Overview

overview

10

Static

static

3

Antidetect...22.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    245s
  • max time network
    252s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-es
  • resource tags

    arch:x64arch:x86image:win11-20250313-eslocale:es-esos:windows11-21h2-x64systemwindows
  • submitted
    04/04/2025, 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Antidetect Patreon Premium Edition/Antidetect Patreon Premium Edition 2022.exe

  • Size

    84.3MB

  • MD5

    b4bceed650b2162007040ce71b3a94a6

  • SHA1

    810bd44e0f3d3efdf1ec7923c54d5a86ecb5799a

  • SHA256

    316e21b3e68b522fc33f29723770f031ca472f39c6b192f3e4534b5198652372

  • SHA512

    3355173305b03120b4db20c92765c4c84db0ff75d0305e7a1192cea6a4c0ab64fbe9838c2c3185458eb5aed967347276b2d78cba0c55753694a21b9b04aa480c

  • SSDEEP

    1572864:O96ytL1hdHOZJGF2qDdNy00uNhM/IiafGhoZyV4CSS17IAs7lZJbKpg4:ODBpOSFZRNy+NhM/2ZkP7RalZJ+pg

Score
10/10
revengeratnyan-catdiscoverypersistenceprivilege_escalationstealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

NYAN-CAT

C2

blog.capeturk.com:1111

Mutex

RV_MUTEX-FZMONFueOciq

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • RevengeRat Executable 1 IoCs
    stealer
  • Drops file in Drivers directory 12 IoCs
  • Manipulates Digital Signatures 1 TTPs 1 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 31 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 43 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition\Antidetect Patreon Premium Edition 2022.exe
    "C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition\Antidetect Patreon Premium Edition 2022.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:480
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops desktop.ini file(s)
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:4408
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:928
        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
          "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of AdjustPrivilegeToken
          PID:5376
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:5008
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:5268
    • C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition\Antidetect Patreon Premium Edition 2022 .exe
      "C:\Users\Admin\AppData\Local\Temp\Antidetect Patreon Premium Edition\Antidetect Patreon Premium Edition 2022 .exe"
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe
        "C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:4792
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2524
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2736
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5612
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3500
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 580B86F78B071386285D22FBD04546AE
      2⤵
      • Loads dropped DLL
      PID:2684
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 30E7321624A9014B1B00918BFAF267D7 E Global\MSI0000
      2⤵
      • Drops file in Drivers directory
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:3900
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 9875F388C3C7596C7BFB8F19D275279A M Global\MSI0000
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1408
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:5160
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:5252
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of WriteProcessMemory
    PID:3320
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "1" "C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "44c03ccb3" "0000000000000150" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device"
      2⤵
      • Manipulates Digital Signatures
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{924BCF1A-6316-4004-8CDE-88E401B5EB10} Global\{A5E228C4-F2DB-49DE-A77D-DA21DEC858E5} C:\Windows\System32\DriverStore\Temp\{68d08711-27f7-af49-98f5-ac5beb04da14}\VBoxUSB.inf C:\Windows\System32\DriverStore\Temp\{68d08711-27f7-af49-98f5-ac5beb04da14}\VBoxUSB.cat
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        PID:480
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "1" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "414293377" "0000000000000164" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:1984
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "1" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "442d4ec77" "000000000000015C" "WinSta0\Default" "0000000000000170" "208" "C:\Program Files\Vektor T13\VirtualBox\drivers\network\netlwf"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:780
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
    1⤵
    • Modifies data under HKEY_USERS
    PID:3452
  • C:\Program Files\Vektor T13\VirtualBox\VBoxSVC.exe
    "C:\Program Files\Vektor T13\VirtualBox\VBoxSVC.exe" -Embedding
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:1092
  • C:\Program Files\Vektor T13\VirtualBox\VBoxSDS.exe
    "C:\Program Files\Vektor T13\VirtualBox\VBoxSDS.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:5248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e57f9f1.rbs
    Filesize

    2.4MB

    MD5

    9f11fe2b3f9144474cad22bd4e3118c1

    SHA1

    92dcd730613d26d4893fbfd5b43baf999ffa687b

    SHA256

    ff19b8160bb321dd3f88c4cb101957639b72cd0d9da95bc492d93c8e81bf9c94

    SHA512

    4f9b0287dc4a68b65f4ea2cc4223c31a2a27c99ce80bb6125732e62087feeb362b3adef5b1cd7523512013185ee99016ff940e44e6adf5e2d77727ce3fb7a245

    Download Submit

  • C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\USB\device\VBoxUSB.cat
    Filesize

    24KB

    MD5

    8e879e3b069a863ea28cd8ccb102c3b8

    SHA1

    385ee7ec19e2698e0d30f15182889b3e536c5e4d

    SHA256

    10d8016a168c3c1fc756d716b02b400616d026a2a5b4cb143cd7a5f809b55516

    SHA512

    99d7de7b95adb3509bae7a38c3625a7a9fee5e85112f5238c438c580d1118fa7d73dd42d73443dafe4e06e1989edc1c510a62d7e8db5ee13ff1d8ae21b45754a

    Download Submit

  • C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\USB\device\VBoxUSB.sys
    Filesize

    178KB

    MD5

    066955d033308d27c08ddd9605ccfe7a

    SHA1

    1ee93f373c7ef8e17540ed56fcf2ce1541db5997

    SHA256

    a0fc2ddcb775de51f992a5a49a9447b2722323948e576f84a8ba7d3ce06c31fe

    SHA512

    822e488046c93b816c53c905d748e9864006bf6d7c169f68698cbaf35d580ddad65f1bf915648b73f8a2571e836a6c7c97bb0bd1a5f8864194219191341e0837

    Download Submit

  • C:\PROGRA~1\VEKTOR~1\VIRTUA~1\drivers\network\netadp6\VBoxNetAdp6.sys
    Filesize

    241KB

    MD5

    c6f08995f2d2c18caf8e91db9b1e2249

    SHA1

    e03dad0181f930e320206f733306a4e9ca3fef8a

    SHA256

    da3b498352c645db952878ba25975e9689d92840d7f77e6476a0463fe6f4d87d

    SHA512

    a7c3d7c7f5dafd81f9737db5dfce03e52bf5fc9cd1e863f883dff86d0f90e9d66b726ea774f7ee15b073676fbbc8746167086f3721202085445259f925ec31c0

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\VBoxProxyStub.dll
    Filesize

    973KB

    MD5

    b2c2f48bd25fe77420b5363860fcd904

    SHA1

    42c5a4ee090f304e506472531e3b71acc91bcf2e

    SHA256

    f1bb391a09870493a26066b531fb2d1969a9503037ebf6ba87a58e3268ea2ec6

    SHA512

    b6c6c78ccceddaa39b2ee957dea931d1597d54ce3b8e29e6d051de7d54044ea5ff9dce5056de04fa7cecdc39c0c25c96b1b232894d3f270d5daca924207c0d98

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\VirtualBox.exe
    Filesize

    2.2MB

    MD5

    2f14a2853900e97f4943242b1b407c86

    SHA1

    675ca10eea2eaac50674012fb0f9e4b2649faf2d

    SHA256

    97c8a5a19486d8a8735ab787b4a4c587a4ae6909e1f992b10ac91cb2c09b1741

    SHA512

    0498a503060908714bb61ea4931be28a0211ad64481220f6dec4024b7b49be5d33e8496d9906ddbdd8b251d6ddd31a8ab15c435632adb3a86012cc29991e6160

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\USB\device\VBoxUSB.inf
    Filesize

    2KB

    MD5

    65346b5991286bb6bbe4038768f7e245

    SHA1

    d1a1f5cc3c1b9afacd4b9d65adcc58b2948a6f7f

    SHA256

    5b9f9965e3b7a42f52a36df2b035523106863247010e122dab253e3107b70ce7

    SHA512

    ed435b1c509361f4e6f9eef47f3a8ad980cbc8aaa84f27c9cb6b125a33d20034f0cc60a8a5679bc4bbcef2ef8f5bbea447b35d2c2d3047fab028db4b379af634

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\USB\filter\VBoxUSBMon.cat
    Filesize

    24KB

    MD5

    2efae31236f042ce07eb23fcb562c630

    SHA1

    4e4dfad311d140b5c1e14c2ec604833042ce3c58

    SHA256

    7326823e899a8e0a59f9d64d6164cc60267ea37a9c20842d85b60d91dcd1c0a6

    SHA512

    1f7dfe83528b4230e555001ca8add6b5aabb6be99ffd2168861a008fbdacc33f21c5dba86fc992dede14bd7ffd5be765810d07f794e7f195e04dec5f88a43db5

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\USB\filter\VBoxUSBMon.inf
    Filesize

    2KB

    MD5

    ac4abd3f90352559932287fb97d527d1

    SHA1

    276d8a42b659eafc5fed20406c17eed77c68530a

    SHA256

    f66796576e7307da709aec482724b4af17c5ea59fd016df042819be9d7e6df9b

    SHA512

    08940c1667debfa7039b91a09bd31ea5b6efc7f3002b8606e2d37f7d3700dcc10dccf2d681b70271bd95528875a7113530babc340240ce4b7f76f80a22cc2d83

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\USB\filter\VBoxUSBMon.sys
    Filesize

    191KB

    MD5

    18f19e03735dc5a7e6476b36140232e6

    SHA1

    ef1d3f764784499443088f6f32d3770c753c9036

    SHA256

    f1b7ae6c62345d73069dc7b96f4a0ddb7303647863d58485a8627ba69f189ee6

    SHA512

    6a10d971c19e6c7b9709a632b84cf3bf9284f976e8f1bcfbcc7d98ab5cd9ccdb748ccaee3d420f2dddcf8f41b56c437ff422ea126068cf49831462b478ee60a8

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf
    Filesize

    3KB

    MD5

    b12511df122f31364b87b071a62901e1

    SHA1

    9b81fe3af4c64748abff3964080e691ec25f02dc

    SHA256

    1e3de2fe2bb1069091850d5307b0c869d7d802cf1ffb824e3f82057294a3f395

    SHA512

    2aad66c44e8eda6797c1ab4143303ae3090ee9dac60633547ac9aeef60982a1f5df91e4ee7cabcb2d5dc63f029979f65225a1792c41c2bfaa31d5cde7fc273f0

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf
    Filesize

    3KB

    MD5

    12663dbd027adc66ef1d9cdf59c0f8cf

    SHA1

    667da2234c0613711920086a991328acfce58985

    SHA256

    232fabfc5d2201eeaa9b32fce26903eda4d8519613e6ec8967fbf11935f135ac

    SHA512

    7b3482f2d87c7de175964ec8a8cc0b4341e8782d3de44b6ea5eb9150c2e5b582a896a32609272fed3f26d7fa57cc8e6709d47708129b739d391364bbaae93d31

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.cat
    Filesize

    24KB

    MD5

    da6c40b2b2962b8b9eb21ef56b7b3dcf

    SHA1

    256adcb0c73ac91bd2ed7b3c97c603e386e609e4

    SHA256

    afe786fb69e3dba876abb3c49979a08b42270abbe7c37274955c013de3ef3670

    SHA512

    084dff20aa145a12832020448172bffa2d3d4589e36d692e323bb0f6fce2eedb9eb87fbd28d21f16cfdfa93ee005c1311cac3917302235db29533b1d9dc14753

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.inf
    Filesize

    2KB

    MD5

    2bb7330b6796d8018f50723b4300bce1

    SHA1

    a268682f991c3ef8fed568e7213c146846819f18

    SHA256

    a74ed746efd1b0713c0ec23171bc4311853936ff41dcd024e63ebf65bf5893ad

    SHA512

    eed5a7ceb88fdbb4c9fa942d52d568e1a63214130f8525cccf6de3b0a3bac45e954ea1d6d6e184fc4cef51d2765fae548161b56b465be37d176d5d7129289a65

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\drivers\vboxdrv\VBoxDrv.sys
    Filesize

    1.0MB

    MD5

    53b6d078510da6f9da9de35fc286f6df

    SHA1

    26dbabf8a40d2203e745f6ea66b888794a23973c

    SHA256

    bf083aba584e5cb31a26c4d7ae2bbf0f4dff3ae0d0f9bd8922203b463f59021b

    SHA512

    4420be234eade61663e8bedc5f62878df5fa1764058f2ab0a0195f96ebfb228b450a58cdce2baaab8cf5694b7b059032d9fd440946b102569acb73878c657c2e

    Download Submit

  • C:\Program Files\Vektor T13\VirtualBox\x86\VBoxProxyStub-x86.dll
    Filesize

    588KB

    MD5

    d48799db5ba631002258b5972b332e00

    SHA1

    df6a04162e148eafa2e17442ae9c0a3b0ebc650d

    SHA256

    3b78e45616ba825a508dec60d05f7909bc15a5d1f5029e4d04ca0d603f02f0fa

    SHA512

    45a5b1710e2cee64e1b87b82fcbe8e8109cb580396a65dd53a8bca934ae2d525d967507f4807febf277b8aa8c50af1bcb0f00a8cbd0d40ef70bf6bb8b7649e70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    9c0d8d183bd332b6c3db08727f8ec95b

    SHA1

    d3f7e47ef67eaff851b3bd3cd4097f7b749f81f7

    SHA256

    d35f7bd9587b446a97d2e278f9ef7f8a2504362884910139289319d3af04a921

    SHA512

    485b0fa7027e33a700ec9be243ca6541b20648a630ba2c450dedc2efa43971cd5d15c1d77c490d83564837c27a85e995c2bd48fb8c20a64ca51a9ef0510729eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_72694C6727E2E7C86AB39E0B21D2306A
    Filesize

    1KB

    MD5

    fd53a0c952ab0a6e3987f33f6ebe3f04

    SHA1

    d89a95dca803109e5d8df34d1a02b030bbf9fe9a

    SHA256

    0df3eaf4ca15f24674460501b9c873af7096b58ac48d47fc0374071bc394bfa0

    SHA512

    18dddcd9b67e52d2f2482b7f7837193884f56f93df5d5b1ba41a2f3329bcb4b8c84b966228619160d77fa3d826d2b515be2dd80f9a5c55148762bfe8406cfa18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    1KB

    MD5

    a3adb759493eff3782a3124299a22b15

    SHA1

    134175ca68ff9fd5ae9d16f8969f32b5d7294bba

    SHA256

    458e1b0401d38d9a0f9f69d2e30b85fa58ea882857cbd5b41cd94cd55def0c6a

    SHA512

    eb4e8ac77dfe0653bd0fa907f6a5607fa76e653d39c805bf2afa8d0696cffc41af30fdc0a199511250105f90ce9c5aac352d457ba8fe06fabcebef95be7c36db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
    Filesize

    1KB

    MD5

    54735f193ee919f88a9387e1f866c7fc

    SHA1

    016d27453f12ae19dda1b6ee36995dca21b9ab49

    SHA256

    fd87a6488927c0ee8cb7269025f5f4acfbe0ced334e96393535c72114e936551

    SHA512

    2d1103d26acd6ee53e75cae9edc4b1572395d00ad60edcddbfb39f3c8a64fa01ae83190ea236ce9a2d8b9e6fed9efed4c4235c55dd850ce494c87d6b585e7024

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    bbcc6e1e63fda62e32ccb82b72c3bf8f

    SHA1

    9efff7bae242925f92fe3906a60e88bc90dd13e8

    SHA256

    d32e77eec794b20b5308fded5cccf5c7c66e59177e4787801bcbea3652ad2a9c

    SHA512

    8e7aab424c604577804c44b48481df1530bac89e6ab556cfdec6194aeefc0ff747b9e55b3a7c4013c441a4c1df7e3092076d9c8dcd493b144f2539420718575c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_72694C6727E2E7C86AB39E0B21D2306A
    Filesize

    536B

    MD5

    f8b7d50ffb68f1c0fc0d1bfb9720b73f

    SHA1

    bd4e866c376270c710ef9049f9833203a7ac8125

    SHA256

    761139930e2f3fa3d5871fa2f2ba53c32301e1637391ba2299dc142fbc5583ae

    SHA512

    76bbd1721d6168252db19911c46944d42bd946d77b97ee85c6bddf4e46536d692c7f3216859e95ab362efd7e526f9382755fbb32d3d95016cd5a98373c867da0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    536B

    MD5

    0af341a9df2447eb54a3311b3ccbfd5a

    SHA1

    98ff57169f11a7ca700b21b6d972c3c1b7d8bbe7

    SHA256

    0e4615545df60babdb834d9890f0878976d2cf0cdc3dd13dbed1930ac4d94030

    SHA512

    160d3b957998a2f64928150f66f71777857465c305482d7c2868d44a1c4f93d840d74ca031fac80e87124254d2c965a33a85c8310049a55448501116ae717b30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
    Filesize

    508B

    MD5

    81021bb7062ec52b16b655164081a7f8

    SHA1

    4e8c387e92166532f57ee6ce86468e815aa18c59

    SHA256

    dc01772cdd89e6444c973cb4bf10c512b7b4bd4ed0846fb37b0e99b24872f31e

    SHA512

    bb61d69d1cc88a8816530f9de4c74ce23de241c41d03f56eb4dafd244d23665850f049262ee2e52b9e96966e7c8d3c8aad540ec72def62da8472c3ff01421a86

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Setup.exe.log
    Filesize

    408B

    MD5

    252d820f60b1a8716c6ecf2a06f4efe1

    SHA1

    9be2566cf6aaf73ff7679db9cc2a6277b27a5896

    SHA256

    3b1cc12b59dc1e8a72b957d9b9be782c0cbf2a6fed1305b339e55f4ee38efe91

    SHA512

    49bc304d7454c112011474fdd557a3693fa7821b831d45fcea0cd2562cf23cad7b3512195054f7d90c7a8149f4c380cc8ab68131e7d5bc37066fbd0e0d580c39

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\svchost.exe.log
    Filesize

    689B

    MD5

    727ce971a2b7303de85961589f692a87

    SHA1

    4bce0760241cf7ca9ef2153f093f3c5a12bd7dc7

    SHA256

    47a7897be2a7d9b5026c83d739ecc1f336f1591eaea8fbbd8da6a4850a5c764e

    SHA512

    30c16977a41f85e19208282784301763857e7e3d8948e768519d929ba86e2917cd338af534ff7748c58a6c7890c15eed2878ce9fb79b4baad2707284d721ac85

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    Filesize

    420KB

    MD5

    ada0cbc54989b2cd2959601c7a5b8499

    SHA1

    9c8739d476016fe0a87b176bb95f3a5bcbeff0de

    SHA256

    a19b89ddc700357e618934775fd1a412401b308a9ef6ae686d3f363622065c96

    SHA512

    f9de42724ff8bc65841db07a0901b706cf5f44d6c1e09e34ea753f88ed9746a22898993e0afe2947f8b4aa28515b428bd320bedca471b04db171776e81c4558e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
    Filesize

    73KB

    MD5

    8e3d99e6a1064f89744ccb24dc6802bb

    SHA1

    1b6c31ab4236538c8423c19575c1e19a031b3876

    SHA256

    d21a23ffbdfe1bf8232a132b559c99b37f5825d816f83370684e67988b3162a8

    SHA512

    f5f49c20c5d9a5a80e1d3a4540695fca4732755bc33c0ea61b8be582a2ab7d22305666caf4a3f09fc7c165b3ceadcc89aa4240edcf1f0daba8b0bb09ef720134

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
    Filesize

    293KB

    MD5

    1303779b354738a8c93cc522ffb21f11

    SHA1

    ce29a26e1363ddfdc830e2934fed935f15032187

    SHA256

    0a8e2fcc8c6393d2e97e6129e862a877a420a54f2530b4af5eb7f8e2a7a30af5

    SHA512

    b5a612907d09200753d4b4770c90cde98d18eda7eacd15c8297582401b58f1a4a91c8553dea7640d03bcc6068bb2afa0b1ee46997653c839f2066f5ed050a66d

    Download Submit

  • C:\Users\Admin\VirtualBox VMs\dfg\dfg.vbox
    Filesize

    1KB

    MD5

    f15a310adc3e0c6c0cb44bbd65cc1d8c

    SHA1

    374739e7d3f4cc7da69510368d1fcb5fa9af40b1

    SHA256

    ebf1c8848195a7d85a4151627987a22faf2ac86deab6ba4fec3c1d696d1346ca

    SHA512

    6a38890f895159c970d159804b8ec5b72e8596bfc9f64f645c81233ad651b49dc2c9bf8d4fee293b272acde004f9757b754e7dcbb2206755eb5fe19c1768bba8

    Download Submit

  • C:\Users\Admin\VirtualBox VMs\w\w.vbox
    Filesize

    1KB

    MD5

    c04a96c65844cf3c32b1fd830b580d11

    SHA1

    7b5aa071ce68cd63248acef0175853c48d97629f

    SHA256

    2549bb2c5a235c23343905fe6015520cfdabc8363c02adc48237e37d195a85b3

    SHA512

    2ac64fae37afab4847afb2eb3c80ce3dde56100fb13814fcb04a99b2764bc5c6f1404ade1d3e96a70b3c82e2d15fbf823b12dca65e6ed69692d7d6568b30f812

    Download Submit

  • C:\Windows\Installer\MSI3C6.tmp
    Filesize

    199KB

    MD5

    f97b9cde9f9de44a9de69363eb66dce5

    SHA1

    846fb6f0ef3c704d97779034ac48464fd1bdb881

    SHA256

    e67c83feb3a099f9908af211546b7471bc7b42fde80b11a7448ba5932b6c01b9

    SHA512

    5c0749886aa240e010eaa078a7201b2a7d8caf9c1a6797b71499cd15012b19daed3cb51f1602cf82600e298f4e5e9a9667b9412e25d6256f077f00dcb9d18ce1

    Download Submit

  • C:\Windows\Installer\MSIABC.tmp
    Filesize

    690KB

    MD5

    8deb7d2f91c7392925718b3ba0aade22

    SHA1

    fc8e9b10c83e16eb0af1b6f10128f5c37b389682

    SHA256

    cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4

    SHA512

    37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

    Download Submit

  • C:\Windows\Installer\MSIFDE9.tmp
    Filesize

    149KB

    MD5

    418322f7be2b68e88a93a048ac75a757

    SHA1

    09739792ff1c30f73dacafbe503630615922b561

    SHA256

    ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b

    SHA512

    253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef

    Download Submit

  • C:\Windows\System32\CatRoot2\dberr.txt
    Filesize

    104KB

    MD5

    774f076b5cac12548979a1f076382522

    SHA1

    3be5b615c1e559e11b758be602fadb0cbc35b0d2

    SHA256

    704fe2e8979609a6833e4fe8c87ffdad4a4393aac6665eed17d59c0813f2b021

    SHA512

    e5b3d5896728c2df3c10ca136c3a8662d52243f1afb1def726d9b2d8e56ecb65b2a3135e6930b4c3cc1596d61c86533fd43308eda675d0bee8ef468e9b1ce116

    Download Submit

  • C:\Windows\System32\CatRoot2\dberr.txt
    Filesize

    104KB

    MD5

    21eba4fdd2870c55c2ec4a15ed4b8673

    SHA1

    380d0115602c325ba0a43a384a294688db1b0592

    SHA256

    481b913e174c134d5c7fd5483c7899899ad2a1004821d0e1919bd72e80c4e5f3

    SHA512

    009c578cb9ec1bd71c751d4cf7385f412a85a16372b1947d6fd251489c7c6e534c7cb7d538c7ffecb4059ab3fd1db5e3ad8f56e65eb635ea9aaee880979d6f2b

    Download Submit

  • C:\Windows\System32\CatRoot2\dberr.txt
    Filesize

    104KB

    MD5

    d24e85faa5646d90a626500cc2890a6a

    SHA1

    28eace153aae28b10e48f4ffd23f0634b6d03df6

    SHA256

    f2359f90e918837c74851467495cb055ed984f9f248d7915fcbfd2502b0cd3ed

    SHA512

    3785860a2a199561301078e24460382a329cde46c04d1a2a0ec15ec7a3de9aa4728a0b1d0d3bf1f252a4bac14a1574b59c30f7f282d1216909f74703121e0769

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{1b8fad2d-5811-214b-9f35-20d2bb518eb0}\VBoxNetAdp6.cat
    Filesize

    24KB

    MD5

    76db37d9887f6424687a2cea966678ce

    SHA1

    3ad513cc7694a1811a3c86db74c27e0fdde56a5d

    SHA256

    0edc02470245df9811ff1cf69aa47ce0b3e70cb0beac2349f54176fa08f992c6

    SHA512

    1b269a569f16b9296a9660d4655478bddc659a39bf3a5fb51b9011e4f6bcd6382e1023f7ee2b3d8c63e814e68e062af47eb5d26f404038cba3b79775e4272313

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{ac5b5d23-90a8-c143-8e5a-e3b2cbb0807e}\VBoxNetLwf.cat
    Filesize

    24KB

    MD5

    4a8db3582e8ce1687b107db4eac1f1b5

    SHA1

    17a401cc2bc872e3299ddde2fdd153c624a9f666

    SHA256

    b792e5e904dd4c75433e9f6fd9e5b81f8274c7b8580f174fea124b97ef11d90e

    SHA512

    cbb299247dc8e41b9d45d488f164937781a51762337d7f4fc82af82829c3529f8906ab55a9eb0aa19a0d74b18f542f22f3434a6ebe061a6d21be3d1f16c9f84d

    Download Submit

  • C:\Windows\System32\DriverStore\Temp\{ac5b5d23-90a8-c143-8e5a-e3b2cbb0807e}\VBoxNetLwf.sys
    Filesize

    251KB

    MD5

    be2d61e34859a88ab785b1579767488a

    SHA1

    55eed9cfecb2a77299528abd5503916dad342c6e

    SHA256

    fc4d51468f49dfcb2be252670a32be264e8e5e570172c431bd8010fbebcf7e82

    SHA512

    8f17ed77cbace1b8f9ea25b91d298edf51fe6af2e0086eca0e47a3ce639994afa47e8f0e223ebdb1abfbb8940415e1e57caaf6d1b5b817333893c3cb1480fc22

    Download Submit

  • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
    Filesize

    24.6MB

    MD5

    ebea736d31c8f70481ec3554988fd21e

    SHA1

    8420cc1301b0cc99b099991b9170a00eef701f59

    SHA256

    48e3b70a3f3b037eece9c81f94a16e055e10ebef01627609aa0d34853e436516

    SHA512

    317b1ab21cbe73b9f6e9f5ec31df3581ec200835d120628cde840c26012f1a9487a76ae1103248202d8c5190e6f1d564a4c3f2054a3f33ea2f572b7954e99a1f

    Download Submit

  • \??\Volume{d3053786-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{28067d3d-d029-48bb-b9f7-48cc97f0f8b6}_OnDiskSnapshotProp
    Filesize

    6KB

    MD5

    172002fdd77fbe3fec850393baa2af90

    SHA1

    b5b9b3d0251c01c54c9723505cff555fba3785ee

    SHA256

    9b94599a2438abe1090e7b71007132fe845af7eec80ea3c38f06295df4a8cce6

    SHA512

    5ac494c2aac98523efc827ab96b7c42b5ebe6cbca5214d25925973fa0065494f0fb8cd8dba3974399859e73c4932ee8662c418cfb5d39e9adfea0bf5b83e2adb

    Download Submit

  • memory/480-62-0x00007FFDA35E0000-0x00007FFDA3F81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/480-6-0x00007FFDA35E0000-0x00007FFDA3F81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/480-4-0x0000000021310000-0x00000000213AC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/480-0-0x00007FFDA3895000-0x00007FFDA3896000-memory.dmp

    Filesize

    4KB

    Download

  • memory/480-3-0x0000000020DA0000-0x000000002126E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/480-2-0x00007FFDA35E0000-0x00007FFDA3F81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/480-1-0x00000000207D0000-0x0000000020876000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2524-45-0x000000001DBC0000-0x000000001DC0E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/2524-40-0x00000000025A0000-0x00000000025A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2736-63-0x000000001D1E0000-0x000000001D1F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4408-24-0x00007FFDA35E0000-0x00007FFDA3F81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4408-17-0x000000001BD80000-0x000000001BDA8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4408-22-0x00007FFDA35E0000-0x00007FFDA3F81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4408-44-0x00007FFDA35E0000-0x00007FFDA3F81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4408-20-0x00007FFDA35E0000-0x00007FFDA3F81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4792-607-0x00007FF7050B0000-0x00007FF7052D6000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4792-606-0x00000000700C0000-0x000000007060E000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/4792-605-0x00007FFD9DD70000-0x00007FFDA00EA000-memory.dmp

    Filesize

    35.5MB

    Download

  • memory/5376-106-0x0000000001A60000-0x0000000001A68000-memory.dmp

    Filesize

    32KB

    Download

  • memory/5376-111-0x000000001BF50000-0x000000001BF5C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/5376-112-0x000000001DC70000-0x000000001DCD2000-memory.dmp

    Filesize

    392KB

    Download