Overview

overview

10

Static

static

10

2025-04-04...ta.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2025, 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-04-04_a50ac8be77193e3cc0a48e39e900a026_black-basta_neshta.exe

  • Size

    7.6MB

  • MD5

    a50ac8be77193e3cc0a48e39e900a026

  • SHA1

    bec2da286875a017641c435bdba9bf63f63bd1d3

  • SHA256

    855baf797b6258e2a5980b68e1743ae7b3cad0e9e49b89c966813940876c18f2

  • SHA512

    36395e427c361e364765d8515f5991c862c6a5832af275b3c6ae247c304d51daf1d3668b34f510fd4f23a63b70e80f8c53c75916450ca693c207983b7af0fffb

  • SSDEEP

    196608:LOENx7QICteEroXxWVfEqlbkkwR7VTEJZFIb+RbNTSclt6C4xMZ3j:bQInEroXgfEqirRRoJZeCRJTSa4vMd

Score
10/10
neshtarevengeratnyancatrevengediscoverypersistencepyinstallerspywarestealertrojan

Malware Config

Extracted

Family

revengerat

Botnet

NyanCatRevenge

C2

amazon.capeturk.com:100

Mutex

eea5a83186824927836

Signatures

  • Detect Neshta payload 58 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Neshta family
    neshta
  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 17 IoCs
  • Loads dropped DLL 15 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 13 IoCs
  • Detects Pyinstaller 2 IoCs
    pyinstaller
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-04-04_a50ac8be77193e3cc0a48e39e900a026_black-basta_neshta.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-04-04_a50ac8be77193e3cc0a48e39e900a026_black-basta_neshta.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1008
    • C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-04_a50ac8be77193e3cc0a48e39e900a026_black-basta_neshta.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-04_a50ac8be77193e3cc0a48e39e900a026_black-basta_neshta.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3108
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4624
        • C:\Users\Admin\AppData\Local\Temp\Setup.exe
          C:\Users\Admin\AppData\Local\Temp\Setup.exe
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:4500
          • C:\Windows\svchost.com
            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\svchost.exe"
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:6112
            • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\svchost.exe
              C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\svchost.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:5388
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4408
        • C:\Users\Admin\AppData\Local\Temp\Setup.exe
          C:\Users\Admin\AppData\Local\Temp\Setup.exe
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:1876
          • C:\Windows\svchost.com
            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\svchost.exe"
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2916
            • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\svchost.exe
              C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\svchost.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:2152
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\GOOGLE~1.EXE"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4928
        • C:\Users\Admin\AppData\Local\Temp\GOOGLE~1.EXE
          C:\Users\Admin\AppData\Local\Temp\GOOGLE~1.EXE
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4924
          • C:\Users\Admin\AppData\Local\Temp\GOOGLE~1.EXE
            C:\Users\Admin\AppData\Local\Temp\GOOGLE~1.EXE
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2228
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:428
      • C:\Windows\svchost.com
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\explorer.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3664
        • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\explorer.exe
          C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\TEMPLA~1\explorer.exe
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:4232
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1956
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE
    Filesize

    328KB

    MD5

    39c8a4c2c3984b64b701b85cb724533b

    SHA1

    c911f4c4070dfe9a35d9adcb7de6e6fb1482ce00

    SHA256

    888a1dd0033e5d758a4e731e3e55357de866e80d03b1b194375f714e1fd4351d

    SHA512

    f42ca2962fe60cff1a13dea8b81ff0647b317c785ee4f5159c38487c34d33aecba8478757047d31ab2ee893fbdcb91a21655353456ba6a018fc71b2278db4db2

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
    Filesize

    86KB

    MD5

    3b73078a714bf61d1c19ebc3afc0e454

    SHA1

    9abeabd74613a2f533e2244c9ee6f967188e4e7e

    SHA256

    ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

    SHA512

    75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE
    Filesize

    5.7MB

    MD5

    09acdc5bbec5a47e8ae47f4a348541e2

    SHA1

    658f64967b2a9372c1c0bdd59c6fb2a18301d891

    SHA256

    1b5c715d71384f043843ea1785a6873a9f39d2daae112ccdeffcd88b10a3a403

    SHA512

    3867bf98e1a0e253114a98b78b047b0d8282b5abf4aaf836f31cc0e26224e2a1b802c65df9d90dc7696a6dbcb9a8e4b900f1d1299e1b11e36f095ebaf8a2e5b8

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe
    Filesize

    175KB

    MD5

    576410de51e63c3b5442540c8fdacbee

    SHA1

    8de673b679e0fee6e460cbf4f21ab728e41e0973

    SHA256

    3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe

    SHA512

    f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
    Filesize

    9.4MB

    MD5

    322302633e36360a24252f6291cdfc91

    SHA1

    238ed62353776c646957efefc0174c545c2afa3d

    SHA256

    31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c

    SHA512

    5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
    Filesize

    2.4MB

    MD5

    8ffc3bdf4a1903d9e28b99d1643fc9c7

    SHA1

    919ba8594db0ae245a8abd80f9f3698826fc6fe5

    SHA256

    8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6

    SHA512

    0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE
    Filesize

    183KB

    MD5

    9dfcdd1ab508b26917bb2461488d8605

    SHA1

    4ba6342bcf4942ade05fb12db83da89dc8c56a21

    SHA256

    ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5

    SHA512

    1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe
    Filesize

    131KB

    MD5

    5791075058b526842f4601c46abd59f5

    SHA1

    b2748f7542e2eebcd0353c3720d92bbffad8678f

    SHA256

    5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394

    SHA512

    83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE
    Filesize

    254KB

    MD5

    4ddc609ae13a777493f3eeda70a81d40

    SHA1

    8957c390f9b2c136d37190e32bccae3ae671c80a

    SHA256

    16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950

    SHA512

    9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE
    Filesize

    386KB

    MD5

    8c753d6448183dea5269445738486e01

    SHA1

    ebbbdc0022ca7487cd6294714cd3fbcb70923af9

    SHA256

    473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997

    SHA512

    4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE
    Filesize

    92KB

    MD5

    176436d406fd1aabebae353963b3ebcf

    SHA1

    9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a

    SHA256

    2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f

    SHA512

    a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE
    Filesize

    147KB

    MD5

    3b35b268659965ab93b6ee42f8193395

    SHA1

    8faefc346e99c9b2488f2414234c9e4740b96d88

    SHA256

    750824b5f75c91a6c2eeb8c5e60ae28d7a81e323d3762c8652255bfea5cba0bb

    SHA512

    035259a7598584ddb770db3da4e066b64dc65638501cdd8ff9f8e2646f23b76e3dfffa1fb5ed57c9bd15bb4efa3f7dd33fdc2e769e5cc195c25de0e340eb89ab

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe
    Filesize

    125KB

    MD5

    cce8964848413b49f18a44da9cb0a79b

    SHA1

    0b7452100d400acebb1c1887542f322a92cbd7ae

    SHA256

    fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5

    SHA512

    bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE
    Filesize

    142KB

    MD5

    92dc0a5b61c98ac6ca3c9e09711e0a5d

    SHA1

    f809f50cfdfbc469561bced921d0bad343a0d7b4

    SHA256

    3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc

    SHA512

    d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31

    Download Submit

  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE
    Filesize

    278KB

    MD5

    12c29dd57aa69f45ddd2e47620e0a8d9

    SHA1

    ba297aa3fe237ca916257bc46370b360a2db2223

    SHA256

    22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880

    SHA512

    255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

    Download Submit

  • C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE
    Filesize

    454KB

    MD5

    bcd0f32f28d3c2ba8f53d1052d05252d

    SHA1

    c29b4591df930dabc1a4bd0fa2c0ad91500eafb2

    SHA256

    bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb

    SHA512

    79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10

    Download Submit

  • C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe
    Filesize

    1.2MB

    MD5

    d47ed8961782d9e27f359447fa86c266

    SHA1

    d37d3f962c8d302b18ec468b4abe94f792f72a3b

    SHA256

    b1ec065f71cc40f400e006586d370997102860504fd643b235e8ed9f5607262a

    SHA512

    3e33f2cdf35024868b183449019de9278035e7966b342ba320a6c601b5629792cbb98a19850d4ca80b906c85d10e8503b0193794d1f1efa849fa33d26cff0669

    Download Submit

  • C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe
    Filesize

    555KB

    MD5

    ce82862ca68d666d7aa47acc514c3e3d

    SHA1

    f458c7f43372dbcdac8257b1639e0fe51f592e28

    SHA256

    c5a99f42100834599e4995d0a178b32b772a6e774a4050a6bb00438af0a6a1f3

    SHA512

    bca7afd6589c3215c92fdaca552ad3380f53d3db8c4b69329a1fa81528dd952a14bf012321de92ad1d20e5c1888eab3dd512b1ac80a406baccc37ee6ff4a90dc

    Download Submit

  • C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE
    Filesize

    121KB

    MD5

    cbd96ba6abe7564cb5980502eec0b5f6

    SHA1

    74e1fe1429cec3e91f55364e5cb8385a64bb0006

    SHA256

    405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa

    SHA512

    a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

    Download Submit

  • C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe
    Filesize

    325KB

    MD5

    9a8d683f9f884ddd9160a5912ca06995

    SHA1

    98dc8682a0c44727ee039298665f5d95b057c854

    SHA256

    5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423

    SHA512

    6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12

    Download Submit

  • C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe
    Filesize

    325KB

    MD5

    892cf4fc5398e07bf652c50ef2aa3b88

    SHA1

    c399e55756b23938057a0ecae597bd9dbe481866

    SHA256

    e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781

    SHA512

    f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167

    Download Submit

  • C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe
    Filesize

    505KB

    MD5

    452c3ce70edba3c6e358fad9fb47eb4c

    SHA1

    d24ea3b642f385a666159ef4c39714bec2b08636

    SHA256

    da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c

    SHA512

    fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085

    Download Submit

  • C:\PROGRA~2\Google\Update\DISABL~1.EXE
    Filesize

    5.4MB

    MD5

    9036b1f2266a9cdd8b29fdb0dc6d557d

    SHA1

    7fc4c17901c2907b3d9fcfd436be55dc6df69b82

    SHA256

    c81f0eeb79898a345f7724464f71b1642b4b8294b50d549290144f3ee2fbaf69

    SHA512

    14251e50f7e6d83af357251af545b09ed14fd86783dce64bef84af7b4facf3a9ad4fdcefd4fb8cf355dc6d2692fccb0aeaaa87deaaa6d5a836887ff189eb483e

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\BHO\IE_TO_~1.EXE
    Filesize

    557KB

    MD5

    2b03f86c9209825849c716434fb730bf

    SHA1

    1148f00cf40b0872e08f47b38bbd0c9858802aa3

    SHA256

    6bb357968887ad126579fb157f455e359ea036a4960a9f98f5cec1fe53931c98

    SHA512

    8d9b5be64e9843ec8d05af21a951e8a7501fc8fb1fc4179959ec60ea150810c0db83b7e8cedb32c44b58a0f81d09c13c4d9d8b0536711978accf47709382e71a

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\COOKIE~1.EXE
    Filesize

    161KB

    MD5

    b67dba91dd68c0c9c7c78899faf33033

    SHA1

    4374c00761ec34d6416096524eedf439636baa94

    SHA256

    5fee43e3295682e179d6e10c568aeb640bbbcf0d6b962fd27f5b372a45fc272d

    SHA512

    7065a8c6552d7dff816e288056cc2bb371bbe078798df471369382a6620c0702020102f1c39485e0c57b65279a6f0484385944f7874575d8b4351c9fa03fd8f6

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\ELEVAT~1.EXE
    Filesize

    1.8MB

    MD5

    aeb70455f5c599fd2022ee73ff56bfc4

    SHA1

    7c3534c7cb80067ab5e6ace67e0ac0d0b8d0cc79

    SHA256

    47eb0dc0cd08f4faa389621c43d6407283e3c315012ef1078a6018c117f195b2

    SHA512

    5e11a5a9f28aa2e4f1d126f393232673043fffa84fa5280755ec6009e0226961343843cc0721e92d08b3fb7510fade31c118e56a993adffff3bdb4a251e67e13

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\IDENTI~1.EXE
    Filesize

    1.1MB

    MD5

    91a9df658e480362c108c71fd91d0247

    SHA1

    f94db13955eb70f2efecceb414225cdaa9b002ff

    SHA256

    94c99d3284962585c15fdb061e0685287df11c872ef930263e251d8d3084d5b0

    SHA512

    9f5815533354a931a68e1fd97de45124f7faef97243352feb787e40a110a27d1277c4d37a6c09cb7d506159a0f153632578626d04fe5d48040438619be159d39

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\INSTAL~1\setup.exe
    Filesize

    6.6MB

    MD5

    46e5df430f3f97f6cf88787698514165

    SHA1

    873621354ef29d4d267d693ffbd9e896d881f503

    SHA256

    4ea8adca8a7f73fc71c7e45ef98f8c422a8b161ca6b6fcd912aec701bebd08a5

    SHA512

    4ea1798977bfa5fc039b1f8518ac1a546c63f565258e3537292f531cfe11c5cd54755fd21600b24fa59464d99904cc9926d19686cee72d898e62db7757e35bf6

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\MSEDGE~1.EXE
    Filesize

    3.2MB

    MD5

    768a4a02c8cd80b975c6b263ee0ae6ff

    SHA1

    1218f8bd4dfb8b62a7c68af4a190f05b4506cb4c

    SHA256

    fc0701d5c47cbd883929abfccf5f6ba88f76a4d0ebfa2d28160cf6c28f018e26

    SHA512

    b390551cf8139052ab776e9151b00f523f2b03732e93107af9fdec245ee03e8085991b699a031d9a61cefebbe48f03585a4a427488c683039eb47fe8da9041a1

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\MSEDGE~2.EXE
    Filesize

    1.1MB

    MD5

    3f712eee08ec79f6160685ac04562ccf

    SHA1

    de10c334e482fd3c09b19bda31708afd25133310

    SHA256

    550e6ad6b5fb0dabd28d9009c790b22e9444fc9fc30e952210727f6ac4a00389

    SHA512

    aee6f40469c5ebd9a97246f41788550dc2647a6d028a874ee7d21ed38d3ca45b31c069ffb09e1abf666f967ed86d5dcca1695d4594a3c3973edfdbdbbfed2932

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\MSEDGE~3.EXE
    Filesize

    1.5MB

    MD5

    ed2b8948e338888609128f878e64541a

    SHA1

    80a0cdd994291879dffba1aa0ffcecd11ed85805

    SHA256

    eb9bbc44c181ddef0d8b53b69bd7327f5c150c0b72d92805a9f3a9ba333f0575

    SHA512

    692d9d858cb004ab48cc3b2e12cef29cf60e0c7d8664604e8f36dc25ae5157d0ee62c06e084eca4c93c619cc8a32f4f9e06a866faeea4262dac986315c5b1748

    Download Submit

  • C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\msedge.exe
    Filesize

    3.8MB

    MD5

    a943e9369c8e6b1e67dc7a91f58e691c

    SHA1

    7df172c9ab05dce69c198a55d5b7dc56c36323f8

    SHA256

    6773bf49098b9fa85725651bc789ec2bcef5dd563a356043468c1f7b235defef

    SHA512

    5a476bb13a93565132d5e1481295d6701e04250186086e1aab8e10d4882ad48a6f63e8f7d76a4d3dd07bd52fb7793bea2a49ea3d496f4f515ee767533166c3c4

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\BHO\ie_to_edge_stub.exe
    Filesize

    554KB

    MD5

    205885bc273bb0e43beb4ec064af8422

    SHA1

    96cd3cad425fc1dbfdcf75f7085e9359b1911977

    SHA256

    cfac2c539bb9c3bc51975643d7c8576ba0a63dc7f1a451ca5daebf098fba8a3c

    SHA512

    ba6426390826437bb12ea90f11f6b112939cbf03082d81900249eccc64f1078cd73a26017810edca6410787fbdfb48383bd10ebcaed12f8910a52340173df02f

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\INSTAL~1\setup.exe
    Filesize

    6.9MB

    MD5

    d55ae56406e1dbce540f8c385bc5c244

    SHA1

    479de824de2a013921f867ef738fa3a3100aa708

    SHA256

    98b7868bb8c9aae548ee7244a71f5a0602c25611643c61c94ba56332882f59ef

    SHA512

    ab7705081af40c74c8005fd8f673b070653b9b871a087cb86594424df957d4eb40930484c4b8c83a3f867297101f3c01d89e55b4cf35ec288bc406954780168a

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\cookie_exporter.exe
    Filesize

    161KB

    MD5

    2f70ce2fd6a36867b80c9b5171f7ad01

    SHA1

    cdac4cb30c1ad3ac6793a7e057d58428e799d6c1

    SHA256

    eafdb0f86d520c66417edd0c1981c79ce7b79f2e24476402f939a577d250ed6b

    SHA512

    394ae58b149ad750c071b17b42817d9eaae794ca9b583a92155a57eafff15467ca1e767fbece8098c22d67a01baf66a5d489b4789db7284ab1a644be335f87ba

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\elevated_tracing_service.exe
    Filesize

    2.5MB

    MD5

    e60af4c310c73019650b9eb2931c9bac

    SHA1

    8fa6c09ed7c8a357946479f7351582191260bd97

    SHA256

    029c237e6cc508cc4c0e97e4e5a9a3c7c54fb706ce237f38ab3b72fad63f2bb1

    SHA512

    61f3743569111df1846f3f13ba95f0a17eac7aafa3a885f72ffbc8b7e5471b757a44aadad27504dbd4ec4e5c52a4354d76443f75479359cac8e52c3ed1fbd1dc

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\elevation_service.exe
    Filesize

    1.8MB

    MD5

    b7e311cd8c0144f008c49c42bb8fab3d

    SHA1

    d96d89cbe4e0b2961755df9383abd50a77988f2c

    SHA256

    5e0c8d2f25706df47c676a41f667b8a31b53e0de96143190161e3e24453d3263

    SHA512

    0df96b9e3dca1a470d6ee20f5646d3427538492c0031742a481f05ad40aa38981906e60cccb89ebbf44ed5356fbe1f22862298a4866608e73cb54e904bfabd16

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\identity_helper.exe
    Filesize

    1.1MB

    MD5

    1bfa8c82b2c5759a93fbcd568e55ad36

    SHA1

    52e6229323366ddd6aeaf2a83b590a9792e530f6

    SHA256

    5a08e3ceae03703ac7fab7e5527380519f156ea2441d3152f4be7dad5ccd17d6

    SHA512

    430c804f0b2203a78a942ca439f1e919867783772bcc893f12e249f918c89eb0fc5cd97fd1622e4909c3946be4d40b5edcb94dcf6d679abf335a91c0aba98072

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\msedge_pwa_launcher.exe
    Filesize

    1.5MB

    MD5

    48ca92017dbfb5348d63d658f69947eb

    SHA1

    f0d453619359cf2af688f0a80999d59cde9c3b9d

    SHA256

    bb591bce74dc3e902c2d1692b2f9427f4d2980ef2d7f019e918cac3107a2f40d

    SHA512

    84632fb9ec2e5aa0b969f73e439d1200a564d662bef50ecef9dedf287f780678a00f0a2f2e9f5f5414882dfb19fc26aa520ba55c954c8b79bdf878f2b7121db4

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\msedgewebview2.exe
    Filesize

    3.4MB

    MD5

    9269b33ee0b68213ac019e331e814ca5

    SHA1

    7c8a4b2a304f482436670a7d36efd9c1546013fc

    SHA256

    a24f051bc53fb1f0209ce9dda174981657f3e6ad9bea3d8032f62e411e602e45

    SHA512

    dabd0c04313b251f76507e3a2a8e014d9febfd713271ca7f120d598b38756937a4d473a83a650b42da9c893514c3c258c5dd48438cf3d09fea1cbf7e56e7142b

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\notification_click_helper.exe
    Filesize

    1.3MB

    MD5

    b45b21f37a1ef904d6cfe2d8e627cfc9

    SHA1

    b856b92d5770b19cfbce966e53621d3ed52555c6

    SHA256

    851b3a4693bed2bac57ec494181b04114adf644a840586ff5347999270c8c3a5

    SHA512

    75467dc78c9ec10aad97193f27f38e3392027a537b836b810db44fb2e1dabdf6da672c3ef63809aeb2cf32dbbba91e0b4cca9ad63e456b1c93b9a615bf6d6ceb

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE
    Filesize

    1.1MB

    MD5

    db1a2e2e2f92341ff6559107c71ec885

    SHA1

    bfd10b84287ed36626af1941a05b5ae6d078790e

    SHA256

    27158f6eac1dd2fc9774d28b5c90d2147ca6e138c2285395f2f979c3f62e4bfb

    SHA512

    2790689169807cd8be353936ff3824030495d6c7cf9ed06609e61d0db8a2247b319df234cbe4debb843478944fa2a1587f7c3dd64ae6b88ee3fc04d6ee9a37c2

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE
    Filesize

    1.1MB

    MD5

    d00b4c03d09a290101c94a55b5c8a0bd

    SHA1

    c6c48a3a167c3d3b603186673b7364f70112b16e

    SHA256

    0299a91e62192e68e2f468884e30e99b61afc9058eb162700383c0acdfdd142e

    SHA512

    2f2673451ddc9cfddb7a2fad0ac0ba0e0f2ab18a496130ba1d1280ae34482caf489b85743dae6f3edff0b5b112c2ca10c5aaf815dd8cecc529d7aa8c604ec82d

    Download Submit

  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe
    Filesize

    3.9MB

    MD5

    a954dbc45566e18f9051fc43503e0be1

    SHA1

    16bb38561d02a304cd397b6727925a548dedc22f

    SHA256

    1802e5c80c837c9f979783191e4df212a59d5d9a956ff2eb13f3e7093f5685ed

    SHA512

    3aeb5982ac4d9240f427ccd622fbf3a6cce6038ddf97564c1c3d10b02a10ec6b13fab5acba30cdd86e0bbc070acc0a3efd19c86fa83f0e8fc347f7d2e8ea9fdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-04_a50ac8be77193e3cc0a48e39e900a026_black-basta_neshta.exe
    Filesize

    7.5MB

    MD5

    7c0e13345130b46cd0a38d0efc96149f

    SHA1

    d19ef611f524cbcd3b81388894cb747c48020656

    SHA256

    0e6b9b6397e7f450226bbc08b74afa0344e06d630396d96fa3c0f267f3cd1147

    SHA512

    494833eaf4948f7cab533266daea2ead9b14d5c5e0fdd5b0c0ce639c84d57f27a5685d8e4caae5b373fb4e102a22ece723caf56ed93e06549a6cab696616d172

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Google Dork Searcher v1.0 .exe
    Filesize

    7.2MB

    MD5

    c715e67e7cb9afb0752c219733742657

    SHA1

    d0c58c12bbe62cba5777c89024b582eb0e4d7c22

    SHA256

    9085ced212f5ec31bd648f397b57b1d3202db0ef990d4ecaa31d4a9a21633e5c

    SHA512

    14e7d31117344cf25d5e0a5f57dfc434e309678da00bea1559ee6467612320ffb0cb6a908d63b7c04cbfe8234b1c995bae0ee6f8df8ccc0f74fe5105a8aa4c8a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    Filesize

    356KB

    MD5

    fa0b327abd82686bb9d676a30fa89b46

    SHA1

    a5521f5e8e500f67b183542ffad65b83ebcb186f

    SHA256

    d01728070486e1abbf024db0eeeacf232e02fe326c4c0b762af73f728fc9392d

    SHA512

    ead84a6cbe44be5cb213154cf11f8cbe7cc992563549201500f11cf770e3b57b02da027fc982b436f8eebbfa60088f4dad8e10de1086dbb5781b2b3da004790d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
    Filesize

    63KB

    MD5

    d298454882caac154fc9217fc7e90499

    SHA1

    11970a2f8b9d1153fbc7fe925a846bd95e07e96f

    SHA256

    badaa2312457f3d08ca1f72287989456f9e62d6b417af6fb9b5e39ca1e8c8100

    SHA512

    e28a4d7c827b5c816503ddba4fee0bc82b16a0acb2eed9c81b20bb1b043d69b89cd3a1cf2beafb27a2471b6172f707d53e3c90568636b0c65e484e051dfde86f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
    Filesize

    256KB

    MD5

    c4e4407b5fcf49586ddd5d5573ae4b95

    SHA1

    0f60aaaaac09d4f9273207114fcc78c0bfb250eb

    SHA256

    8f1e6eb0269fbe449678ce4863d494fda78bc648f27ad1c129270575efce4f7a

    SHA512

    95a89aae7f135b3355f2f0f751607742d8dfa5dfb04bf86cad0fff99d6c687a18a2f0be30d92a79d004cba49823c73f0208f40bb5e9cff3b26f72d1fe5f3d47b

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    70B

    MD5

    d7e567ae5203de33887086506dfe9863

    SHA1

    2f12b5d6a9277eb89e2582fa05631646e0a9b236

    SHA256

    0cc680f73de15d57b6e5e5e5b3ae4399d5eb562d05ac15fdc5d2d9ed2b9d3e19

    SHA512

    182366404c69cf42a824804f941054f4a157904dfa6fa49b11f5e9ad72fb19ae7c079a4c0540788c8df630e25eac526e2bbb92e4933772c3bea6fe24380712a9

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    141B

    MD5

    eea55445db1d9707ef21e19c13bcead5

    SHA1

    1163bec113a4e858a09150ccb75fc61b66b00dcc

    SHA256

    48c785a071a5fce8bd4e4c9aec6b9d919562630b59b82144b7efee929313f08b

    SHA512

    bb1d9edede7a690ba2001771925a809a433564889920a6801169513404c2bbbac4c0c7a2841755e46d77036abe1ff87e8dd11ff474fdd8f7a8d791aaf28dff01

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    45B

    MD5

    741026dcef1bb48ebcc8a83ddce6a580

    SHA1

    cd3be9c7763d465149fd0f2f535d9ba163b3cb37

    SHA256

    bdc0687cb6574a76bccaadc8ddeee871a6c94cfccf33a5cd3daf9fca075f80bb

    SHA512

    9753918f08b80449382ed6e034e32ca4b4274379325ffb84778d94f142bb24a541fb32b053843660a54488ba6f7e91158da9e2e64665649892c72a0af1beeb2a

    Download Submit

  • C:\Windows\directx.sys
    Filesize

    48B

    MD5

    c12f89eb91550e7e53d2b1dda9d811e5

    SHA1

    bbe09ac95e2091f1248e717de098640827d6ead8

    SHA256

    6250d93aede466ad82ce91c91911a254566856b089237927cb80ed5c5f9695e0

    SHA512

    a17ef1694a47d49ab753599f87a6a2bc83842ae630214e25d151f566fa894342c64f750904829f7a5df02613554db422c99555efd71bcdbb1dd3388b3d615c33

    Download Submit

  • C:\Windows\svchost.com
    Filesize

    40KB

    MD5

    0be604ce6cb13ac46c5f5fa37c9abb41

    SHA1

    1c4a555867778586b2727fa6f7331510b93234a8

    SHA256

    efb23890eba9d105120819fe1c25da2e314a9e10618aa2dd40a97c8a9dd79bdd

    SHA512

    06cdf862c495b99520e946b59a8721bfa4d89be284bcf9c155a38a1b25c281cc4d580d2af791034ef6c04c4a677ecaa56205ba21d740980d7985d45432038f21

    Download Submit

  • memory/1008-287-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1008-299-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1008-301-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1008-307-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2916-265-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3108-17-0x000000001C510000-0x000000001C9DE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/3108-14-0x00007FFC86DA0000-0x00007FFC87741000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3108-13-0x000000001BF90000-0x000000001C036000-memory.dmp

    Filesize

    664KB

    Download

  • memory/3108-12-0x00007FFC87055000-0x00007FFC87056000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3108-20-0x00007FFC86DA0000-0x00007FFC87741000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3108-105-0x00007FFC86DA0000-0x00007FFC87741000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3108-22-0x000000001CA80000-0x000000001CB1C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3664-295-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4232-296-0x0000000001940000-0x000000000194A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4408-140-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4500-49-0x00007FFC86DA0000-0x00007FFC87741000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4500-264-0x00007FFC86DA0000-0x00007FFC87741000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4624-150-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4928-300-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4928-297-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4928-304-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4928-306-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/6112-266-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download