e-9d07-edc94bb37914} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6820 -prefsLen 33071 -prefMapHandle 6568 -prefMapSize 270279 -jsInitHandle 5408 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6572 -initialChannelId {6763addd-023d-4dde-8363-2aa36a527dad} -parentPid 3896 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3896" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:5844

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\SetConvertTo.csv"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96ba4dcf8,0x7ff96ba4dd04,0x7ff96ba4dd10
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1480,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2100 /prefetch:11
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2056,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2324 /prefetch:13
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3244,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4204,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4232 /prefetch:9
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4748,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5292,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5164 /prefetch:14
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5368,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5352 /prefetch:14
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5164,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5644 /prefetch:14
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5668,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5680 /prefetch:14
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5664,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5792 /prefetch:14
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5644,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5488 /prefetch:14
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6008,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3652,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4528,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5660 /prefetch:14
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3384,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5996 /prefetch:14
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5972,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5896 /prefetch:14
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5876,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5960 /prefetch:14
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5920,i,4162868676368655986,7542972558280256811,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5760 /prefetch:14
  2⤵
  - NTFS ADS
  PID:2756

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6072

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4384

C:\Users\Admin\Desktop\Phoenix-discord-nuker-main\Phoenix.exe
"C:\Users\Admin\Desktop\Phoenix-discord-nuker-main\Phoenix.exe"
1⤵
PID:3716

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Phoenix-discord-nuker-main\token.txt
1⤵
PID:2240

C:\Users\Admin\Desktop\Phoenix-discord-nuker-main\Phoenix.exe
"C:\Users\Admin\Desktop\Phoenix-discord-nuker-main\Phoenix.exe"
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\402f5a21-fd1d-44af-bdfe-63e07f8e8e7b.tmp

Filesize
11KB

MD5
418f755a83b77989a18379b3919a1b8c

SHA1
cfe78f72f7863857ef11a9baeca38806a2f132f4

SHA256
ab03a2d5a197577be86b1f8966fced8cba67c4f6d02c5b6cfad89bf474bf5d35

SHA512
98c035f8e741aa1a4eaf51e61d75abb4f98a4384afab36b30397086d57df6cdc8a1a62286d19e4db95ed5074e900ea7120001ea84bb6dd11b829820f5334be2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
471709f961520841a8da9a7a87d9d794

SHA1
8a4f8f759296024f316238aeeed365d7f743924f

SHA256
b0ad43f0045a5a54370fd2f0112956138aed41be57635b11387adde134ab152d

SHA512
9a71ac715ae47f8d642b4195cde81babd392d5f35c9ec37fe241438f31e40b9638dcaf7aedd3db118ae03ee8d6a3e3db1384de4b81333b206d5a06a79339d401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
38KB

MD5
b8103746b4757c6332fe545f11de8f70

SHA1
588965d6333eb015af39c7f44ce71dfac67fb0f7

SHA256
4177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd

SHA512
c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
36KB

MD5
2661bff6dabf18be9bcd62fc612912d2

SHA1
6e90a28a20d59b0383f87355b39f05254bfaff20

SHA256
d8be88da29a93137d4e69bdb3b486f9b48ffd789a4e54bc0200acd8decb1a6ae

SHA512
f210e2c8e29ec830fd6d46e60bf714abc224c5d1465a75395060fa6cecdf4d9b627c1208c40ef4c39e52cc1697c38f22c8f1882b30b3daf7eb4602dfe06efc69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
21KB

MD5
6bf0a11d94eea9f5dbb2e3878d26a2e2

SHA1
591206d03341c1083843a43d6774f66b6b9f171e

SHA256
ed3e1c41b0dfcfa1f28020accd8442e28df7ad1ce6f497eb0d070e2b89e16892

SHA512
00c277d60f835895069005f594e93ade91b2152c7a6f6f9f3b15916a3bf7a10f15f60b8f0f212930aee7fb86888625cce14f0bd4d8801fa3591423afa2103d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
21KB

MD5
ec0963f084571ccba8609e51d71bf6ec

SHA1
b4a93e1b2e235488747b17c212ae14e5551c2db9

SHA256
39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3

SHA512
88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
27KB

MD5
fa2d7364a6cdbe8144bfc6add239bfe7

SHA1
2b37b884e7235429a2b4d675cf1d4975f9081d4c

SHA256
3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5

SHA512
5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
16KB

MD5
db2656b672846f689c00438d029d58b6

SHA1
43b8d5085f31085a3a1e0c9d703861831dd507ce

SHA256
aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763

SHA512
4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
59KB

MD5
69c3c3700ea2f100c905f838cbad43cb

SHA1
db70a0d95ec6c9ccbe15d65926204bd4b740cbe7

SHA256
6bda69e12c05bbdf9a0e765b6c440751405e545526d28021c36b0cc44a0d18d0

SHA512
1a961604fc64dc694a6ae92091eddc6e70d4c44fe441e31d073c5a3a2d02f67721ffe0fe6cabbb01999fb14a4a6fa360e55ec03cd39cc7754dbe618be059e5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
45KB

MD5
be446adf51e1e2ec8565855652e2aa12

SHA1
6107bee1993c6bd9fe14de6f011659d0cc2f7429

SHA256
f6b290ca330613ecb353e80b63c8aa8e2c3394c56e1fe14649339597d1d08a06

SHA512
b433ffc883c97526611f2be567ea56058b5476d9b940bb359f5533f1d046e25465a75ab3c24e5d85bfe2076d5f69d6aa6e7a6e1a2dece45e390c2c70f129bfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
109KB

MD5
c1ee23d7fed88171020d29143a2b229f

SHA1
04fdd36f5e374b0392321a99d9fc2d692d168fa3

SHA256
3a5020be3f22468a80da6beeb67478a7c51ebdb60a088640434117a33fc84004

SHA512
6ffd3d66cd3115a21c7fdbcdb8225c4acf65b00d20fb6869a56b3f04408127c28f1abd8218c3d5fbf9605222e5aaaf0a916489d71f91865b24453a4a2f7f6cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
88KB

MD5
2dfda5e914fd68531522fb7f4a9332a6

SHA1
48a850d0e9a3822a980155595e5aa548246d0776

SHA256
6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c

SHA512
d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
16KB

MD5
dc491f2e34e1eb5974c0781d49b8cbaf

SHA1
b73ca9b5f9c627d49da4ecbc3455192e4b305a3f

SHA256
f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8

SHA512
5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aaae94d9903410e24513b0fe303547d7

SHA1
77b0b1ba06a27b67ba77d102a44d77dea8827b27

SHA256
9d33dcf1e6b3c72410e2e11d5649d28a1e1c351cbab384775af35e1519200368

SHA512
3451db6c4985ab9bd634aa50fe579bcabae72483658de2617bbce3b16f5785954af4d183b42bf8936f2559ed53fc669edc11f01acc534b4d77a860bcb53b71cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
06ecba133b4cf95ecf5ef1a98722f617

SHA1
84e96cc8798b211ad08579a8b18689f3ba7d55e3

SHA256
2c49313feca7f5d7d8adcfa8c750e20a2920ea6ff59da9560aced6c736cc8d2c

SHA512
99e10c8509a081c9ca37c276b012b73b55272da181b20243177c0d3e23c927ec9f092769a3168c5fc5faaa336a35525ddafc201c52386d8ddc45a38fad635278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37670a6bb1a53142e1742c38116b3c40

SHA1
4045fd365a7a8dafc926272520b3648b64f490d9

SHA256
c57acb9c8dd4c775d18def2927ad1248be39fa8bb20d71998fd937a8542cc5cf

SHA512
b479163a98bd29139257967415359d4abf68bef3744e3950e6d3b0912c9e49edf633b5e29f4b34e3f53a3d6597d5befd617499a27d03d56ae23ed62cd307eebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
740488f74ccb805f4844a14d6f32baa3

SHA1
9b5cf855275c5378df4ed2af485916c9c58f3979

SHA256
b39ebbb83e92f6bb44db9e091fe5bd930c8e4baf1aac1f0dd83c618ff38af9ee

SHA512
eab93eb3a0e971136ad6060ed2aeb23eb0f15d014adc873f1cf8d6b9103b325ff3f73a8ff549f61b3ce25c2758751d8337b4990a0080fb799169e6664e043bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
ea79a66c33cecdc2f9f32fd54b5f5509

SHA1
2479f577cb4d4e97037baa028b8a80aac9362c18

SHA256
39d2033bcb2664eab3794c3919fb3b6fe87634228f03c02d9b4e6a8b5b08f667

SHA512
14dd2193bf8963c325f770aa288eb600aa225603af377b00e6a8117d5dfcb70a43e539bd48c50ff7460067867804b892ab1c696b4a8baf11c545c1ad53f20985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cceb693f55e0eda830ac951bd937b1ce

SHA1
036509165d1d99d1414d0e6be2e4d20378cbac5c

SHA256
9d2b9a0cfd9f1dc61872759842122fab9b8b20c0bcf3405737ce225d0eb56df0

SHA512
349d7087fc9071c612b70206d00c619134e8221126c4557ad31b4ba65ab04a82f361641a8c28b585e17ef5d059edaf0108957a54853d683f875c2eb68047f7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fab7.TMP

Filesize
48B

MD5
51a62cbf6523c074dfd6f80f30c8f4dc

SHA1
bfd1380a3f36db4c4fe86c8584e26dae2101367a

SHA256
3cd020f092fcf6b691b6174181e2989f92b9fafc0d6e479c973c628886eece90

SHA512
99d5d46dbdd34645d02315eee68f1dc3bbd05389d3364499113e234c2bf1dfc1bcbb2f0aad73ea7c557d6a44527b3eb82df54f9cfe7248271b0bf5be9a07916c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
b34df89d348ceb7498fc53c980ce17ae

SHA1
a84ae15e9371eaa6f0007d90c044333c4254eeca

SHA256
10ade721be99bdb066d152f49b2ec47e37db49924c0908e38a5fbe745e2ff633

SHA512
e614bff684e7ac551835e2d366241d35b21bdf65fab745837a37a7d66b16bf119258bce23b74c6594123f4773b88d91abda5d2d2c6b5ab57c5781bc230f41236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
9af2a091f40337e06ee5b6b81ffe3a5f

SHA1
0b3e84abf036432f4eb206f05e726b574816391b

SHA256
8b5a1e94abfe960f83d2a511bec05b26e7528cf516cfcb7d4780f74b580df24a

SHA512
9358ef4dd2a194049e4e688892cf1380d95ee5586e9663a2009e69ffb3695591a7f29f43012e8e865d1fd89ba87d3618045952de1d7354ec16d9a6b73d6f794f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
d4b52a3b3a259e0b061d8a89a7a1d7f6

SHA1
5798bcbed9f3a8b5d9aec11778197bea46f86d14

SHA256
94a3863f21a8e30a94e8258de1266f3ffebec51c15e0b6c55d2c29d1e68a7900

SHA512
d24888b071fe7d2c268f5b9f15f86c7f7dd0643cb82e91fc9ad4e7701f7b30a6e82d795dcfae7879e1b4525b13a7885e6bcaf82e74f376dc78b587dced781096

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\epe2yyab.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
68abb7477296cf1bbd19aa222d73c3de

SHA1
a49d33a5d06ca265a13ade2ed4ba65ea17c8f669

SHA256
24942c06508f231e61a04866e58a26e5276be3a9c05da87c9d5dc3456558d466

SHA512
1e14a7049cd237e83f0de8e1e8116178c5346b93966a95d1f2ff4f260fa48c112393f9207a8130103f3ba1d9a1c6f19fc0502c966cb64c54dbbec86d24ea98aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\epe2yyab.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
e64d961862ce01d0761264f5c1b2d20d

SHA1
95be5a50e6c1dad891cae37e29a69fc2fa8373e3

SHA256
6823a96f05c855dd1456ed7155aef59dbcc87d6be855ddd8875369e46c28f8fd

SHA512
0ad3e58c23e789847e18fb91a1618ef29157a4e054c5afea44f9c81e74b88557d4b3316e607a7d98074907e9a145cd002ac415c9763b1747cd492db0d703e50d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\epe2yyab.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
8a0ced3cda25f1be3d2912eca6708687

SHA1
a7ba915ad3c914b31f9fae5981baaf64d35fbea6

SHA256
37b80ce9c451b405787f037525cd1d1ccb202fa9010f564a5be27e4b8449a2d2

SHA512
6d1882645332686aa2879ab8cdf1eb9b9d4f6798bc17cd75fb128287f62dd16426ef8c36f4d7baba8bbdccd65bdd837a95a0e45cdddda97397beb9e354b1dcdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Phoenix-Nuker\cookie_db

Filesize
20KB

MD5
a156bfab7f06800d5287d4616d6f8733

SHA1
8f365ec4db582dc519774dcbbfcc8001dd37b512

SHA256
e87b3d155c7582d4c1d889308b58f84e8fe90a1581014b21b785d6694bd156cc

SHA512
6c8eeab3ae6fb0d5be7758cca521665b216f31aed1aeeeaf121c99dc9f0192b385de0da36e94f90dd4a9bbbac6be2c5a55d2f284a24ccb7dec2c5302fb9b027c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Phoenix-Nuker\downloads_db

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Phoenix-Nuker\downloads_db

Filesize
192KB

MD5
aa612926a6c749eee1e20a64635fb314

SHA1
4f73afd7bd9ee27b5b47e3d0f57d68be72d0b8ca

SHA256
4081842818373ee2042332ed66211e9d0c888926dc1aef485256041cfba0fd23

SHA512
158e802cf59d7864fcb9d2a25f17fbfa677a973ad7e966707c0b0bb660da2a4f48d48c832b609d0ce333e264447d3237d0dee55e53fde204c26475cbb4b9b440

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\Crypto\Cipher\_raw_cbc.pyd

Filesize
10KB

MD5
fe44f698198190de574dc193a0e1b967

SHA1
5bad88c7cc50e61487ec47734877b31f201c5668

SHA256
32fa416a29802eb0017a2c7360bf942edb132d4671168de26bd4c3e94d8de919

SHA512
c841885dd7696f337635ef759e3f61ee7f4286b622a9fb8b695988d93219089e997b944321ca49ca3bd19d41440ee7c8e1d735bd3558052f67f762bf4d1f5fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\Crypto\Cipher\_raw_cfb.pyd

Filesize
10KB

MD5
ff64fd41b794e0ef76a9eeae1835863c

SHA1
bf14e9d12b8187ca4cc9528d7331f126c3f5ca1e

SHA256
5d2d1a5f79b44f36ac87d9c6d886404d9be35d1667c4b2eb8aab59fb77bf8bac

SHA512
03673f94525b63644a7da45c652267077753f29888fb8966da5b2b560578f961fdc67696b69a49d9577a8033ffcc7b4a6b98c051b4f53380227c392761562734

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\Crypto\Cipher\_raw_ecb.pyd

Filesize
9KB

MD5
f94726f6b584647142ea6d5818b0349d

SHA1
4aa9931c0ff214bf520c5e82d8e73ceeb08af27c

SHA256
b98297fd093e8af7fca2628c23a9916e767540c3c6fa8894394b5b97ffec3174

SHA512
2b40a9b39f5d09eb8d7ddad849c8a08ab2e73574ee0d5db132fe8c8c3772e60298e0545516c9c26ee0b257ebda59cfe1f56ef6c4357ef5be9017c4db4770d238

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\Crypto\Cipher\_raw_ofb.pyd

Filesize
10KB

MD5
eea83b9021675c8ca837dfe78b5a3a58

SHA1
3660833ff743781e451342bb623fa59229ae614d

SHA256
45a4e35231e504b0d50a5fd5968ab6960cb27d197f86689477701d79d8b95b3b

SHA512
fcdccea603737364dbdbbcd5763fd85aeb0c175e6790128c93360af43e2587d0fd173bee4843c681f43fb63d57fcaef1a58be683625c905416e0c58af5bf1d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\VCRUNTIME140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_bz2.pyd

Filesize
47KB

MD5
758fff1d194a7ac7a1e3d98bcf143a44

SHA1
de1c61a8e1fb90666340f8b0a34e4d8bfc56da07

SHA256
f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708

SHA512
468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_ctypes.pyd

Filesize
56KB

MD5
6ca9a99c75a0b7b6a22681aa8e5ad77b

SHA1
dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8

SHA256
d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8

SHA512
b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_decimal.pyd

Filesize
103KB

MD5
eb45ea265a48348ce0ac4124cb72df22

SHA1
ecdc1d76a205f482d1ed9c25445fa6d8f73a1422

SHA256
3881f00dbc4aadf9e87b44c316d93425a8f6ba73d72790987226238defbc7279

SHA512
f7367bf2a2d221a7508d767ad754b61b2b02cdd7ae36ae25b306f3443d4800d50404ac7e503f589450ed023ff79a2fb1de89a30a49aa1dd32746c3e041494013

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_hashlib.pyd

Filesize
33KB

MD5
0d723bc34592d5bb2b32cf259858d80e

SHA1
eacfabd037ba5890885656f2485c2d7226a19d17

SHA256
f2b927aaa856d23f628b01380d5a19bfe9233db39c9078c0e0585d376948c13f

SHA512
3e79455554d527d380adca39ac10dbf3914ca4980d8ee009b7daf30aeb4e9359d9d890403da9cc2b69327c695c57374c390fa780a8fd6148bbea3136138ead33

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_lzma.pyd

Filesize
84KB

MD5
abceeceaeff3798b5b0de412af610f58

SHA1
c3c94c120b5bed8bccf8104d933e96ac6e42ca90

SHA256
216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e

SHA512
3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_queue.pyd

Filesize
24KB

MD5
0d267bb65918b55839a9400b0fb11aa2

SHA1
54e66a14bea8ae551ab6f8f48d81560b2add1afc

SHA256
13ee41980b7d0fb9ce07f8e41ee6a309e69a30bbf5b801942f41cbc357d59e9c

SHA512
c2375f46a98e44f54e2dd0a5cc5f016098500090bb78de520dc5e05aef8e6f11405d8f6964850a03060caed3628d0a6303091cba1f28a0aa9b3b814217d71e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_socket.pyd

Filesize
41KB

MD5
afd296823375e106c4b1ac8b39927f8b

SHA1
b05d811e5a5921d5b5cc90b9e4763fd63783587b

SHA256
e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007

SHA512
95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_sqlite3.pyd

Filesize
48KB

MD5
7b45afc909647c373749ef946c67d7cf

SHA1
81f813c1d8c4b6497c01615dcb6aa40b92a7bd20

SHA256
a5f39bfd2b43799922e303a3490164c882f6e630777a3a0998e89235dc513b5e

SHA512
fe67e58f30a2c95d7d42a102ed818f4d57baa524c5c2d781c933de201028c75084c3e836ff4237e066f3c7dd6a5492933c3da3fee76eb2c50a6915996ef6d7fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_ssl.pyd

Filesize
60KB

MD5
1e643c629f993a63045b0ff70d6cf7c6

SHA1
9af2d22226e57dc16c199cad002e3beb6a0a0058

SHA256
4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a

SHA512
9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_uuid.pyd

Filesize
21KB

MD5
81dfa68ca3cb20ced73316dbc78423f6

SHA1
8841cf22938aa6ee373ff770716bb9c6d9bc3e26

SHA256
d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190

SHA512
e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\base_library.zip

Filesize
812KB

MD5
fbd6be906ac7cd45f1d98f5cb05f8275

SHA1
5d563877a549f493da805b4d049641604a6a0408

SHA256
ae35709e6b8538827e3999e61a0345680c5167962296ac7bef62d6b813227fb0

SHA512
1547b02875f3e547c4f5e15c964719c93d7088c7f4fd044f6561bebd29658a54ef044211f9d5cfb4570ca49ed0f17b08011d27fe85914e8c3ea12024c8071e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
9KB

MD5
829ea7fb7e280367963563ee4efb28fd

SHA1
53ade9ccff9de382ab324329f5578e53f166f40a

SHA256
95e827b6f549d268b7076184f6f7cd881114094d11e808c2be9bdbe8e045d4d7

SHA512
f3acca8020cc5a7d30cf9042acada2f1ccbf4f0b3e047033948214289b6fe6e7b298ddfa93b05fe4235223727a82c819b2762b4c488722d6ee9b791b6cb29385

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
38KB

MD5
d65d9855d496a5af3e4b9d5495ca7038

SHA1
e99c15aac61d339b52be19816487ecc8758e3f27

SHA256
22792b8e666e880445a0c2cc9bc014bc42d064573c731ff6e829dcd1b477a39b

SHA512
f8812f4e95e880b8683957ce0a5cd00e56d2b7847c17abff2f2d7b5efb5acedcb68845dcacfc85c4b2207d18c58289338394d443c891d150161fb98157f51418

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\libcrypto-1_1.dll

Filesize
1.1MB

MD5
da5fe6e5cfc41381025994f261df7148

SHA1
13998e241464952d2d34eb6e8ecfcd2eb1f19a64

SHA256
de045c36ae437a5b40fc90a8a7cc037facd5b7e307cfcf9a9087c5f1a6a2cf18

SHA512
a0d7ebf83204065236439d495eb3c97be093c41daac2e6cfbbb1aa8ffeac049402a3dea7139b1770d2e1a45e08623a56a94d64c8f0c5be74c5bae039a2bc6ca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\libssl-1_1.dll

Filesize
203KB

MD5
48d792202922fffe8ea12798f03d94de

SHA1
f8818be47becb8ccf2907399f62019c3be0efeb5

SHA256
8221a76831a103b2b2ae01c3702d0bba4f82f2afd4390a3727056e60b28650cc

SHA512
69f3a8b556dd517ae89084623f499ef89bd0f97031e3006677ceed330ed13fcc56bf3cde5c9ed0fc6c440487d13899ffda775e6a967966294cadfd70069b2833

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\psutil\_psutil_windows.pyd

Filesize
34KB

MD5
fb17b2f2f09725c3ffca6345acd7f0a8

SHA1
b8d747cc0cb9f7646181536d9451d91d83b9fc61

SHA256
9c7d401418db14353db85b54ff8c7773ee5d17cbf9a20085fde4af652bd24fc4

SHA512
b4acb60045da8639779b6bb01175b13344c3705c92ea55f9c2942f06c89e5f43cedae8c691836d63183cacf2d0a98aa3bcb0354528f1707956b252206991bf63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\pyexpat.pyd

Filesize
86KB

MD5
5a328b011fa748939264318a433297e2

SHA1
d46dd2be7c452e5b6525e88a2d29179f4c07de65

SHA256
e8a81b47029e8500e0f4e04ccf81f8bdf23a599a2b5cd627095678cdf2fabc14

SHA512
06fa8262378634a42f5ab8c1e5f6716202544c8b304de327a08aa20c8f888114746f69b725ed3088d975d09094df7c3a37338a93983b957723aa2b7fda597f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\python3.DLL

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\pythoncom310.dll

Filesize
193KB

MD5
9051abae01a41ea13febdea7d93470c0

SHA1
b06bd4cd4fd453eb827a108e137320d5dc3a002f

SHA256
f12c8141d4795719035c89ff459823ed6174564136020739c106f08a6257b399

SHA512
58d8277ec4101ad468dd8c4b4a9353ab684ecc391e5f9db37de44d5c3316c17d4c7a5ffd547ce9b9a08c56e3dd6d3c87428eae12144dfb72fc448b0f2cfc47da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\pywintypes310.dll

Filesize
62KB

MD5
6f2aa8fa02f59671f99083f9cef12cda

SHA1
9fd0716bcde6ac01cd916be28aa4297c5d4791cd

SHA256
1a15d98d4f9622fa81b60876a5f359707a88fbbbae3ae4e0c799192c378ef8c6

SHA512
f5d5112e63307068cdb1d0670fe24b65a9f4942a39416f537bdbc17dedfd99963861bf0f4e94299cdce874816f27b3d86c4bebb889c3162c666d5ee92229c211

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\select.pyd

Filesize
24KB

MD5
72009cde5945de0673a11efb521c8ccd

SHA1
bddb47ac13c6302a871a53ba303001837939f837

SHA256
5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca

SHA512
d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\sqlite3.dll

Filesize
608KB

MD5
b70d218798c0fec39de1199c796ebce8

SHA1
73b9f8389706790a0fec3c7662c997d0a238a4a0

SHA256
4830e8d4ae005a73834371fe7bb5b91ca8a4c4c3a4b9a838939f18920f10faff

SHA512
2ede15cc8a229bfc599980ce7180a7a3c37c0264415470801cf098ef4dac7bcf857821f647614490c1b0865882619a24e3ac0848b5aea1796fad054c0dd6f718

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\unicodedata.pyd

Filesize
287KB

MD5
ca3baebf8725c7d785710f1dfbb2736d

SHA1
8f9aec2732a252888f3873967d8cc0139ff7f4e5

SHA256
f2d03a39556491d1ace63447b067b38055f32f5f1523c01249ba18052c599b4c

SHA512
5c2397e4dcb361a154cd3887c229bcf7ef980acbb4b851a16294d5df6245b2615cc4b42f6a95cf1d3c49b735c2f7025447247d887ccf4cd964f19f14e4533470

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14642\win32api.pyd

Filesize
48KB

MD5
561f419a2b44158646ee13cd9af44c60

SHA1
93212788de48e0a91e603d74f071a7c8f42fe39b

SHA256
631465da2a1dad0cb11cd86b14b4a0e4c7708d5b1e8d6f40ae9e794520c3aaf7

SHA512
d76ab089f6dc1beffd5247e81d267f826706e60604a157676e6cbc3b3447f5bcee66a84bf35c21696c020362fadd814c3e0945942cdc5e0dfe44c0bca169945c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36842\altgraph-0.17.3.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4176_862547222\5157ad52-a258-4aea-804a-82490aa9f46e.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
380B

MD5
d08ea8d42c72f2e671b5faf7075e8801

SHA1
b91047ca16e77f3beda241f9754d6b38f858f942

SHA256
c75fce86683d1b128877fc6222928efab5766a4d3db2bc161a058dcfb3e6e38a

SHA512
193ead4565a8453acddd9f3e6e58acef6fe16b3e3760bf361ad3060f19f2ad0a654351cff9362bcb2bb37b10a5fcd3bc553c9bc8df07027b27eebf947f9d609e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\AlternateServices.bin

Filesize
6KB

MD5
3f20f0b957ca17804c052257541cc69b

SHA1
280a0956f372228af633e4fa5bb59f3564879f6b

SHA256
7d3d4221132a304a0bca3c9aa8ecbfb196bcf950d8b75cbf6d19496583fa0965

SHA512
0b0b8b897b5ad2396a4a2dd859c89ad4e72600577ba6363380d0984e0292de181caa50556d696b0d865f81559de604765fe3bc5cde921d1313785d55dbf1a9bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
851d5de8d4e867bf00ec4b4a963a1388

SHA1
0cb4b97b08d5cfa94828026cfdcc1c8353bc3218

SHA256
73283f73ce693ff539b52486c803c7c5a05da1524f3c67c471cd19ed26403a62

SHA512
0053885c6a21b608161111a46feaa0eef190713d1a03f62600e7634f8f6722d6cfd7843c839e09651ac1351e68a1184eec11dd046f5ad9a8e4fdb07b2cdea7ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
5c7256b1fb6bb52eb6fe14c12c5350d4

SHA1
7c137f575098a3dd1e4498b6ca1a21a6bb709335

SHA256
6fe60d879c1f1f6801c69024a1d371dd32d5d98d56212fada252e18c9746c394

SHA512
da3a2d8a5bd687c721fcd46e8177623201058082be7d0a810aade351e6f4d706b6de17dcc19f6f4cff9ad6784a4792060cccaca683a64dbc2f2270475f880da5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
92048c120a8852c1fb2574e48a88a9a9

SHA1
f58c1033bb78a9908291557a1317779490323e67

SHA256
b9657b1b226682aba42bd1534c66cdec5ec7e1838ea880abf4c23f526731dc0e

SHA512
ba0be87f4bc375dd98d12ab5819822352a9d693f56e16443ffc01fb0a507e36e7494d4631f7bb8ba0f21fbea732a1ed1b6042c5554a47033baf778eb62514019

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\events\events

Filesize
5KB

MD5
fd75b613457d462558203e6ca1a1fefb

SHA1
8efe0dc1f6179cc1214ea9b54b24930e4f765f20

SHA256
f32f065e2eb1e108f146da02c25a4a7fa5599fe3f2edfee8c8229288f7a920b1

SHA512
a3008b955f1da1f42f36ffe2519181ee56dbdc514f1f18ba93eefbc11695c76f928594107a44a16eb7b0cdd8869e633eece8266ec18c208e7759da321ac04141

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
0d74af2224693900345418296e0b7c53

SHA1
0ecac9c483269f931bf1172a3717a672d23c151e

SHA256
e710dda3ebde33dfd46da7802694718ce7e4f3177f4562f7749b9f78eda4d2e6

SHA512
b2126274b4c5391d281a0ecf4c56abecad2d0b065188cc379b69d5375fb94b7cc594c3c8a08aab5c821b208035d2d4b557c8a2b2fbc2b1d29b3d1bfc206f444c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\pending_pings\037b4ec3-f84d-4eb5-b5d0-2bdf80c0dde1

Filesize
883B

MD5
64d8c0522b46da31c8de1274431fdd9f

SHA1
4d6d95bfb4a1e3bcc5397b0e75e5f369d855ca0b

SHA256
ff5fae08e07052ce47260d249a7f1df7882234cf08431c999722f6f269e2761f

SHA512
27540d9fa714738af928aec6ab6e3af751e68ceea271927ef578d92ffe6284cbc4c04b97531a4b02765480389f206eaed38700a83eefee13481508fd711cd3b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\pending_pings\30d77d1d-e860-4430-aff9-b32fc19d4216

Filesize
16KB

MD5
b685850f378f63e4912dbb2186d0f5ed

SHA1
9362f8e43a0d68b914d7e44c37e891845d271478

SHA256
b136149bc254f16669c82d0ed63f1397f874e39b6bdfc7db4a12c0a2e7c43a0c

SHA512
9d9415c77b39768eb49b2c1b9440e749fa8771943bcbbf5e9e64afa2178dbcc9bab6c66874f74737b89b15b0a9adcacb469fcca88f36fe286354782e0bf56512

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\pending_pings\3b7ac65e-2eea-4174-b919-f640ded2f68f

Filesize
886B

MD5
d84034571fc61aa6bc2682098aa5dd14

SHA1
9782aad03f6cddd3b426fcf70ebe092d7b664d41

SHA256
46f8ffe4080b8a08af09b5e2aa983f0a656b2b05d753172d854a35c3c09e9ad7

SHA512
fe0a90345faa0ecb6ebd7fc0b1d999900e0b78022000f18ce72e8aeb41ba0acf9a363cfeb0a36a6e977130f72386eae120962f46dd9bd58e9929a8280a682e44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\pending_pings\3ea38974-15c0-468e-bee5-f9b10df66c1b

Filesize
2KB

MD5
3f87a3c105095c40e9493aa88814ad1e

SHA1
9120c9098171f0e548ab8fa25708f11ddca982bf

SHA256
93834634dfd6977d558843ecbd76dd604a996cc0a34f3a178dac2500584253b0

SHA512
08592bbebe6b06905a1fa8558c9e55c0a80292fcc31f7f44735c9f0c525ac0f3a78a3a853b4c288a9576b3465f3827d3c7278653c58eee77635b20bb77d89431

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\pending_pings\46a19d85-b9a8-4769-8aef-0ac07548ebf4

Filesize
235B

MD5
5d8e215c4920c37f632418eb2878ab40

SHA1
4cf20406491e689eb754f3a87219ac32dd8e2611

SHA256
79f61ed92bd4c3b011e2f4b340d64dde122ec81896e1e4cb5aa39f6188ebfcd2

SHA512
e5789074a0230f13c246c005341c6018a585fd459b9824d765d6d0c8ff87f8b4881b09437cd18481cb6c8fc2186df68a9d16e3975503c0847dba3f1b81dae292

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\datareporting\glean\pending_pings\f0d42f35-2d63-4267-9cfa-c15341d7c8e8

Filesize
235B

MD5
f0055475982920d1129f65fd1db2dd2f

SHA1
845a4c78ab437f7c2f6e6d5dd2f266ace22db6d5

SHA256
544ca143a9358e54ba2d7533f48ba8aae9746c42580bc45ca2ce794f37ecef66

SHA512
3bd2d1d2585fddce8c3916ed2f27885178b7e1fffd366bf09d5cc4d91b79bc1b3cbd5a4dc40724d46d1e4706afb71129f9015b3ae136c22515dd92fffba2ade0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\extensions.json

Filesize
16KB

MD5
892ca44194b967189d2f292fe9e805eb

SHA1
80876d2cc9ee7c6bb403833a5583c46161eeae40

SHA256
e5ca90e1edc40e248de8e3ff5ca58b0d1b3a7c093abe5899638958d0c8b42c0a

SHA512
58e70dab9ee4565645e96f3a33901c8f36975e957840c03baf21807ea6e28eaacbdbd8948438044cebd8bc8fa6aea859e98e48e588cf26d988b09cee17794915

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\prefs-1.js

Filesize
6KB

MD5
69f5d14adc73e499346c567859f7950f

SHA1
88f84a72d4aee092e9453ed8739028bfa241071b

SHA256
e8016c1d5ba87608cffabc61c7cce0449ff92698d9b842fccef3846f01e7479f

SHA512
6c22a2760d305d2b61fdc58d038ba664610e51f572b0e538766e6db686c7cf41b43d6c842049e76e02499bfa20474ebf3ff06274bf2c8dc5db8823f63d5a5308

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\prefs-1.js

Filesize
7KB

MD5
2f8073d947497c90f8e5eaf388a693ad

SHA1
b007e343c832a59ae906e224ae5dbbda4ef99706

SHA256
67647e37d1b7dfc607d5b6dd5a126a2b5f2cada5e78294b5e3619aefc814d451

SHA512
871081e7b98fa0294e60838706e0703f55d0ffbb772e77e471db0876f2034018f47846c4c8c3db93be916821256daed3fa2eec31c1e206fa427354258775fd52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\prefs.js

Filesize
6KB

MD5
8384c35e90c224c5394a898ef200cef2

SHA1
c64cb5e8c1a44869debd732370afc4df3f12b63e

SHA256
234b7738ec3991f9f038771c1f67ac1bbccbf16bc9ecc52eb2104546673619f2

SHA512
c55a005d6140b96ad53b5fb98159a01e560451d92ca7614f1d4a37e5c5eafd83e9babfb92619f88bd0fd149002cce1dd6e8c392efe51663ac389c654d2892cc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
f36a2d8f4d6eef672056d5a171974575

SHA1
f3a466b32fdf049c8cd3af0a7f94db10db1ad0ba

SHA256
115d98a1220f0a43ba04874d0a6f9d3faad6d98bf21dc61a759caa3f101df8f7

SHA512
0dfef8ed1e9031b6570443689d5fdf9f04995dfcd4cdc9c525d50c899d8d67fc9166e930d97558e93f384e431d893df13686287f354890a03a6fa3833b6c088f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\epe2yyab.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.4MB

MD5
b04e232cd4ffe55c7b3cd6011d8ad53d

SHA1
286925aa52e71f630a40b4342dbc700fc63c7d16

SHA256
d1a351e714386c034d9b3ff67fd556307d8939ca1514d88967e5d4099551093b

SHA512
dc54658a12a404677a8d3d64f195f13fc556eb2c832d02b7db16b74ca7aedb00e49a799c7e9ad136d1e5d6eed245e80cdf5f1cd67629539049b856895ad391bc

Download Submit
C:\Users\Admin\Downloads\Phoenix-discord-nuker-main.zip.crdownload

Filesize
8.3MB

MD5
920610a76e5a705280ed0da6935be97b

SHA1
569b4cf61c38211a02a567a55e168387358865bb

SHA256
52d1ceea2d18fd758cce941c133db8aaec187cc2b611ea30383ffe9b054fad63

SHA512
21d539faca2fa99e29a5dcd9f6307f434baf23a0b82e3e20790c5cc34a1cc092817df6ea88f1cc8fcc46b97a440e785aacc73313ae98a1b33541a87787628da6

Download Submit
C:\Windows\System32\cards_db

Filesize
130KB

MD5
14c45df526d92c15c9c2ba74144dfd43

SHA1
0319f6361d10e8c607be50686a6a32c11127c0d1

SHA256
7683b602582100fad23eb54c6c57f0be4fe833ce76bfaf64dce82ade601d24ea

SHA512
c496b4396e9406802601584d87264b2c7fea43ec154e91f17b9acc0acc122b63f8af3b4c66f300957fe29b508c7faf62583fee3b10b6f6c6453574d286838667

Download Submit
C:\Windows\System32\cards_db

Filesize
228KB

MD5
8ce704458e632d243a023357eec3702f

SHA1
b4857c6a1e277776b8a08c243917eeae5470aa56

SHA256
257947aba31142bab41ca56915c2ef843c2a156c527dee5d1a07e1224e380aed

SHA512
a96d4aded8fd5ce2cfeeaba2bc69a399006bc723e1aa0777989648b2fe8caa7b6d421744c2bcd52b633d0e2d41b951df2cbc91ac64054c7b8cb63f887b496449

Download Submit
C:\Windows\System32\cookie_db

Filesize
20KB

MD5
a683c604dcc4cdac7772390ec6ce5277

SHA1
fb9b9a3d8f2a208a9692ebb741169eb9be368cfe

SHA256
ed148f86668ea229bcbe9c780ddcd2a05297b2a99279b3b8c6a8918f2320ed5f

SHA512
cacd26f0a5e8080d9771e548bae20a45c1d5975f444fc2d159f5bc3ddf9fdb25ef7738d4ec394fe7cb543ef93922bc75e18803f90066a6d2270b902ce6aff0b9

Download Submit
C:\Windows\System32\login_db

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Windows\System32\login_db

Filesize
56KB

MD5
0e2c60740cafa19c5158f4aa41a5d4e7

SHA1
f01d0f359e407fed424c30919ed64b77508b3024

SHA256
ce41f2a3255df2099ae8eea9364bd28c6fd6a56c8ca3290bd274944d16d9e6bf

SHA512
e367b88f1d984f84b9b4a8fa4002ede1afad0d375f9374636250f17e64445a60d1b99fe23a0b314c4b2bd5fd27fe5b87fa4079a84b4497629f238afd8436afe2

Download Submit
memory/2708-126-0x00007FF96BED0000-0x00007FF96BEF4000-memory.dmp

Filesize
144KB

Download
memory/2708-543-0x00007FF96AE10000-0x00007FF96AE52000-memory.dmp

Filesize
264KB

Download
memory/2708-410-0x00007FF95A680000-0x00007FF95A695000-memory.dmp

Filesize
84KB

Download
memory/2708-225-0x00007FF960330000-0x00007FF96033C000-memory.dmp

Filesize
48KB

Download
memory/2708-128-0x00007FF975490000-0x00007FF97549F000-memory.dmp

Filesize
60KB

Download
memory/2708-132-0x00007FF971180000-0x00007FF971199000-memory.dmp

Filesize
100KB

Download
memory/2708-415-0x00007FF95A640000-0x00007FF95A65B000-memory.dmp

Filesize
108KB

Download
memory/2708-138-0x00007FF96BD40000-0x00007FF96BD6E000-memory.dmp

Filesize
184KB

Download
memory/2708-417-0x00007FF95A5D0000-0x00007FF95A5F9000-memory.dmp

Filesize
164KB

Download
memory/2708-135-0x00007FF975430000-0x00007FF97543D000-memory.dmp

Filesize
52KB

Download
memory/2708-421-0x00007FF958F90000-0x00007FF9591E2000-memory.dmp

Filesize
2.3MB

Download
memory/2708-143-0x00007FF9710C0000-0x00007FF9710D9000-memory.dmp

Filesize
100KB

Download
memory/2708-145-0x00007FF96BD10000-0x00007FF96BD3D000-memory.dmp

Filesize
180KB

Download
memory/2708-221-0x00007FF9603A0000-0x00007FF9603AC000-memory.dmp

Filesize
48KB

Download
memory/2708-150-0x00007FF96B550000-0x00007FF96B60C000-memory.dmp

Filesize
752KB

Download
memory/2708-153-0x00007FF96BB30000-0x00007FF96BB5B000-memory.dmp

Filesize
172KB

Download
memory/2708-161-0x00007FF96BED0000-0x00007FF96BEF4000-memory.dmp

Filesize
144KB

Download
memory/2708-160-0x00007FF96EC70000-0x00007FF96EC7D000-memory.dmp

Filesize
52KB

Download
memory/2708-159-0x00007FF96B060000-0x00007FF96B094000-memory.dmp

Filesize
208KB

Download
memory/2708-158-0x00007FF95A140000-0x00007FF95A5AE000-memory.dmp

Filesize
4.4MB

Download
memory/2708-164-0x00007FF96AE10000-0x00007FF96AE52000-memory.dmp

Filesize
264KB

Download
memory/2708-167-0x00007FF971180000-0x00007FF971199000-memory.dmp

Filesize
100KB

Download
memory/2708-168-0x00007FF96EAF0000-0x00007FF96EAFA000-memory.dmp

Filesize
40KB

Download
memory/2708-171-0x00007FF96D440000-0x00007FF96D45C000-memory.dmp

Filesize
112KB

Download
memory/2708-176-0x00007FF96BD40000-0x00007FF96BD6E000-memory.dmp

Filesize
184KB

Download
memory/2708-177-0x00007FF9603B0000-0x00007FF9603DE000-memory.dmp

Filesize
184KB

Download
memory/2708-181-0x00007FF959960000-0x00007FF959A18000-memory.dmp

Filesize
736KB

Download
memory/2708-183-0x0000019762650000-0x00000197629C5000-memory.dmp

Filesize
3.5MB

Download
memory/2708-182-0x00007FF9595E0000-0x00007FF959955000-memory.dmp

Filesize
3.5MB

Download
memory/2708-186-0x00007FF96B550000-0x00007FF96B60C000-memory.dmp

Filesize
752KB

Download
memory/2708-187-0x00007FF96F2A0000-0x00007FF96F2B4000-memory.dmp

Filesize
80KB

Download
memory/2708-194-0x00007FF96B030000-0x00007FF96B055000-memory.dmp

Filesize
148KB

Download
memory/2708-224-0x00007FF96BB20000-0x00007FF96BB2C000-memory.dmp

Filesize
48KB

Download
memory/2708-223-0x00007FF96BD00000-0x00007FF96BD0B000-memory.dmp

Filesize
44KB

Download
memory/2708-222-0x00007FF96BDA0000-0x00007FF96BDAC000-memory.dmp

Filesize
48KB

Download
memory/2708-244-0x00007FF9591F0000-0x00007FF959361000-memory.dmp

Filesize
1.4MB

Download
memory/2708-245-0x00007FF958F90000-0x00007FF9591E2000-memory.dmp

Filesize
2.3MB

Download
memory/2708-531-0x00007FF95A140000-0x00007FF95A5AE000-memory.dmp

Filesize
4.4MB

Download
memory/2708-554-0x00007FF9591F0000-0x00007FF959361000-memory.dmp

Filesize
1.4MB

Download
memory/2708-552-0x00007FF959CE0000-0x00007FF959DF8000-memory.dmp

Filesize
1.1MB

Download
memory/2708-548-0x00007FF9595E0000-0x00007FF959955000-memory.dmp

Filesize
3.5MB

Download
memory/2708-547-0x00007FF959960000-0x00007FF959A18000-memory.dmp

Filesize
736KB

Download
memory/2708-546-0x00007FF9603B0000-0x00007FF9603DE000-memory.dmp

Filesize
184KB

Download
memory/2708-545-0x00007FF96D440000-0x00007FF96D45C000-memory.dmp

Filesize
112KB

Download
memory/2708-544-0x00007FF96EAF0000-0x00007FF96EAFA000-memory.dmp

Filesize
40KB

Download
memory/2708-118-0x00007FF95A140000-0x00007FF95A5AE000-memory.dmp

Filesize
4.4MB

Download
memory/2708-540-0x00007FF96BB30000-0x00007FF96BB5B000-memory.dmp

Filesize
172KB

Download
memory/2708-555-0x00007FF96D460000-0x00007FF96D46B000-memory.dmp

Filesize
44KB

Download
memory/2708-553-0x00007FF96B010000-0x00007FF96B02F000-memory.dmp

Filesize
124KB

Download
memory/2708-193-0x00007FF96F290000-0x00007FF96F29B000-memory.dmp

Filesize
44KB

Download
memory/2708-192-0x00007FF96BB30000-0x00007FF96BB5B000-memory.dmp

Filesize
172KB

Download
memory/2708-220-0x00007FF9614B0000-0x00007FF9614BE000-memory.dmp

Filesize
56KB

Download
memory/2708-219-0x00007FF9614C0000-0x00007FF9614CD000-memory.dmp

Filesize
52KB

Download
memory/2708-218-0x00007FF964760000-0x00007FF96476C000-memory.dmp

Filesize
48KB

Download
memory/2708-217-0x00007FF96B880000-0x00007FF96B88B000-memory.dmp

Filesize
44KB

Download
memory/2708-201-0x00007FF96AE10000-0x00007FF96AE52000-memory.dmp

Filesize
264KB

Download
memory/2708-197-0x00007FF959CE0000-0x00007FF959DF8000-memory.dmp

Filesize
1.1MB

Download
memory/2708-216-0x00007FF9595E0000-0x00007FF959955000-memory.dmp

Filesize
3.5MB

Download
memory/2708-234-0x00007FF960310000-0x00007FF96031B000-memory.dmp

Filesize
44KB

Download
memory/2708-239-0x00007FF95A640000-0x00007FF95A65B000-memory.dmp

Filesize
108KB

Download
memory/2708-202-0x00007FF96B010000-0x00007FF96B02F000-memory.dmp

Filesize
124KB

Download
memory/2708-238-0x00007FF959CE0000-0x00007FF959DF8000-memory.dmp

Filesize
1.1MB

Download
memory/2708-204-0x00007FF9591F0000-0x00007FF959361000-memory.dmp

Filesize
1.4MB

Download
memory/2708-211-0x00007FF96BE40000-0x00007FF96BE4B000-memory.dmp

Filesize
44KB

Download
memory/2708-241-0x00007FF95A5D0000-0x00007FF95A5F9000-memory.dmp

Filesize
164KB

Download
memory/2708-240-0x00007FF96B010000-0x00007FF96B02F000-memory.dmp

Filesize
124KB

Download
memory/2708-226-0x0000019762650000-0x00000197629C5000-memory.dmp

Filesize
3.5MB

Download
memory/2708-227-0x00007FF960320000-0x00007FF96032B000-memory.dmp

Filesize
44KB

Download
memory/2708-215-0x00007FF959960000-0x00007FF959A18000-memory.dmp

Filesize
736KB

Download
memory/2708-228-0x00007FF960300000-0x00007FF96030C000-memory.dmp

Filesize
48KB

Download
memory/2708-229-0x00007FF9602F0000-0x00007FF9602FC000-memory.dmp

Filesize
48KB

Download
memory/2708-230-0x00007FF960230000-0x00007FF96023D000-memory.dmp

Filesize
52KB

Download
memory/2708-231-0x00007FF95A7E0000-0x00007FF95A7F2000-memory.dmp

Filesize
72KB

Download
memory/2708-232-0x00007FF960220000-0x00007FF96022C000-memory.dmp

Filesize
48KB

Download
memory/2708-233-0x00007FF95A680000-0x00007FF95A695000-memory.dmp

Filesize
84KB

Download
memory/2708-235-0x00007FF95A770000-0x00007FF95A780000-memory.dmp

Filesize
64KB

Download
memory/2708-210-0x00007FF96D460000-0x00007FF96D46B000-memory.dmp

Filesize
44KB

Download
memory/2708-236-0x00007FF95A660000-0x00007FF95A674000-memory.dmp

Filesize
80KB

Download
memory/2708-213-0x00007FF9603B0000-0x00007FF9603DE000-memory.dmp

Filesize
184KB

Download
memory/2708-237-0x00007FF96B030000-0x00007FF96B055000-memory.dmp

Filesize
148KB

Download
memory/5400-1785-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1782-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1783-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1784-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1786-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1787-0x00007FF9385F0000-0x00007FF938600000-memory.dmp

Filesize
64KB

Download
memory/5400-1788-0x00007FF9385F0000-0x00007FF938600000-memory.dmp

Filesize
64KB

Download
memory/5400-1818-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1819-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1821-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1820-0x00007FF93AAB0000-0x00007FF93AAC0000-memory.dmp

Filesize
64KB

Download
memory/5400-1822-0x000002072C810000-0x000002072CA92000-memory.dmp

Filesize
2.5MB

Download
memory/6128-426-0x00007FF96B140000-0x00007FF96B174000-memory.dmp

Filesize
208KB

Download
memory/6128-675-0x00007FF9585D0000-0x00007FF958945000-memory.dmp

Filesize
3.5MB

Download
memory/6128-667-0x00007FF96B180000-0x00007FF96B1AB000-memory.dmp

Filesize
172KB

Download
memory/6128-668-0x00007FF96B140000-0x00007FF96B174000-memory.dmp

Filesize
208KB

Download
memory/6128-669-0x00007FF96B130000-0x00007FF96B13D000-memory.dmp

Filesize
52KB

Download
memory/6128-670-0x00007FF96B0D0000-0x00007FF96B112000-memory.dmp

Filesize
264KB

Download
memory/6128-671-0x00007FF96B0C0000-0x00007FF96B0CA000-memory.dmp

Filesize
40KB

Download
memory/6128-673-0x00007FF95A110000-0x00007FF95A13E000-memory.dmp

Filesize
184KB

Download
memory/6128-674-0x00007FF95A050000-0x00007FF95A108000-memory.dmp

Filesize
736KB

Download
memory/6128-676-0x00007FF95A030000-0x00007FF95A044000-memory.dmp

Filesize
80KB

Download
memory/6128-677-0x00007FF95A000000-0x00007FF95A00B000-memory.dmp

Filesize
44KB

Download
memory/6128-678-0x00007FF959FD0000-0x00007FF959FF5000-memory.dmp

Filesize
148KB

Download
memory/6128-679-0x00007FF9584B0000-0x00007FF9585C8000-memory.dmp

Filesize
1.1MB

Download
memory/6128-680-0x00007FF95A010000-0x00007FF95A02F000-memory.dmp

Filesize
124KB

Download
memory/6128-681-0x00007FF958330000-0x00007FF9584A1000-memory.dmp

Filesize
1.4MB

Download
memory/6128-682-0x00007FF959FC0000-0x00007FF959FCB000-memory.dmp

Filesize
44KB

Download
memory/6128-672-0x00007FF96B0A0000-0x00007FF96B0BC000-memory.dmp

Filesize
112KB

Download
memory/6128-658-0x00007FF958950000-0x00007FF958DBE000-memory.dmp

Filesize
4.4MB

Download
memory/6128-441-0x00007FF95A000000-0x00007FF95A00B000-memory.dmp

Filesize
44KB

Download
memory/6128-442-0x00007FF959FD0000-0x00007FF959FF5000-memory.dmp

Filesize
148KB

Download
memory/6128-440-0x00007FF95A030000-0x00007FF95A044000-memory.dmp

Filesize
80KB

Download
memory/6128-438-0x00000133CE0A0000-0x00000133CE415000-memory.dmp

Filesize
3.5MB

Download
memory/6128-439-0x00007FF96B1B0000-0x00007FF96B26C000-memory.dmp

Filesize
752KB

Download
memory/6128-437-0x00007FF9585D0000-0x00007FF958945000-memory.dmp

Filesize
3.5MB

Download
memory/6128-436-0x00007FF95A050000-0x00007FF95A108000-memory.dmp

Filesize
736KB

Download
memory/6128-434-0x00007FF96B2D0000-0x00007FF96B2FE000-memory.dmp

Filesize
184KB

Download
memory/6128-435-0x00007FF95A110000-0x00007FF95A13E000-memory.dmp

Filesize
184KB

Download
memory/6128-432-0x00007FF96B300000-0x00007FF96B30D000-memory.dmp

Filesize
52KB

Download
memory/6128-433-0x00007FF96B0A0000-0x00007FF96B0BC000-memory.dmp

Filesize
112KB

Download
memory/6128-430-0x00007FF96B310000-0x00007FF96B329000-memory.dmp

Filesize
100KB

Download
memory/6128-431-0x00007FF96B0C0000-0x00007FF96B0CA000-memory.dmp

Filesize
40KB

Download
memory/6128-429-0x00007FF96B0D0000-0x00007FF96B112000-memory.dmp

Filesize
264KB

Download
memory/6128-427-0x00007FF96B340000-0x00007FF96B364000-memory.dmp

Filesize
144KB

Download
memory/6128-428-0x00007FF96B130000-0x00007FF96B13D000-memory.dmp

Filesize
52KB

Download
memory/6128-424-0x00007FF958950000-0x00007FF958DBE000-memory.dmp

Filesize
4.4MB

Download
memory/6128-425-0x00007FF96B180000-0x00007FF96B1AB000-memory.dmp

Filesize
172KB

Download
memory/6128-422-0x00007FF96B270000-0x00007FF96B29D000-memory.dmp

Filesize
180KB

Download
memory/6128-423-0x00007FF96B1B0000-0x00007FF96B26C000-memory.dmp

Filesize
752KB

Download
memory/6128-418-0x00007FF96B2A0000-0x00007FF96B2B9000-memory.dmp

Filesize
100KB

Download
memory/6128-416-0x00007FF96B2D0000-0x00007FF96B2FE000-memory.dmp

Filesize
184KB

Download
memory/6128-414-0x00007FF96B300000-0x00007FF96B30D000-memory.dmp

Filesize
52KB

Download
memory/6128-413-0x00007FF96B310000-0x00007FF96B329000-memory.dmp

Filesize
100KB

Download
memory/6128-412-0x00007FF96B330000-0x00007FF96B33F000-memory.dmp

Filesize
60KB

Download
memory/6128-411-0x00007FF96B340000-0x00007FF96B364000-memory.dmp

Filesize
144KB

Download
memory/6128-409-0x00007FF958950000-0x00007FF958DBE000-memory.dmp

Filesize
4.4MB

Download