asyncrat | hxxps://s3[.]us-east-1[.]wasabisys[.]com/vxugmwdb/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

Analysis

max time kernel
67s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2025, 17:28

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://s3.us-east-1.wasabisys.com/vxugmwdb/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

Malware Config

Extracted

Family

xworm

assistance-arbitration.gl.at.ply.gg:12152

147.185.221.27:31149

w-bridal.gl.at.ply.gg:48095

147.185.221.22:47930

127.0.0.1:47930

Attributes

Install_directory
%AppData%
install_file
svchost.exe

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

1.tcp.ap.ngrok.io:21049

ratlordvc.ddns.net:6606

96.248.52.125:8031

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
chrome.exe
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

Version

3.1

46.8.194.222:4040

Attributes

Install_directory
%AppData%
install_file
USB.exe

Extracted

Family

stealc

Botnet

QQtalk

http://154.216.17.90

Attributes

url_path
/a48146f6763ef3af.php

Extracted

Family

asyncrat

Version

| CRACKED BY https://t.me/xworm_v2

Botnet

SolaraFake

anyone-blogging.gl.at.ply.gg:22284

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
Windows.exe
install_folder
%Temp%

aes.plain

Extracted

Family

quasar

Version

1.4.0

Botnet

svhost

151.177.61.79:4782

Mutex

a148a6d8-1253-4e62-bc5f-c0242dd62e69

Attributes

encryption_key
5BEC1A8BC6F8F695D1337C51454E0B7F3A4FE968
install_name
svhost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svhost
subdirectory
svhost

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

2.tcp.eu.ngrok.io:19695

127.0.0.1:3232

jvjv2044duck33.duckdns.org:8808

Mutex

gonq3XlXWgiz

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

Version

5.0

they-mailed.gl.at.ply.gg:34942:34942

they-mailed.gl.at.ply.gg:34942

Mutex

OG4zPFx3km5rwbhp

Attributes

Install_directory
%ProgramData%
install_file
Wiindows Defender.exe

aes.plain

Extracted

Family

metasploit

Version

windows/reverse_tcp

167.250.49.155:445

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

82.193.104.21:5137

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Extracted

Family

redline

Botnet

first

212.56.41.77:1912

Extracted

Family

stealc

Botnet

Voov

http://154.216.17.90

Attributes

url_path
/a48146f6763ef3af.php

Extracted

Family

lumma

https://bexarthynature.run/api

https://hardswarehub.today/api

https://gadgethgfub.icu/api

https://hardrwarehaven.run/api

https://techmindzs.live/api

https://codxefusion.top/api

https://bquietswtreams.life/api

https://techspherxe.top/api

https://earthsymphzony.today/api

https://zestmodp.top/zeda

https://jawdedmirror.run/ewqd

https://changeaie.top/geps

https://lonfgshadow.live/xawi

https://liftally.top/xasj

https://nighetwhisper.top/lekd

https://salaccgfa.top/gsooz

https://owlflright.digital/qopy

Extracted

Family

quasar

Version

1.4.1

Botnet

kazeku

kazeku.ddns.net:4782

kazeku.linkpc.net:4782

139.99.66.103:4782

182.253.58.227:4782

0.tcp.ap.ngrok.io:10431

Mutex

7fb11f4b-e530-407c-a46c-8834ab5c4f45

Attributes

encryption_key
2E002E0BA1D95CECCDECD8F8B383C3F7C76A7FD7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
kazeku
subdirectory
kazeku

Extracted

Family

darkcomet

Botnet

Guest16

jvjv2044duck33.duckdns.org:1604

Mutex

DC_MUTEX-CK7UE3N

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
Jp74nsvbhc4i
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

rc4.plain

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

Extazz24535-22930.portmap.host:22930

192.168.100.10:4782

Mutex

89f58ee5-7af9-42de-843f-2a331a641e3f

Attributes

encryption_key
CD4F349DEB46AEE10C2FE886E5B2BD7A766723CE
install_name
2klz.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

connectdadad.ddns.net:4782

Mutex

e862a94f-5f45-4b8c-89de-f84dadb095d0

Attributes

encryption_key
23E5F6D22FEE1750D36544A759A48349B064BC34
install_name
PerfWatson1.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svhost
subdirectory
KDOT

Extracted

Family

quasar

Version

1.4.1

Botnet

Main

tpinauskas-54803.portmap.host:54803

Mutex

8422dcc2-b8bd-4080-a017-5b62524b6546

Attributes

encryption_key
2EFF7393DC1BD9FBDDD61A780B994B8166BAB8EC
install_name
Win64.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Win64
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

Hubert Pilarczyk

pawela827-35962.portmap.host:35962

Mutex

ca431979-125b-480f-adac-43c48c1e1832

Attributes

encryption_key
39F4E87BBB832270AC54CA5065E707DFB3689A56
install_name
vsjitdebuggerui.exe
log_directory
CEF
reconnect_delay
3000
startup_key
Proces hosta dla zadań systemu Windows
subdirectory
3880

Extracted

Family

azorult

http://195.245.112.115/index.php

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
trojan infostealer azorult
Azorult family
azorult
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Detect Xworm Payload 14 IoCs

resource	yara_rule
behavioral1/files/0x0003000000000749-2269.dat	family_xworm
behavioral1/memory/8688-2275-0x0000000000FD0000-0x0000000000FE6000-memory.dmp	family_xworm
behavioral1/files/0x000300000000074f-2285.dat	family_xworm
behavioral1/memory/8232-2305-0x00000000005E0000-0x00000000005F6000-memory.dmp	family_xworm
behavioral1/files/0x001700000001da59-2326.dat	family_xworm
behavioral1/files/0x000300000001e0c5-2336.dat	family_xworm
behavioral1/memory/9792-2347-0x0000000000DF0000-0x0000000000E0A000-memory.dmp	family_xworm
behavioral1/memory/9976-2358-0x0000000000CB0000-0x0000000000CE0000-memory.dmp	family_xworm
behavioral1/memory/10828-2479-0x0000000000600000-0x0000000000610000-memory.dmp	family_xworm
behavioral1/files/0x000c0000000218ed-2403.dat	family_xworm
behavioral1/memory/12008-2725-0x0000000000400000-0x0000000000440000-memory.dmp	family_xworm
behavioral1/files/0x0003000000023785-2909.dat	family_xworm
behavioral1/files/0x00040000000237f6-3129.dat	family_xworm
behavioral1/memory/13360-3117-0x0000000000040000-0x000000000005A000-memory.dmp	family_xworm

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz
Mimikatz family
mimikatz
Njrat family
njrat
Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 19 IoCs

resource	yara_rule
behavioral1/files/0x000f00000001e749-2363.dat	family_quasar
behavioral1/memory/10420-2433-0x0000000000B90000-0x0000000000C14000-memory.dmp	family_quasar
behavioral1/files/0x000300000000073f-2804.dat	family_quasar
behavioral1/files/0x0002000000023294-2717.dat	family_quasar
behavioral1/files/0x0009000000022f08-2693.dat	family_quasar
behavioral1/files/0x00030000000237d4-2993.dat	family_quasar
behavioral1/memory/10684-2980-0x0000000000BB0000-0x0000000000ED4000-memory.dmp	family_quasar
behavioral1/files/0x000500000001da63-2959.dat	family_quasar
behavioral1/files/0x000200000001e750-2929.dat	family_quasar
behavioral1/memory/12836-2887-0x0000000000C90000-0x0000000000FB4000-memory.dmp	family_quasar
behavioral1/memory/12696-2890-0x0000000000AC0000-0x0000000000DE4000-memory.dmp	family_quasar
behavioral1/files/0x00020000000235b0-3086.dat	family_quasar
behavioral1/files/0x00030000000237eb-3274.dat	family_quasar
behavioral1/files/0x0004000000023814-3249.dat	family_quasar
behavioral1/files/0x00030000000237e8-3232.dat	family_quasar
behavioral1/memory/13776-3290-0x00000000009D0000-0x0000000000CF4000-memory.dmp	family_quasar
behavioral1/memory/14068-3289-0x0000000000940000-0x0000000000C80000-memory.dmp	family_quasar
behavioral1/memory/14352-3330-0x00000000007F0000-0x0000000000B14000-memory.dmp	family_quasar
behavioral1/files/0x00040000000237f5-3310.dat	family_quasar

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00020000000235aa-2636.dat	family_redline
behavioral1/memory/12212-2740-0x0000000000110000-0x0000000000162000-memory.dmp	family_redline

Redline family
redline
Stealc
Stealc is an infostealer written in C++.
stealer stealc
Stealc family
stealc
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Async RAT payload 8 IoCs

rat

resource	yara_rule
behavioral1/files/0x000500000001da48-2295.dat	family_asyncrat
behavioral1/files/0x000700000001da1b-2381.dat	family_asyncrat
behavioral1/files/0x00020000000234d0-2464.dat	family_asyncrat
behavioral1/files/0x00020000000234ad-2489.dat	family_asyncrat
behavioral1/files/0x0002000000022053-2455.dat	family_asyncrat
behavioral1/files/0x000200000002359c-2570.dat	family_asyncrat
behavioral1/files/0x00040000000237d0-2945.dat	family_asyncrat
behavioral1/files/0x00040000000237ea-3221.dat	family_asyncrat

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
behavioral1/files/0x00050000000237a8-3054.dat	mimikatz

Downloads MZ/PE file 3 IoCs

flow	pid	Process
271	4832	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
271	4832	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
26	5880	msedge.exe

Modifies Windows Firewall 2 TTPs 3 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
12492	netsh.exe
8700	netsh.exe
12980	netsh.exe

Executes dropped EXE 15 IoCs

pid	Process
4832	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
2300	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
1476	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
7056	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
6904	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
3376	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
1332	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
4608	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
4568	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
4108	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
4940	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
3312	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
2824	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
2468	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
4416	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 50 IoCs

Web Service

T1102

flow	ioc
429	raw.githubusercontent.com
551	raw.githubusercontent.com
587	raw.githubusercontent.com
652	raw.githubusercontent.com
465	raw.githubusercontent.com
334	raw.githubusercontent.com
371	raw.githubusercontent.com
379	raw.githubusercontent.com
397	raw.githubusercontent.com
581	2.tcp.eu.ngrok.io
271	raw.githubusercontent.com
325	raw.githubusercontent.com
349	raw.githubusercontent.com
398	raw.githubusercontent.com
513	raw.githubusercontent.com
555	raw.githubusercontent.com
320	raw.githubusercontent.com
341	raw.githubusercontent.com
363	raw.githubusercontent.com
378	raw.githubusercontent.com
392	raw.githubusercontent.com
602	raw.githubusercontent.com
609	raw.githubusercontent.com
645	raw.githubusercontent.com
321	raw.githubusercontent.com
394	raw.githubusercontent.com
535	raw.githubusercontent.com
333	raw.githubusercontent.com
347	raw.githubusercontent.com
400	raw.githubusercontent.com
420	raw.githubusercontent.com
435	raw.githubusercontent.com
470	raw.githubusercontent.com
505	raw.githubusercontent.com
526	raw.githubusercontent.com
260	raw.githubusercontent.com
367	raw.githubusercontent.com
431	raw.githubusercontent.com
474	raw.githubusercontent.com
485	raw.githubusercontent.com
534	raw.githubusercontent.com
624	raw.githubusercontent.com
630	raw.githubusercontent.com
290	raw.githubusercontent.com
362	raw.githubusercontent.com
495	raw.githubusercontent.com
516	raw.githubusercontent.com
519	raw.githubusercontent.com
641	raw.githubusercontent.com
385	raw.githubusercontent.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
434	api.ipify.org
441	api.ipify.org
449	ip-api.com

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x00060000000236c1-2684.dat	autoit_exe
behavioral1/files/0x000200000001e9b6-2630.dat	autoit_exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000200000001e9b4-2425.dat	upx
behavioral1/memory/10976-2459-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x00040000000237be-2831.dat	upx
behavioral1/files/0x00030000000237a5-2731.dat	upx
behavioral1/memory/13120-2934-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/12756-3075-0x0000000000D80000-0x0000000000D8D000-memory.dmp	upx
behavioral1/memory/15276-3353-0x0000000000A00000-0x000000000157D000-memory.dmp	upx
behavioral1/memory/13120-3383-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_3100_1396804726\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_91_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3100_706148397\_locales\kk\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000400000000073d-3106.dat	pyinstaller

Program crash 5 IoCs

pid	pid_target	Process	procid_target
12636	12160	WerFault.exe	348
14164	13028	WerFault.exe	369
14196	9544	WerFault.exe	284
13956	14032	WerFault.exe	408
13912	12008	WerFault.exe	357

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe

Checks processor information in registry 2 TTPs 28 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
13224	taskkill.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133897301684955293"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{D2C9EE13-F38A-40B6-927A-59A78306D412}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{99A9ECC0-1B87-4790-9391-5499F560337B}	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
11956	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeDebugPrivilege	3736	firefox.exe
Token: SeDebugPrivilege	3736	firefox.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeDebugPrivilege	4832	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	2300	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	1476	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	7056	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	6904	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	3376	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	1332	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	4608	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	4568	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	4108	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	4940	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	3312	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	2824	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	2468	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
3736	firefox.exe
3100	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe
3736	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 4356	3100	msedge.exe	86
PID 3100 wrote to memory of 4356	3100	msedge.exe	86
PID 3100 wrote to memory of 5880	3100	msedge.exe	87
PID 3100 wrote to memory of 5880	3100	msedge.exe	87
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5844	3100	msedge.exe	88
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89
PID 3100 wrote to memory of 5536	3100	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://s3.us-east-1.wasabisys.com/vxugmwdb/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x330,0x7fff0d2cf208,0x7fff0d2cf214,0x7fff0d2cf220
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2324,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:2
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2592,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5016,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5232,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6608,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6636,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=4824,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=3924,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=4800,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3588,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3752,i,16506012785185056563,17529064741020156186,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:8
  2⤵
  PID:6728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7fff0d2cf208,0x7fff0d2cf214,0x7fff0d2cf220
    3⤵
    PID:432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
    3⤵
    PID:2344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    PID:7068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2372,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=2860 /prefetch:8
    3⤵
    PID:6568
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
    3⤵
    PID:7044
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
    3⤵
    PID:6880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4524,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
    3⤵
    PID:6424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4508,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=4588 /prefetch:8
    3⤵
    PID:7468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
    3⤵
    PID:7476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4564,i,8706541483780796315,4726222591347021309,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
    3⤵
    PID:7484

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:8

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5556
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2020 -prefsLen 27099 -prefMapHandle 2024 -prefMapSize 270279 -ipcHandle 2100 -initialChannelId {922ed799-1765-4530-acda-7cc75870ba1c} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:3396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2480 -prefsLen 27135 -prefMapHandle 2484 -prefMapSize 270279 -ipcHandle 2492 -initialChannelId {74215dff-a65e-4b79-a7c4-2480907a8334} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:1872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3824 -prefsLen 27276 -prefMapHandle 3828 -prefMapSize 270279 -jsInitHandle 3832 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3840 -initialChannelId {dd0431d5-6130-459e-8773-b10264c9e57d} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:4648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4004 -prefsLen 27276 -prefMapHandle 4008 -prefMapSize 270279 -ipcHandle 4084 -initialChannelId {b9a28377-726c-4b45-8bb3-eee13304e2b4} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4432 -prefsLen 34775 -prefMapHandle 4436 -prefMapSize 270279 -jsInitHandle 4440 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4448 -initialChannelId {602d3d88-652b-430f-828f-1aa670e4b8f7} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4424 -prefsLen 35012 -prefMapHandle 3100 -prefMapSize 270279 -ipcHandle 4856 -initialChannelId {cea717e4-55af-43d0-aed7-c2cf557b2529} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:6152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5096 -prefsLen 32900 -prefMapHandle 5100 -prefMapSize 270279 -jsInitHandle 5104 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5116 -initialChannelId {4be92637-eb15-44c0-aa6e-f64658579dd2} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:6328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5132 -prefsLen 32900 -prefMapHandle 5136 -prefMapSize 270279 -jsInitHandle 5140 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5148 -initialChannelId {88e039e1-6f71-4377-b374-7ff2de3690a9} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:6336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5436 -prefsLen 32952 -prefMapHandle 5432 -prefMapSize 270279 -jsInitHandle 5428 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5420 -initialChannelId {6c2c0648-b9d2-4c28-8cdf-c6fbc83101d0} -parentPid 3736 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3736" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:6560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffee9dddcf8,0x7ffee9dddd04,0x7ffee9dddd10
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1620,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2204,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2100,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3256,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4332,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4356 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,4163414599956768498,15050485641065934413,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:6164

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6676

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:684

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Downloads MZ/PE file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4832
- C:\Users\Admin\Desktop\Files\connector1.exe
  "C:\Users\Admin\Desktop\Files\connector1.exe"
  2⤵
  PID:6236
- C:\Users\Admin\Desktop\Files\javaw.exe
  "C:\Users\Admin\Desktop\Files\javaw.exe"
  2⤵
  PID:13396
- - C:\Users\Admin\AppData\Local\Temp\exeDD0D.tmp
    "C:\Users\Admin\AppData\Local\Temp\exeDD0D.tmp"
    3⤵
    PID:15276

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2300
- C:\Users\Admin\Desktop\Files\kololololo.exe
  "C:\Users\Admin\Desktop\Files\kololololo.exe"
  2⤵
  PID:10596

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1476
- C:\Users\Admin\Desktop\Files\XClient.exe
  "C:\Users\Admin\Desktop\Files\XClient.exe"
  2⤵
  PID:8688
- C:\Users\Admin\Desktop\Files\support.client.exe
  "C:\Users\Admin\Desktop\Files\support.client.exe"
  2⤵
  PID:8676
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
    3⤵
    PID:9592
- C:\Users\Admin\Desktop\Files\VClientssss.exe
  "C:\Users\Admin\Desktop\Files\VClientssss.exe"
  2⤵
  PID:9976

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:7056
- C:\Users\Admin\Desktop\Files\Server.exe
  "C:\Users\Admin\Desktop\Files\Server.exe"
  2⤵
  PID:9492
- C:\Users\Admin\Desktop\Files\AsyncClient.exe
  "C:\Users\Admin\Desktop\Files\AsyncClient.exe"
  2⤵
  PID:12152

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6904

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3376
- C:\Users\Admin\Desktop\Files\prueba.exe
  "C:\Users\Admin\Desktop\Files\prueba.exe"
  2⤵
  PID:15156

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1332
- C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe
  "C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"
  2⤵
  PID:10976
- C:\Users\Admin\Desktop\Files\done12312.exe
  "C:\Users\Admin\Desktop\Files\done12312.exe"
  2⤵
  PID:12160
- - C:\Users\Admin\Desktop\Files\done12312.exe
    "C:\Users\Admin\Desktop\Files\done12312.exe"
    3⤵
    PID:12008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 12008 -s 1460
      4⤵
      Program crash
      PID:13912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 12160 -s 792
    3⤵
    - Program crash
    PID:12636
- C:\Users\Admin\Desktop\Files\DriverFixerProSetup_STD-SILENT.3.exe
  "C:\Users\Admin\Desktop\Files\DriverFixerProSetup_STD-SILENT.3.exe"
  2⤵
  PID:15244

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4608
- C:\Users\Admin\Desktop\Files\MS14-068.exe
  "C:\Users\Admin\Desktop\Files\MS14-068.exe"
  2⤵
  PID:15356

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4568
- C:\Users\Admin\Desktop\Files\ENP.exe
  "C:\Users\Admin\Desktop\Files\ENP.exe"
  2⤵
  PID:8216
- C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe
  "C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe"
  2⤵
  PID:12900
- - C:\Users\Admin\AppData\Local\Temp\is-HVUCB.tmp\tacticalagent-v2.8.0-windows-amd64.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-HVUCB.tmp\tacticalagent-v2.8.0-windows-amd64.tmp" /SL5="$10934,3652845,825344,C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe"
    3⤵
    PID:14400

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4108
- C:\Users\Admin\Desktop\Files\Cloudy.exe
  "C:\Users\Admin\Desktop\Files\Cloudy.exe"
  2⤵
  PID:8232
- C:\Users\Admin\Desktop\Files\ExtremeInjector.exe
  "C:\Users\Admin\Desktop\Files\ExtremeInjector.exe"
  2⤵
  PID:10944
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    3⤵
    PID:13452
- C:\Users\Admin\Desktop\Files\1.exe
  "C:\Users\Admin\Desktop\Files\1.exe"
  2⤵
  PID:11260
- C:\Users\Admin\Desktop\Files\Steanings.exe
  "C:\Users\Admin\Desktop\Files\Steanings.exe"
  2⤵
  PID:12212
- C:\Users\Admin\Desktop\Files\Petya.A.exe
  "C:\Users\Admin\Desktop\Files\Petya.A.exe"
  2⤵
  PID:2660
- C:\Users\Admin\Desktop\Files\trojan.exe
  "C:\Users\Admin\Desktop\Files\trojan.exe"
  2⤵
  PID:13756
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 900
    3⤵
    PID:13880
- C:\Users\Admin\Desktop\Files\pt.exe
  "C:\Users\Admin\Desktop\Files\pt.exe"
  2⤵
  PID:14888

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4940
- C:\Users\Admin\Desktop\Files\TrainJX2.exe
  "C:\Users\Admin\Desktop\Files\TrainJX2.exe"
  2⤵
  PID:15092

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3312
- C:\Users\Admin\Desktop\Files\Client.exe
  "C:\Users\Admin\Desktop\Files\Client.exe"
  2⤵
  PID:7704
- - C:\Users\Admin\AppData\Local\Temp\WindowsServices.exe
    "C:\Users\Admin\AppData\Local\Temp\WindowsServices.exe"
    3⤵
    PID:11512
- C:\Users\Admin\Desktop\Files\Client-built8.exe
  "C:\Users\Admin\Desktop\Files\Client-built8.exe"
  2⤵
  PID:10684
- C:\Users\Admin\Desktop\Files\pornhub_downloader.exe
  "C:\Users\Admin\Desktop\Files\pornhub_downloader.exe"
  2⤵
  PID:15068

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2824
- C:\Users\Admin\Desktop\Files\ChromeSetup.exe
  "C:\Users\Admin\Desktop\Files\ChromeSetup.exe"
  2⤵
  PID:13200
- - C:\Program Files (x86)\GUMBD7F.tmp\GoogleUpdate.exe
    "C:\Program Files (x86)\GUMBD7F.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={48FC499B-357D-F9BB-46E5-170BFBA88A76}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
    3⤵
    PID:4552

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2468
- C:\Users\Admin\Desktop\Files\svchost.exe
  "C:\Users\Admin\Desktop\Files\svchost.exe"
  2⤵
  PID:13360

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Executes dropped EXE
PID:4416
- C:\Users\Admin\Desktop\Files\Discord.exe
  "C:\Users\Admin\Desktop\Files\Discord.exe"
  2⤵
  PID:10364
- C:\Users\Admin\Desktop\Files\Updater.exe
  "C:\Users\Admin\Desktop\Files\Updater.exe"
  2⤵
  PID:13024
- C:\Users\Admin\Desktop\Files\evetbeta.exe
  "C:\Users\Admin\Desktop\Files\evetbeta.exe"
  2⤵
  PID:15128

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6468
- C:\Users\Admin\Desktop\Files\GoodFrag.exe
  "C:\Users\Admin\Desktop\Files\GoodFrag.exe"
  2⤵
  PID:11196

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7140
- C:\Users\Admin\Desktop\Files\kali_tools.exe
  "C:\Users\Admin\Desktop\Files\kali_tools.exe"
  2⤵
  PID:12144
- C:\Users\Admin\Desktop\Files\alex12312.exe
  "C:\Users\Admin\Desktop\Files\alex12312.exe"
  2⤵
  PID:13028
- - C:\Users\Admin\Desktop\Files\alex12312.exe
    "C:\Users\Admin\Desktop\Files\alex12312.exe"
    3⤵
    PID:12888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 13028 -s 804
    3⤵
    - Program crash
    PID:14164

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6228
- C:\Users\Admin\Desktop\Files\Solara_Protect.exe
  "C:\Users\Admin\Desktop\Files\Solara_Protect.exe"
  2⤵
  PID:10660
- C:\Users\Admin\Desktop\Files\esign-app.exe
  "C:\Users\Admin\Desktop\Files\esign-app.exe"
  2⤵
  PID:9820
- - C:\Users\Admin\AppData\Local\Temp\is-8D28V.tmp\esign-app.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-8D28V.tmp\esign-app.tmp" /SL5="$108AE,1592193,247808,C:\Users\Admin\Desktop\Files\esign-app.exe"
    3⤵
    PID:7748

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:1720
- C:\Users\Admin\Desktop\Files\s.exe
  "C:\Users\Admin\Desktop\Files\s.exe"
  2⤵
  PID:10828
- C:\Users\Admin\Desktop\Files\whats-new.exe
  "C:\Users\Admin\Desktop\Files\whats-new.exe"
  2⤵
  PID:11240
- C:\Users\Admin\Desktop\Files\gron12321.exe
  "C:\Users\Admin\Desktop\Files\gron12321.exe"
  2⤵
  PID:12308

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:4360

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:1620
- C:\Users\Admin\Desktop\Files\Client-built-woprkingfr.exe
  "C:\Users\Admin\Desktop\Files\Client-built-woprkingfr.exe"
  2⤵
  PID:12696

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:2152
- C:\Users\Admin\Desktop\Files\FreeYoutubeDownloader.exe
  "C:\Users\Admin\Desktop\Files\FreeYoutubeDownloader.exe"
  2⤵
  PID:12188

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:4124

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:2936
- C:\Users\Admin\Desktop\Files\cHSzTDjVl.exe
  "C:\Users\Admin\Desktop\Files\cHSzTDjVl.exe"
  2⤵
  PID:3000
- C:\Users\Admin\Desktop\Files\donut.exe
  "C:\Users\Admin\Desktop\Files\donut.exe"
  2⤵
  PID:12052

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5356
- C:\Users\Admin\Desktop\Files\fern_wifi_recon%252.34.exe
  "C:\Users\Admin\Desktop\Files\fern_wifi_recon%252.34.exe"
  2⤵
  PID:10648

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6912

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:4276
- C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe
  "C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe"
  2⤵
  PID:12456
- - C:\Users\Admin\AppData\Local\Temp\is-R19EK.tmp\SrbijaSetupHokej.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-R19EK.tmp\SrbijaSetupHokej.tmp" /SL5="$1085E,3939740,937984,C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe"
    3⤵
    PID:13248
- C:\Users\Admin\Desktop\Files\downloader.exe
  "C:\Users\Admin\Desktop\Files\downloader.exe"
  2⤵
  PID:10524
- C:\Users\Admin\Desktop\Files\CrSpoof.exe
  "C:\Users\Admin\Desktop\Files\CrSpoof.exe"
  2⤵
  PID:15108

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5792
- C:\Users\Admin\Desktop\Files\svhost.exe
  "C:\Users\Admin\Desktop\Files\svhost.exe"
  2⤵
  PID:10420
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "svhost" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\svhost.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:11956
- C:\Users\Admin\Desktop\Files\kollfdsf.exe
  "C:\Users\Admin\Desktop\Files\kollfdsf.exe"
  2⤵
  PID:11556
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:13656

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5800
- C:\Users\Admin\Desktop\Files\Amogus.exe
  "C:\Users\Admin\Desktop\Files\Amogus.exe"
  2⤵
  PID:14068

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7204
- C:\Users\Admin\Desktop\Files\k360.exe
  "C:\Users\Admin\Desktop\Files\k360.exe"
  2⤵
  PID:12220
- C:\Users\Admin\Desktop\Files\NdisInstaller3.2.32.1.exe
  "C:\Users\Admin\Desktop\Files\NdisInstaller3.2.32.1.exe"
  2⤵
  PID:14896

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7284
- C:\Users\Admin\Desktop\Files\sharp.exe
  "C:\Users\Admin\Desktop\Files\sharp.exe"
  2⤵
  PID:9544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 2176
    3⤵
    - Program crash
    PID:14196
- C:\Users\Admin\Desktop\Files\perviy.exe
  "C:\Users\Admin\Desktop\Files\perviy.exe"
  2⤵
  PID:9624
- C:\Users\Admin\Desktop\Files\Amadey.2.exe
  "C:\Users\Admin\Desktop\Files\Amadey.2.exe"
  2⤵
  PID:10884
- C:\Users\Admin\Desktop\Files\VC_redist.x64.exe
  "C:\Users\Admin\Desktop\Files\VC_redist.x64.exe"
  2⤵
  PID:15212

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7384
- C:\Users\Admin\Desktop\Files\access.exe
  "C:\Users\Admin\Desktop\Files\access.exe"
  2⤵
  PID:10960
- C:\Users\Admin\Desktop\Files\ddosziller.exe
  "C:\Users\Admin\Desktop\Files\ddosziller.exe"
  2⤵
  PID:5352
- C:\Users\Admin\Desktop\Files\eric.exe
  "C:\Users\Admin\Desktop\Files\eric.exe"
  2⤵
  PID:11952
- C:\Users\Admin\Desktop\Files\smell-the-roses.exe
  "C:\Users\Admin\Desktop\Files\smell-the-roses.exe"
  2⤵
  PID:11252

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7528
- C:\Users\Admin\Desktop\Files\00.exe
  "C:\Users\Admin\Desktop\Files\00.exe"
  2⤵
  PID:11944

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7660
- C:\Users\Admin\Desktop\Files\wudi.exe
  "C:\Users\Admin\Desktop\Files\wudi.exe"
  2⤵
  PID:13112
- C:\Users\Admin\Desktop\Files\VsGraphicsResources.exe
  "C:\Users\Admin\Desktop\Files\VsGraphicsResources.exe"
  2⤵
  PID:14352

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7804
- C:\Users\Admin\Desktop\Files\ZipUnlocker.exe
  "C:\Users\Admin\Desktop\Files\ZipUnlocker.exe"
  2⤵
  PID:15052

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7924
- C:\Users\Admin\Desktop\Files\LinkedinTuVanDat.exe
  "C:\Users\Admin\Desktop\Files\LinkedinTuVanDat.exe"
  2⤵
  PID:8888
- C:\Users\Admin\Desktop\Files\Krishna33.exe
  "C:\Users\Admin\Desktop\Files\Krishna33.exe"
  2⤵
  PID:8764
- C:\Users\Admin\Desktop\Files\InstructionalPostings.exe
  "C:\Users\Admin\Desktop\Files\InstructionalPostings.exe"
  2⤵
  PID:10928
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c expand Laptop.midi Laptop.midi.bat & Laptop.midi.bat
    3⤵
    PID:15172
- C:\Users\Admin\Desktop\Files\MEMZ.exe
  "C:\Users\Admin\Desktop\Files\MEMZ.exe"
  2⤵
  PID:10532
- C:\Users\Admin\Desktop\Files\g354ff43hj67.exe
  "C:\Users\Admin\Desktop\Files\g354ff43hj67.exe"
  2⤵
  PID:13160

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8020
- C:\Users\Admin\Desktop\Files\Client-built.exe
  "C:\Users\Admin\Desktop\Files\Client-built.exe"
  2⤵
  PID:13776
- C:\Users\Admin\Desktop\Files\PowerRat.exe
  "C:\Users\Admin\Desktop\Files\PowerRat.exe"
  2⤵
  PID:15220

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8124
- C:\Users\Admin\Desktop\Files\Network.exe
  "C:\Users\Admin\Desktop\Files\Network.exe"
  2⤵
  PID:9792
- C:\Users\Admin\Desktop\Files\loader.exe
  "C:\Users\Admin\Desktop\Files\loader.exe"
  2⤵
  PID:15084

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7560
- C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe
  "C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe"
  2⤵
  PID:10184
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe" "mos%20ssssttttt.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:12492
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall delete allowedprogram "C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe"
    3⤵
    - Modifies Windows Firewall
    PID:12980
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe" "mos%20ssssttttt.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:8700
- C:\Users\Admin\Desktop\Files\2klz.exe
  "C:\Users\Admin\Desktop\Files\2klz.exe"
  2⤵
  PID:12836
- C:\Users\Admin\Desktop\Files\alphaTweaks.exe
  "C:\Users\Admin\Desktop\Files\alphaTweaks.exe"
  2⤵
  PID:11896
- C:\Users\Admin\Desktop\Files\brbotnet.exe
  "C:\Users\Admin\Desktop\Files\brbotnet.exe"
  2⤵
  PID:15184

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7940

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7552
- C:\Users\Admin\Desktop\Files\random.exe
  "C:\Users\Admin\Desktop\Files\random.exe"
  2⤵
  PID:12228
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM firefox.exe /T
    3⤵
    - Kills process with taskkill
    PID:13224

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8280
- C:\Users\Admin\Desktop\Files\file5.exe
  "C:\Users\Admin\Desktop\Files\file5.exe"
  2⤵
  PID:10820
- - C:\Program Files (x86)\ULTIME MULTIHACK REBORN.EXE
    "C:\Program Files (x86)\ULTIME MULTIHACK REBORN.EXE"
    3⤵
    PID:7708
- - C:\Program Files (x86)\VLC1.EXE
    "C:\Program Files (x86)\VLC1.EXE"
    3⤵
    PID:13120
  - - C:\Windows\SysWOW64\notepad.exe
      notepad
      4⤵
      PID:13064
- - C:\Program Files (x86)\WINDOWS DEFENDER.EXE
    "C:\Program Files (x86)\WINDOWS DEFENDER.EXE"
    3⤵
    PID:14032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 14032 -s 748
      4⤵
      Program crash
      PID:13956
- C:\Users\Admin\Desktop\Files\Google%20Chrome.exe
  "C:\Users\Admin\Desktop\Files\Google%20Chrome.exe"
  2⤵
  PID:11584
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8C8B.tmp\8C8C.tmp\8C8D.bat C:\Users\Admin\Desktop\Files\Google%20Chrome.exe"
    3⤵
    PID:15028
- C:\Users\Admin\Desktop\Files\nedux.exe
  "C:\Users\Admin\Desktop\Files\nedux.exe"
  2⤵
  PID:12468
- C:\Users\Admin\Desktop\Files\assignment.exe
  "C:\Users\Admin\Desktop\Files\assignment.exe"
  2⤵
  PID:12756
- C:\Users\Admin\Desktop\Files\Destover.exe
  "C:\Users\Admin\Desktop\Files\Destover.exe"
  2⤵
  PID:15120

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8460

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8500
- C:\Users\Admin\Desktop\Files\njrat.exe
  "C:\Users\Admin\Desktop\Files\njrat.exe"
  2⤵
  PID:3332
- C:\Users\Admin\Desktop\Files\shell.exe
  "C:\Users\Admin\Desktop\Files\shell.exe"
  2⤵
  PID:12000

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8640
- C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe
  "C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"
  2⤵
  PID:12168
- C:\Users\Admin\Desktop\Files\TORRENTOLD-1.exe
  "C:\Users\Admin\Desktop\Files\TORRENTOLD-1.exe"
  2⤵
  PID:13128
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:1956

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8772
- C:\Users\Admin\Desktop\Files\testme.exe
  "C:\Users\Admin\Desktop\Files\testme.exe"
  2⤵
  PID:13536
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 900
    3⤵
    PID:13560

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8844
- C:\Users\Admin\Desktop\Files\OOBebroker.exe
  "C:\Users\Admin\Desktop\Files\OOBebroker.exe"
  2⤵
  PID:8104
- C:\Users\Admin\Desktop\Files\tretiy.exe
  "C:\Users\Admin\Desktop\Files\tretiy.exe"
  2⤵
  PID:11852

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8920

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9088
- C:\Users\Admin\Desktop\Files\mmcerts.exe
  "C:\Users\Admin\Desktop\Files\mmcerts.exe"
  2⤵
  PID:15136

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7544
- C:\Users\Admin\Desktop\Files\heo.exe
  "C:\Users\Admin\Desktop\Files\heo.exe"
  2⤵
  PID:14044
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 960
    3⤵
    PID:1008

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9196

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9204

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9272

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9460

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9712

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9772

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9940

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10000

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10020

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9888

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10180

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10548

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10720

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10792

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10800

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10452

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 12160 -ip 12160
1⤵
PID:12976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 13028 -ip 13028
1⤵
PID:12776

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b8c9aee9b4ac4e44aec7b314be8127ab /t 3540 /p 3536
1⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 12008 -ip 12008
1⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 14032 -ip 14032
1⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 9544 -ip 9544
1⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 14164 -ip 14164
1⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 11952 -ip 11952
1⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10452 -ip 10452
1⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 9940 -ip 9940
1⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 10720 -ip 10720
1⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10180 -ip 10180
1⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 10792 -ip 10792
1⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10000 -ip 10000
1⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 9888 -ip 9888
1⤵
PID:14932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 10800 -ip 10800
1⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 10548 -ip 10548
1⤵
PID:8980

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ULTIME MULTIHACK REBORN.EXE

Filesize
86KB

MD5
0739a4b039910c9ecc48661e25279e6e

SHA1
02bf3b0265850bc13e85ac9bb421b88b6babbcaf

SHA256
9df65940d3f2230b276e9ee989f15a94855e07cf2aa04210353f7a9e9a62db4a

SHA512
e8a8876f4cfc2657e2b355b288fb8386e40131aeacc18aba1036ea5e60cf9a571f8da4ead987751db16fba5054d50b3dac9c399e5dff38fc64bf22c4fb3cb92f

Download Submit
C:\Program Files (x86)\VLC1.EXE

Filesize
251KB

MD5
3a0071fc42e1305afa1bc5d3d8233068

SHA1
711402cabd474d742d31509f17b26493683d61d3

SHA256
d41679ada9aabdfd4a55f25a5721d6a5dfbdee53afcf0d1cf319276e28941afa

SHA512
1a0b0bd341fe097f924517e8848d4012a93286402d79cdd67cf2cfc3225bd3785f81d329348ae1e0afc308ea98790dc89872f41cf3e9843a9481512832a403d8

Download Submit
C:\Program Files (x86)\WINDOWS DEFENDER.EXE

Filesize
47KB

MD5
96da127f30d555f809b5a781eeadb5d4

SHA1
6742daf92406b52d5b98fcf3c8b96aca2f691404

SHA256
f2e3e68a10f9f07b031e2fd3d7d73553ee4639a5e1c2a0775ac0a2ddbeff5e53

SHA512
2c7f2d0bfb65e532f1c1068a93f92c2cd17682de70d8ee84cab47d3b3e80f87d97d16e0d41dee027f3381e5abe9d19f8b2604da7769d36243695be1d79b3be52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6cbad3ac-a34a-43cf-b370-61714ef94069.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
4ad0132b0b21a84c60412d9faf896425

SHA1
838422b375aef0233e8ca218e40d277768ac627b

SHA256
1b261c370e3a71e21226f93d7e3a6f8aa6b976a0c5a136dd00adcfb8529385b2

SHA512
5a311df4336f8e2b4d27a2eadd5df61865829c38839b45f8eb81b91e9049dcb78bed3c41a975910b71ee84bf183b42415e00bec7ca11cf89c0955de25cafc32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d4686be98ea0d5a990b8fda1dc9aa207

SHA1
2201bcf3bdd6db77d16978c7a606b7ef1fe56c0c

SHA256
b0ba3966a1b3b06a7f8132dde90dd63487d5b369534f6283a46d2cc379f77616

SHA512
56e668b48723cb1cd0512f1e99ad6edccbedc33c03c9e7bd71618ce3be72cce51c212628d4f82e4d132bc9a15a0bdcc00119cde93c95e4aa64a5cfb20a944e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
afebf1aedcf9f27ca7091c0ee0ee1078

SHA1
f742a1ce1989905e6115fb590a7e1b3617004483

SHA256
97dc44c97e40232ee4fe9974357770d2683d744a12f7ec4c78cc836083bca5d3

SHA512
cef93e890b05103ba9f6a2b6fb43f125f3f89a6cd967c411882cb4b185d38a6e1e08d81f6099520ecfcfe9d18af38c6d4cfc5590ac9f5914329e2a05ccf73ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85aed817ff5b1e2f31e42b174eb4c503

SHA1
549d189736f57cbf75fc569684e57df79c51d16c

SHA256
a51a4482955abc4e47d22ac79a968228ee4d68d1f57e3a4c70a4e099b54888a7

SHA512
963430afe840d1dc4bf5892b3903f58822dfd50a94553450bf0f08a86cca6c49884a67deca7d23cc0d28e6c28a0d4abca29b36d7ff58c6c63530413314844e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
033de3a2095b2045619f3a1d73919fe3

SHA1
7ec560c99ac44777c437a2e2e964d3b058afd993

SHA256
cb6d7cd96cd1c36ba9a65be20fc97b067f0fda3d1ed5e6774b586206655495eb

SHA512
51d847efe2d019ce6ab78c30086f6785353a7e98dc2cc02784c13e4e38e3e0b2d7cfb9d09120b0e49f1943667bca6c377d6d6c381fc445367814ec759c2f72b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
55e1e69f26b646a56304ea618ddde75b

SHA1
e33455961aaaed76eefd0ab5f435451fab725d6e

SHA256
d749788df5d0db77be669cfcfe2f5e0dd2c16e48029480335d6d44660dbcbced

SHA512
a1ed099ad746c9c304d3a0f9046b89656276200c806fb82df7e6fe9d4933700e60ac7e38425e4c4c52fe90bc0f77bddf9481645070cbbacadb0926bc19db082e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d09e.TMP

Filesize
48B

MD5
85427d906a8aa01851041d45473568ec

SHA1
40eb470e209fa2e98f5e2fee18f5c0a259fe2db8

SHA256
c30e15ce409d897fdc0fbb6dcfd7d2c94772bcc9b16d88005adbb4f942f2a75b

SHA512
f304f3019a83a0845e4ff872cf8b38cfec4d6f91e6ddb24bb2d0334778627debcb25307f65678156c2800712231d3efd52a187acb12f412db4bcbd77567e2ee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
2225ec3fc4e122ac6d6f98dc7973830c

SHA1
4e007096c4cb9dadd71689294598111cef240d20

SHA256
bd7a40c59e9ebe7f6da035a5531c1b6882ba67d2d9fe36b437e101c5e2ce4113

SHA512
1171f83a8d96c7b1abd378cd43601b6407eca59033562f515153c354d0ef8d8775fc921db8044d040052f40a0190f4d7590a220d90a691ad0fe7b927d03a64a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
95754de376bec4196b4153d3dd9a2afe

SHA1
6bd7666b8b617e18214551789c20a9c9c2e961c2

SHA256
eb43c8f877cb270f913f66f5e499c614eadbf9c67553f5a7d89c21ad83067af5

SHA512
c5c8d001368b897a7ddc8e3796c948e9ce488de3737fb77fd989fb7d86f30dde275bd8136992615b3184508856b658240dd44f00f58beb3a9520da0134090f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e61eb5f2f28c08fc13017d2619cbd8ee

SHA1
a477f0027afcc208ac09800fadc723a5fd4b77a6

SHA256
a4f15be985049920256da76ec19f0b012c12bdd66433ed66a333f9e487323d04

SHA512
0129dd8da797a2185d7a1c3e3e0cca8431b09e65c169a6cd7a34401d06a0e6a8640d596a60391f1f8662935fcbbb3fd4c8fb07bb8b8770a824130413f7c00a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
35c80a20019204a286c899fd5be74aed

SHA1
4823f895c2f59eae4a6958443ae4024129e1c6cb

SHA256
9f7eb97f6cea40f2f6dadc36297346c62a3e8d309bcdb90f8ffc1707a9ec9754

SHA512
0f47404275cb9907bc0fd5d60ce27d6fa4e9a239e618fbdd9ff85a3df440a521449ad5e9601dfc4760278d40f0e7a7c02c512255a95360b85a0ce63fd9f7ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0084185b676c45582804dc27693ac948

SHA1
0b06ff1f7b0127083f64d0439c6e4bc0a6ff8ab8

SHA256
c32c43b7d6be9a681148f1525ddaaee1e6195391d8da74e872f34734e8402fd4

SHA512
46e250749f754a336ea065d925d599073ae17594ad9325b6bcc1c645405173318352801f39979b3e3a748ffb356b45d54580d648fb0afe9efff4edb2cd345e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
ebd6e44d83a402ab677b3d599b8212f8

SHA1
8ebb712684daeec61dde77f396ecc48388db1f61

SHA256
8e3daa9dbbf93ff4aeb7c778068126e9eef78d99b3da955363eb6a23dd4745a7

SHA512
292596e342fb5361a1fa3cc2f783af0a6c55ba2af65b7474ebf5e72bb56579bc25fa851960d648dbec701d78199af32d10874e186a923818c217784bdca52554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
c9cc82894409847ff255835193650fed

SHA1
1ff387f21d69688c2feca5dc7a80e8bc3dc222f2

SHA256
2652d8363f84f1302668d4ef916f6a80f977fd3291b89f47ce410e0951dd8d9c

SHA512
c3fd2af4df2cf18ed7b42caa90165c3b4e0cfc1ceb0d6456d9bcd44a388ad796fed36750ddc0da4b9034c43c9f98bea2fb2b3013b907b7a87b55a18298e244e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
12.0MB

MD5
dd879a80020f1743d673c963e2a7b09b

SHA1
1b6359bbbd850e9d74b206218d1e1d4dad55b0a7

SHA256
5e681b2587bdd964122284f9f4f1de24b7e3fa70e9ea5b89f372abd3dd30705f

SHA512
920f49bc703a9c30848d45027ad9b3d80dcd5d6e907213bc1fb7e095621887c9e7bd0685de0d93749c82eafa574ad40400f85d7c817a31be60400077575d5d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
191KB

MD5
eaebb390ddb3b1c0e07904f935d29bd9

SHA1
dca8da5b24b1b18b3c8dbc2523f5d145fd4dae13

SHA256
9478515162e79256323883a5092b39e0045dc8213d7dcf7be5dcc1ec5b70e9e4

SHA512
e2dae28c4661b3bb65b3811803a9396e1c9b16eb187b60f2d4d1a8cc65e2ad6ce0931a48e942b5d920bdc263ea939b9164b649edc3752e83daabef9366a186e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
25KB

MD5
b36138185079d2ec86b64146520ff490

SHA1
521a4a5578f9f9949c69d4ad42b47ac93833f6c1

SHA256
360d2954735416216acf7669736494f677489266321b920c0510a5e39f145f6a

SHA512
7e38dd1defe3750e0dedb4cff4dff75584ed213f6534bcabc5488ff9fa2b18867146e878f68a6ae708ba79d926ace46edceba1653a4a7890db0ab91d3cd15fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
22KB

MD5
d9cf50e07894113a70003e2c9a236b65

SHA1
d7f5f30577c6177fbf8cc81318fb8ed67614b5bb

SHA256
f335e5a6810239f3d96c4c5f990dddf8280fc4a0f97182f8d32909ca8261480b

SHA512
bc7d3eb82f96fbdb32de0f20893e8c23b7ec782d80e0a972606f89e37fe1c7639a38662dc4a20b411317eef55d0e45bffd59aaf99e8615c4e30150ff808c8125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
22KB

MD5
9d49dfbc51dbafe05b4115811e21e47a

SHA1
1ee866251497110f7ac287e4d0d38b4f83608ae8

SHA256
06b68b6fefa013f8aaa7795cf83f46bece55e0f895a9b7da3e24cfa85ba12852

SHA512
e9927abf71bc7b08ac7d756308b3b238c212939bfa1518ccbd493b33448ead0c5d1f6b76267b183cc31c006cc1d354b6a6ff570f50e3e6604296a299ac8780ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
98KB

MD5
c0fc67fbc5c5eceb437b516b4365aa86

SHA1
6b5a02dc604f8b87eb9d456969b12b45dda79baa

SHA256
0b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea

SHA512
e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
100KB

MD5
f18b8cb76da47e27935ad8185dc0ee9d

SHA1
e97bc15f4c7d196883b3aa5f41d8c97ff24331e1

SHA256
3a955309bcdbb0d96b2534c0ae564b7c85021b3f3de755cd86221726a628194a

SHA512
0f884eb8f2a44c3d6a9fc7dcfde976c900971d608b3a8e96643de5abbe6b78b6ecb63ce5b1ed8012ea712f7d4de42bc4fdc88881fc6bf8ae61f35e0a7784547b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
178KB

MD5
c4475ec9390a3f304d162825f309809a

SHA1
0477ddc90de9802262824cbebc129e7445a1f750

SHA256
819eb1882a1e6b2f9c1611f232d7a798b32c3132bba628d11d55656f6b1bbe59

SHA512
ed29b9ad14c3eb1b2367dae7ec82297d96d020019106574ebcdbe4f0648474b58af68fb7acd0612fafd4558af3b3171b4441bb863fd85685931c78c053491555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
74KB

MD5
7df6b004d0056695abc1c78f4e24c4b8

SHA1
314b37c9c9d2b9fd482452cd191df8fb13643d1a

SHA256
937e0b7d1b296f3bc46f8e9e239b503ae089edeb51e2cd47a97c5b6a1f97580c

SHA512
80bd2f0dd2b89cb3b2a491af2fa40cd0da363847a1461c9e34c39655ad8d0d4cb19d61599aba9c0a35192700c7a190a33911ac2ff31bdc29eee5d510037f99f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
118KB

MD5
5c8aa5a64fed9dfbbc13261567c5d890

SHA1
0c89ea5a55eb53d37a0a196f02af34bd2f140376

SHA256
98cbef7ed37298ede5c635e8b58b4f8d89b6c2211a4d10b6723118f0812b87e2

SHA512
46468f5f245a48c4d2bdea87015b1caeb56c86bf33bb3e0c94f4672b93d7dd46e618493e589d3bc231527b92b3909552e976f38fe6d159483cace94b88bb344f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
126KB

MD5
b7bb1417196cf03f6f5e8f2fccef24a3

SHA1
6a7cb728021229535c8de84a312925c12af086fd

SHA256
1e49f746a9f53d701a1599f1b69c5c799c26ea21d51952908c6527c020da77da

SHA512
d816253da865ef911ea305f7b7dc49f0698ba6317ba1420c761eac655983a4f3cbe87db479440f267894d7b3137eef9fab24dbc205a5a6a6b49a0cc12293113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
122KB

MD5
3b9304c3b8b4c74b5b6dec84900e5fa6

SHA1
e0acc291e8a97bb1523bbe84430b61c84cc6f3be

SHA256
aee67809690645d5154119b00f0bd681baf82dbb939854ff9431a3c4b50e5c2f

SHA512
9fa4494f8ff151e1fc2e917aa7999b291db12186fbe7c3cbd61a6ccdc4e2140fc68f1e9b3ef4500d479e79fc7c1bfad7186f0575bbebc7d44ab7be44edd293d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
474KB

MD5
0764ab7c03b1e94827af45cca044c3bd

SHA1
e1fe8a263ccdf0ba47444d8a16231c5611c805ba

SHA256
156c46e41805dedaec9512f03f458843dcd24ce3a074adade34238825e43209a

SHA512
102a96bc1ce262c19364e767b532209d754b9cb6e9a327b46699218412bd414be6410a75a6148e24863dab90c0f836fafe0d1e5b9b77b21b7d0f4e0ef4835519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
150KB

MD5
bfb991ad13d5d6caea10ceadaa278a55

SHA1
6d6482aaba7acebb9616e69ce2dbfeafa0ef9c4b

SHA256
6eab6a2c7b91dd002a744b7244bd733f81d41efbba2f9c8d573612527e204b7a

SHA512
c6a0fc5faa219627ed426e8858876cf36d63496f9d944b4119b2e7b0f6a1570018024c75d6273daa8e567a60815cf7f6af23b7b3ead4f7c68fdc10c4ac6763fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
549KB

MD5
9ff128b09b91dd86d003aa134de6421c

SHA1
11265d72640fb1ffb0d82640334ac4f20fbb3fe8

SHA256
c344814e3ebed2cdb3610646e50d5bc8af96e3526f4cb52a8feb51e23d59a225

SHA512
d20c575c1e51378d6508de418209ed86b0343fa8938fc4c37b3c8ee7ebedba030877df90891604d42eebbf0d69b3dd1874e34890b036b247dff54ac327d08999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
590KB

MD5
82615c69fe4af97434eec009677c12cb

SHA1
7a57018ef6e4dba706323577cbb59dda993c77e3

SHA256
8af498f99a158d753ebd46b8427e85d90d2769e176d8ef92531ed42e6f2b5238

SHA512
043cbf304ca645c6c253a8ecddcb981788c5715d35ea73b4add8dd4093e9542fb081b289bbe377963b4263c31bcb1508c994729aa8e8ce326bc456cc6d6dcd2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
25KB

MD5
9fe5cdf3fd889571e4926dedc968d486

SHA1
2b017aebdfc50d213d5bde1612a95e0110c10047

SHA256
084150d5e67132d11e4ea0af04f48d794e7e3183f1cf5c70031955267d592d0f

SHA512
0701f0e7de3bef22b605378d8d4d411ab14395ce48988c7afa51e593dc03e8b18a4db2d69c1d2006de4b09ee2e561a246284abb3bc770ab74ef4559bd23fd246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
22KB

MD5
6cace5d14aa5a3672392c995525d6802

SHA1
fa6f420285842d10856f667943c516f459b0fd37

SHA256
cbc9e3f0a1301a55e940bc8ac38e6e6fb63765b78192a4850c2e1bb3f3238a83

SHA512
09c0620428ac5491cbd1678dd3167c0c40f1366cdfd02c8b864446e78a6c90fb56e8729113c3d2771c19f4e6b2213150c275667ded14cc79230372c243a94078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
478KB

MD5
6aa4814321aa8fb8e4293ded322e25c1

SHA1
10b322f2da9c35980967226248b520fc8c1419f3

SHA256
85656cc594041c3cbab8ceb27002ad0b6ed42922ec69310fcb85854c4c773310

SHA512
3f30fe1c610d394141e0ff95e9d42205974a54c963e6141dddede9ae0dfaf08e6bb16f11bf21449fbcedf30e390541d4db79c65a7182759bd40dd06ad70782a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
517KB

MD5
4c276ec57b811e8cc3f96cb358ef0a12

SHA1
8815209958fca7a735aaa8229542cdbef834704f

SHA256
59d2598e6bfa4707691308aaa61860135d6e8e0abbff22b96748f1e8dc903746

SHA512
2ed29bc75bb0af7e15c99f0e4c54e3473fd4d023e841932af652ed2dacb726383f1fa720209e6381781500bb47d222292543abb6688e50bc1cf7cb9f9b73f499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
515KB

MD5
b044686859ef97a76082533d908bed91

SHA1
b039cf3341ae53cebe545c3874629703607ac3d9

SHA256
7ceab5c330650c12ced7eabbc2a4a19b698e4cbaefba3dc74e6f2e0dbdb7a046

SHA512
05756b27f3a4d875ef6977b2cbb6976a10dfae4222d5f0bce91de544dfd0ff3b7cad54dd695a255f501ee96cd52b8d657ce4204c136d09725c26e084e1548cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
545KB

MD5
22405402fbd397f5123807b5ae437de8

SHA1
701eaff1621bf67342bb50be40921e7d4aa805c1

SHA256
9585a7f3c1480ab7a0e75605351e2be2618c3f0f73dc1d9783ec713f959b7389

SHA512
a4bc577c4c48c8a006007c3170af7a45025f5d11565101de0bc910efd88841719fef4ce1fb3a3eb0b903725156f90323918dc93e55a50a9be5b4f9383b21587f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
156a9629d6553b16026f33d57da0b6ea

SHA1
6d9ec3d258874ee2f5cb90c694fb2f325826a06e

SHA256
5dc7d5c14254df3d8fbb40f343d4118b16d12ea22d3b2f443032ee3d8f6ec4db

SHA512
13fa15a646f333861224a28d204662b77644e9c05bccf3c7c78c4f2f9a145369b396d40595d8746261964107c99363cf36d2f07b40c04b1880006d4c564da6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57df63.TMP

Filesize
3KB

MD5
f94fd1ce64374d207a6cf81fc6a940ea

SHA1
6b9235a0d8cf0f982e9d878c6ecc0c3e2c7012c3

SHA256
46b7f2e42cbc52bb1a2d52b6c285f14c32c0aedf3f668a624f47656f97cd2ac3

SHA512
9f93d7f82c885a679eb45ff91d9f98290c855177f4a364d93cc2ae0d396adea8b9c1c4667c2e8ae11177810e9426490267ab0dc0202f714b2139775243f9334a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
5fc156e2b7cdbc173306c1109622c66a

SHA1
a785f1314a8b9d721652f41cb33a50108d29116e

SHA256
2ec138832b252dd48dec9c898a8551e0727f65085d719993c9da8d8ce44d0c5f

SHA512
4dc594bccf8ed3d01cc8bc41557737f6c14e34158c646f4a655c982d1ed516a037edc8115d5f7f6fc0feb8cbb800e267f9fc33f6bc12ade08d1914a74616afb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c37d08248f77e5294645245bbca391d2

SHA1
e1038c776a9305e0d5fc561622f3173697acc140

SHA256
2c199e31455a21ba7348b90cb0b8be11d98b1c37295a4a616fac880db13022aa

SHA512
b5ea60b043a476b1c25b505d872d693737f8c48505a39f8f75a57d19c1a4b451baa9c0611212717c002b706f37c38b2e4dbddfce9b4fdbb009f24593bdb6e51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
9b181a51023cf3b8847eebd008338be6

SHA1
2566593332e1be9383eba3954293777435315045

SHA256
b7ac50085c1a40a06109f52177d7041e9feaa09150ca18e68d25ce480fd3da25

SHA512
32c38a90b540eb8de7a5b29f4a2e1d133917a3721c8d55863430680aac2f977e62b7f8694bed3e75e3789b0ee0af4c6524b0d04142aa5c7ca6aa2fd699ab068b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
9237b49d76673998c4b5a1932b693e63

SHA1
176dd5eeb5469565af42a8048627733fd4baa432

SHA256
d69feca024961302cb22d81c2fed0b70eb19fa3a279176eb632b7285ba644f6d

SHA512
8db9eab1e1d2cfd9bc3bb2a3adcd59bdb7a37dc7c67de804d379b8e76ed5ae6408ab1686d366bf86e2d07bc13e39eee1caa1763301165747a3d4db6272cc051a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
92ec3f90efa41953e5bfe4bb58ee1274

SHA1
086e03e72f592a2ad5ac10435ed44631453f51f7

SHA256
98d33104c52c7e60fa670ca41383500d69770c62addc62bad7a91b0d0dacd85c

SHA512
64f908a89aa82fa3484d5841e4c337d72b0743ab6af2081c0884e6f2e09899691398bd23101b0e954475395a8ca47f2d23bcee8994c8992ded2c53d792159114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
a5c914beb9689408f51b153c9677dec0

SHA1
4eefb1f6d9b258aa3cbd0f932fb8a429647f5a0b

SHA256
c47372cc69539716a108f172f211f2c8fb358668c852d2d30b77a0427e9859a6

SHA512
5ba68267dfd21d13568e6d1402cd9796aa2fb0e2fa794ffdaf3a58c2f2c0dd8c3aec169854ae7c27478b15e10801c9e29d30b97197af3a762a74fbddcc591d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index

Filesize
72B

MD5
c77ad0f6e67efbfcab60d698a9bd7ae0

SHA1
f51205032a5718793f344170da6c02f9c3746741

SHA256
7d5a1ed02341e853d6d10055278f53ca298f2a5d50faaa7998d09da80a5a3714

SHA512
cf0aae6b78b62d6562c07620199139ef097cf8fa9c96c1bf51daec0b03e96e155259cf96653a5ceb997f7150be23de07147da6b390182af6fb33a63283d18972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4ddf9bd8-4fcd-46bc-934c-7de2385b9545\index-dir\the-real-index~RFe57cbfb.TMP

Filesize
72B

MD5
9f3c02248d74da41e89f9b6a42ed18bc

SHA1
a9cfee40627bd6274eaf626c9dda9c710b22759c

SHA256
d650f46c1bb3a666e08c77013dec965fda3f52d6f1a0cc38c98f77f06a261067

SHA512
050be5839375e0b5ecd1bbc429f2922e3bff7f5b2e225dd3fa98ebddcac0fe181d6a528f3f5a3ce0538a75cc80fbbf16a0711d86b80257ffa31f5a14332af809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index

Filesize
2KB

MD5
3a9f89ab52c1a3233f3e5a9328f2649f

SHA1
e5bf95da19023f84c8fa12070f8bbb65b812c29f

SHA256
1d56b79fddb1d4fc7d0ded94da40c9ba59a08223310ef1a75e1072d10c4eaf9b

SHA512
6da1349d5f4ae65df135557344cafd96657e0fb5cec8fe2cb24ea3b440a6d1ffd30d0172f28c14aa03dcf2a1bf6e1ab70cb20b8bf7b404edab8658a4fbc3e090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\672850e0-716b-4785-b971-03b7429b7632\index-dir\the-real-index~RFe57df63.TMP

Filesize
2KB

MD5
b2b61683857e62fd14ee7c20e48bb912

SHA1
dfb0846964dfa7d6f086f507421c46f804f333f9

SHA256
65c309c9d71514a36b595984778db8abc8e7e4f4e893a65804bddb1e273d64ec

SHA512
4272496a80be8fa3cb6a21d56f7e4ed5dcf33ebce8cc34f7a647a3f7bf9f4e1667c7aed54200a8dc73d69eef6f4ed80473ca7f6cac74bc99ec9bd51a48918faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
28523bffb748134a71a14492257d62cf

SHA1
228c7d9e873e51d5d13b4d3b25e389d28bdef123

SHA256
074bc086a7aabc4e609263bcece2aa68d1fcdf4608187d63cc644edc183f64b2

SHA512
bb82b57d73cef0171a3a8d8a003d4c15fec7b0b1da3404b211ce88d68e8d0f55eba4c0b755dc1ec9b6061cdd4bb921a87c1565f62f52bdae3d61ccf32345fbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6216b4ccca3b82a32e84ef2f3d4f5ce6

SHA1
55b615500098e625d01993fd5756a9a4675736a5

SHA256
5f903fac7aef3187dbefc7d2de022ba98944eb78b0162a3225b7938c3486e4e4

SHA512
827b2f20738e83f05895e520988ab0c846d78e5542d01e8769e00ee1ed946130e5be24a6d81946ebfca584078cc755ce10a4c07de0eabbddc94569c70b358a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dc37.TMP

Filesize
72B

MD5
5c571c3bda8dbc43629fe30dc115664b

SHA1
ff983984632c4f719ae127d674c9fb9b6e6ef882

SHA256
c5a613e10ecc13e20ff015135dd5d41bdd8693d60a24ced37a7382685ff308f7

SHA512
af0066ad7c9970e7a70a696bf91082928b0d1485857822b7e19ad2a0db2c4cef866c8af3545d94a69701c26e21f7d99886cbaa4ef7bcb8a2eed6e0a4cd81e02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9f6a62c6fb3de8788a37f56117492ef5

SHA1
9454a16671266e0374a7ab5f8e1fc56280bb7b08

SHA256
453ca0b7d6a8647257c438a6b27474233909d96ad415381578b6e4b83601adcb

SHA512
481efa80f098b42605136d67d5e6eb89ca18d4023296580a7a51ea56570005d13d029211381f1e927a963a04d42a22061ef99d7d5187a41f849f7b91e76967d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
a39e813347fc6853d454d7a76139a6dc

SHA1
23e01edc4bb24caa0a470274008eae0199ee6338

SHA256
a9231fc586839571a09e35e6a27aa739c946eb28f673a5fb3f3be81105514943

SHA512
417a106415e550ce97464f1485c2036bb86c0ccbad1d73231e69ebfcc61747844bbe68dacdb696cf66baf3db67414bf6cdf13008e0b1ff68bdb05a84cfab0b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
cbaa566d19ff9e566768d2969e74747d

SHA1
7aa79ad3216f7472fdf979d82f861c3a4e15f0e8

SHA256
c022928484d784cef4e4e45c2bcfabae39b8b35a14ab8836e83a08c25e68a42a

SHA512
93c58a6cf36d2248da9cd883b71abf8a22cb7cd34ae5999e0a0a71fd5d9afb7f45c06d0ca1cdc4f256364d7dc0dfd9f821d4cb98932ce227fac612a4f1f90b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
121743d322b0450d808160764a0bcf8d

SHA1
ba5d5a98bdc8e4a3a156aa8e5b17303f6f054a64

SHA256
5bf0a01f786d81ec804724c5b6b13c91cc40419b3f42c7f2e79c75d4accb0215

SHA512
4a842211604b009c1d01ad80b427b70b7fb2879608ee1f574eaacd0253b6fe929df7cad73c2fec294a4be18d3bbd6cbf9c9d47c7fb698c481d027d4bdbdbebe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
a98caf1d8cc09a89681d2701fd02a8c9

SHA1
ffab63f14333f65804ffe1d6f99edb5356f9d3fc

SHA256
11b4e86c6e2e968a6a158aa73e39055870e7326df79546b2cbd01d078f7ec477

SHA512
fe3bdc4528fd86d3d02bdd29c35a580fc354b4140a9e4cc3561f74e395bec56e5d033713ac745d459c1dc286c6486a02ac0f61f2e98a82dcfe0d6c0fe696455a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
d8db8bac165ebfd7c3f75f51534e161b

SHA1
73c244528014d0ab189b6cfa2c129481d61aec76

SHA256
a87e3d84cc6faf919b8ac96ac92ac41a2dd8d200198ac5c7963fdec5f376a0f4

SHA512
120af83149e4fcfb376011f50a80a57e094b4e07d4eb507f93121bc962f610554ef8c5ecc7678efbcad134435e5aa1f2ec73e1f3c5963a46bf4135c24f330341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
0d6e8bb87b97362fc95c9f8f8c6a7ed3

SHA1
76faa7a33f3d0e44555d714cdae7ae837d8742b2

SHA256
27ba67775ad3025786d65cb8d20245290e8980a3da62dc14ff02d585e2b46ce4

SHA512
4acf99561c3e2f7b2ce01807debed1b1433a5f579edf3cd207f37d77ea5c2e6b0148b16df371ba2ba8ddbd4157c39494059cd49e185c01d9b9d293338a2ebb1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ffb8bc5254d7635bdd4800fac616e164

SHA1
cecb28594431e94c070df0fd9c32774b32baab52

SHA256
e69dc4bdae2cb25d9bd9606eabebf758d7b3fe506eb6d79e887b2e77c852a1ea

SHA512
f67a7d055ed1730d60ae89e87be57b027211e05809a4b3d3b4a6f62afec3a285182e317609f3bc13c795d38ead94c84893be5dc4bef209399cfdc75fb2bf85c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
fb5e51cbb835b1806118ef8388fe1516

SHA1
8e0b6c090e6e2aefba4ac04b8c05e1b440499141

SHA256
da70872c657845b4da0ecd9c9f5c8b11a284a9b4d8bf5353d2e90db555bf5bc0

SHA512
3b02d3679ea1cd93d7be580d5f158a0680c191da4acc0bde17791df49dddc0f9e1d8c060d4f754c4a9bb48e2c8e60411d88d504adc0c934adf4310d8ce55ec02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
8df32a0660cb92c3d22b3b181609adf4

SHA1
b7a86e50af95d742e1389c3c6ef00f51963de8e5

SHA256
6dcd71995804437da234ccf23c756a2e6d866b1c9bcd26759d0c2de7ba2a631f

SHA512
220338a8191bb968732b5e610176d3de546c264d3d2570d00c3c35ad1dad76be0dc463828461952229aa645e750e87f3dda478f9adc59ad61c099c7613cbdfeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c0173144e055c85c6385806cfd178c0b

SHA1
7fedf13aa36888d0c4834156ddbc75d2e1cc040b

SHA256
d3c52c3bccfe4b55a5b8cf72d05674ab099c3410eb3e3074af37277c11a2e45a

SHA512
449193f31d55b03fbc0f1db236da56e87153850fadc5707d8a8cb74199de943f330fc4006db467bc63c1502f83a3a294103bf5bb0ece29212d8c3eaaffdf32e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

Filesize
153KB

MD5
b0917d8e6c5b6be358bff67f84eb8336

SHA1
a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d

SHA256
dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

SHA512
cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
35f0624d777ad0a13b1c50c7b5159c97

SHA1
0d0cd75a0d81677a473b3a9cfe264378d0fff0a8

SHA256
41bb948e91c77b42e02b7e89e4ed52a772a0d9230674ca6984348511d09e221a

SHA512
d5007f150b01b184cbbc4abbeea537652401bc4aaea622439f9391c801ccbecff4a8cb185463431eefa653ad29aadd4b18ef016331dfc25a27524b1c869b3036

Download Submit
C:\Users\Admin\AppData\Local\Temp\GSCD9C.tmp

Filesize
44KB

MD5
7d46ea623eba5073b7e3a2834fe58cc9

SHA1
29ad585cdf812c92a7f07ab2e124a0d2721fe727

SHA256
4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5

SHA512
a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\L72cVddvapXcLrKQDsks

Filesize
228KB

MD5
f03e88431b82b291de1a62222ed8d6f9

SHA1
2e40863fac8d483809c1cd4041f7232fad6cb0ad

SHA256
743122143bce6054b0117553ef55f92a98dfdacf5ac36df95d0059a7d1b65f8a

SHA512
4e390ddd628f639c7b330c1325fac5cf04c75a555080e9f7fffbbb68febd3cac661b6a7793891f6b97e4d48db0a75b9ec6dac2344a82ca253d28fab6f65b3270

Download Submit
C:\Users\Admin\AppData\Local\Temp\MkIRB9arQknTgpmnoWG4

Filesize
130KB

MD5
a22c32172d4a901617e4f2ea3e1e9247

SHA1
985c68e82c0b31d93486f08605acce5127ccdcd4

SHA256
458fd84b512e11e757d9c2c31e217588b5330bdaeab0ec4a71891cd0351fa7cf

SHA512
78978ebce51523064b31e607e2f514f1c3785547f75afbebf33a41e678ae3cd5c2a3fd8426846d1d9dc6889f4d99ff811090bb624e5a0fd1b205c539efe4871f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lmuujbi5.npv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsD06B.tmp

Filesize
24KB

MD5
e667dc95fc4777dfe2922456ccab51e8

SHA1
63677076ce04a2c46125b2b851a6754aa71de833

SHA256
2f15f2ccdc2f8e6e2f5a2969e97755590f0bea72f03d60a59af8f9dd0284d15f

SHA512
c559c48058db84b1fb0216a0b176d1ef774e47558f32e0219ef12f48e787dde1367074c235d855b20e5934553ba023dc3b18764b2a7bef11d72891d2ed9cadef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\AlternateServices.bin

Filesize
6KB

MD5
a0d5d5071e19d2a8c0fc6af9167b5a91

SHA1
cc24b4c8483e6dae0e7d67e1af144b4b5166350d

SHA256
79dae64277a945cd68f49918b6908efa21659a6a92c0984c3528bbbf535ab8dc

SHA512
c9fa392bafc658dbbb8c1ee36dd1ec96ecccbe961ccfdd7451f327ff6b07d3e64972182e355a7375c860e48ca23a9a7f114d841990bd843afab462169f4d6828

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d540b5571e9c962457d271c30b275e69

SHA1
c45541c30a361ce2b15d218edb748933551d54fa

SHA256
806bad9dc4331c6d591892983c047bd9cc9a211ada579e116eb6c23f2aa3e3b5

SHA512
7a8483d2db4ab7550419725ac96895f29d82172e3ca9270f45bacea3629d11d07668183b2ad6a367fcd2e7472a742a7884cec92bc6e9f3d657dc1d8e639d180a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
0d5452f85a99ed0b27061d3aa339dfc9

SHA1
0139a9354df383aaa2364f2b6306d22bd51f5016

SHA256
1da0387dd0cd9cc83c1ef0b7e80e9f2bab56841899aa21b0a6c6df0ab499df0f

SHA512
3f4564840740ea626e13f82b805d0c57b759a5e77264e7320ec6511f92247202f0848e967870eed256d7a148b8f41b652782c2379f3865f29373cf92a50cce0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\02e002b4-22a1-40a7-9e68-58826138c237

Filesize
886B

MD5
beecd8193ef03e856df89f0570d7555a

SHA1
14f8a877be5aa6dbe2fb5a411489e3cc3ef8a454

SHA256
45ee7a777c832cd6b304f9c9964a84e94b774999ffb99c15196c58817ec45b6a

SHA512
372ecca3a8b8a182db993bfde2697e91a7d88e716c411a1f21d968977d112bb53f267a7fcdaf54438c478fd87cc57fb243906c30291e4097fc1e22543e615349

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\229f34ce-8500-47d0-a99d-5930457c598e

Filesize
2KB

MD5
8c507c57ee220397a6d44da8f85946fb

SHA1
277515af5507a26a710e68ff6bc9de73cf7591a1

SHA256
203f966c5631d1277a215669be5969a8987f716abcb8bba484e0cbd4b8728c8f

SHA512
a1106000594ad3a9670ba7a8a01678558cdd02d6b063e244bb4328684e2feae273eb326e3a25a9638c8cb2fd9d66dafe1480e538a49a084df03f3d0cd42867e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\512334c4-78ff-4b9d-807d-2b917d7798d6

Filesize
235B

MD5
0ea4dc86caf5705eaa57e9b6ecb3236d

SHA1
25ef86da8b28913313c4e1c7de1e5cbdd1aeeba5

SHA256
10845d0eb71939927cbfdcd0ba67db92bb6a262c78171b96d877f70dd29d38a5

SHA512
33be95bc0edbade33981d3d5e8e9318ba2074774a8a1c7f1d9716db3f106e6788f04ea8eec0a284df0bfd875dcbba384a34411addd68c1d0e5b20b94c33943b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\92124220-2cdd-4baf-a9ae-f96e0601d921

Filesize
16KB

MD5
04d943b1ce2685f646e864a2e7e37c48

SHA1
00f9212fa824db24e8a9e47e119edbe9929d2c6b

SHA256
b2baf8cbff2e779aabe88f54fa4cced82d1352f15278b276643615a2df29d6b2

SHA512
9e2962599a72fcd6e99f43d5070b7b1f563e4143eaeed50c192cdfd1a0e419d66e472ff75173989c534015e2cac034ee06af82c77f11b54af3d913feaf62299e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\c5dfe675-ae50-4765-8b15-b1a4d49a76cb

Filesize
883B

MD5
470e2db3a2af847dab1e00b7b60fed6f

SHA1
2ae12231eef8b36e7237726d8571b46e94ca2ecd

SHA256
4496d85b03a2649102b3b5fde1343ea435cb2f7bad5817e15b4e69afc5f56e51

SHA512
f02f4c9a5f72db2a31087c35021bf801431442429c3583fd024a63b911cfdc02295bf88cdbb7e83b4c4185c3bb20b6f5d4edca32070747297b25d1779be18b76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\d484491e-c33f-40a7-9a9c-a8e05b9e86d0

Filesize
235B

MD5
a953f6b6131b1bf1248f473d33be172e

SHA1
ec0c7ed127e68011484ae570b9e1457981c0b214

SHA256
d6c8b491695fae1fb0b99893f34e7caaddc69da7ae475e22c9cacb76541cca9f

SHA512
0619f5aa3c481aa79bb0dc49fff3ff98359710ed165a763d7850531978af44215ddff996f3d114cb9f32e8d793efccbd7bf2fc238e5ef139897566ee827181b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs.js

Filesize
6KB

MD5
e3b6d79f9702ca60eb61fe436d3c0b78

SHA1
ffe41d8599d891b6f0139867866659f4f4e01f80

SHA256
b12f6609d8a8528b0b6f350dbf07aa7b9ea216d2909ddf12cd60935d061cf780

SHA512
4214e89a177358c550bb5bcbec99e865a9322e72f88c4d75ca086dbf8b101915718c28545dac96318580ca159997e34582e27e020157b974a114f7ca4c427770

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs.js

Filesize
6KB

MD5
4f66e1265ebc7a02d57734283bcab3f9

SHA1
9b7ccd56230981e42df6a8aedb0af0ef576ead60

SHA256
3221795d4f824e3534abc5688309697ac36b02c07d618d13fa368c8def818fde

SHA512
475a98da507ac9a0c4bc9b0e15082aab22eadaa4e21e3aa9c63482ad9ac2fed3d3fa411d505ffb63e85eb31b48820850315e928ae10224c5ae7156f3c9f82f91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\Desktop\Files\00.exe

Filesize
422KB

MD5
dcd616fa0f52ed1b0e40eab6b5182db1

SHA1
41b6090abd1e3c2873b8457bf0a5b37e0b3179fc

SHA256
617af8e063979fe9ca43479f199cb17c7abeab7bfe904a2baf65708df8461f6d

SHA512
17289fa160ed5675a0f7a079f2ec549330cba4cb0b2a1553d9ac39c624f07e2933c98135c5ba68a78ba4230557d5b7f93b3dffd3ad48ff29e6a4f22a3730f2bc

Download Submit
C:\Users\Admin\Desktop\Files\1.exe

Filesize
45KB

MD5
0b9fd78ef6d6bd52a6d581a05956d2b7

SHA1
f5b4669afa5753c2b3ee7bb0102c291205c14132

SHA256
05dfe98814b9a352144290d82d6b46ddcb7c8a4b6bbc3f1976525fde525b5ecb

SHA512
e66a8b2ddea3efefcd2fc8370e02ec28399e700c9c88e70244f187273b2ebdd9b5dcd36d5cff91c5d716ddea70882a61aa7d5e10669b0e6a45cd124f6e14c296

Download Submit
C:\Users\Admin\Desktop\Files\2klz.exe

Filesize
3.1MB

MD5
01cb0e497f40e7d02f93255475f175e1

SHA1
98c779497d6514b91cd1410f627a5320f6b3eab5

SHA256
15893230cadb8c8fba530903bc2a7e5cb4da78c00d40ea9473963455978c0f95

SHA512
fc81504089f520935d95e98ea867faf3dcc44b2399c418fea95f193c45584d72730868ce4362beef4adc5f9a89c008da1fc7a529a35a6cc7803d0ca15f386ef9

Download Submit
C:\Users\Admin\Desktop\Files\Amadey.2.exe

Filesize
424KB

MD5
e4d1c9e8c2b3b6cec83db5605d513c33

SHA1
96614d0cfc30915a683e5c9629991f55a095423d

SHA256
412983ea2172366e21193e3210ed3383dc5493014cec5b8f75bd3413e3b67920

SHA512
d6cf36d1659156b43f7250a034838565fe332220d32b91b75af94783b751f6e707792c4fe284b032b3a6d07e3d1af267329809f924fdcda96949f2b78973d423

Download Submit
C:\Users\Admin\Desktop\Files\Amogus.exe

Filesize
3.2MB

MD5
23c072bdc1c5fe6c2290df7cd3e9abf8

SHA1
e10c6f7843e89f787866aac99c0cb7a3b2c7a902

SHA256
8c7fd294ec6500a01038f916ecab9ec6a92c9f71f02400a47dc73b34fee7f490

SHA512
5e18db624ec40d90776a80d90fa80a8a39f7fcd56a523e2d831942934b00e501e7009cc37b17fa4b29a2c2e5c1895c65fdc3259421fb3ce6ea9da50048c50e0e

Download Submit
C:\Users\Admin\Desktop\Files\AsyncClient.exe

Filesize
45KB

MD5
7ace559d317742937e8254dc6da92a7e

SHA1
e4986e5b11b96bedc62af5cfb3b48bed58d8d1c9

SHA256
b6c58155365a5e35952e46611fd7b43e36e256903bff2030bc07a3c6841b836f

SHA512
2c50337078075dc6bfd8b02d77d4de8e5b9ad5b01deed1a3b4f3eb0b2d21efce2736e74d5cf94fdf937bcc2a51c2ecf98022049c706350feacb079c4b968d5d3

Download Submit
C:\Users\Admin\Desktop\Files\ChromeSetup.exe

Filesize
1.4MB

MD5
e58d6191fc4daad869237c2d51a1766d

SHA1
f42bc329223b611662514e31909e4e739cc06583

SHA256
28048ac1806c1d9f027748a5c7d88c2690ca0b89fdb2dd3422fd3d75137883f0

SHA512
915d1490744f6f6404a6e372308a29b852ca37c1be34e7dac82d6f2c4e2140386c4dec336974f6514f45a0663b723262dc01c21c6c2ddddd026ebb9747e4bcc3

Download Submit
C:\Users\Admin\Desktop\Files\Client-built-woprkingfr.exe

Filesize
3.1MB

MD5
9be9030ede5d9db3478edbec8327cce0

SHA1
da10d40404d76d3f6eae3070471a28eaaf95d427

SHA256
bdaa5abcaacc270400718342607903a944d8d13d551388cc1b16a1489043489f

SHA512
4fc90b463140e2f6ebf74c6ece1208e11c03b272f4109e0585149781fccf13197054c0d59070711c11404a229b8d1b252b1f5bff7d93370ddc0cebad87600aac

Download Submit
C:\Users\Admin\Desktop\Files\Client-built.exe

Filesize
3.1MB

MD5
c2281b1740f2acd02e9e19f83441b033

SHA1
bf321d96b83261e5487f06c9c0ddfc75786c7c8c

SHA256
8fb680e847ab1c533fc3f092164064a5c298126ba16db0ab7df84cbaf6ffa997

SHA512
0c8a95e5caa07047073077a252a891e321cf1a8c964e6e99b72a1c701e6368e63aa82c0425f58364887de3c277130c3c1acda2064332c377efaccf6ce568e027

Download Submit
C:\Users\Admin\Desktop\Files\Client-built8.exe

Filesize
3.1MB

MD5
38033138a5d4be5e9643e3945a6ea002

SHA1
a2ba8eb6e3df19f1ba3b69fc2d722ba46e4c5b38

SHA256
079ffe712f59b31dba5a230f9471aca73d47a4ff2173e003c121052d8651ebcb

SHA512
9f0c076bd7f063283fad803df07ef5318c814a04e4f4d52c4625bdde08560d15352e03fc7a4f0aaa160a41732796f94ee5aa750226cdf2b9fb1b2bbfe4016af4

Download Submit
C:\Users\Admin\Desktop\Files\Client.exe

Filesize
31KB

MD5
eb6401a1d957dce189e9a1ad06f41172

SHA1
ed58fef2021887c89e2c183d648325e5103eb2dd

SHA256
040473f2b73f8947306d2fa9d99c441447026a56ddcdce11720c17be62e000a8

SHA512
9417fb14d0a8eee31fa6d38df314b9842b01365b0e04885f770da02552125e006cdea6de2ae779db616c0247c41406b8c4c00fca8eb6b646c816e50c35230af6

Download Submit
C:\Users\Admin\Desktop\Files\Cloudy.exe

Filesize
63KB

MD5
df8b7081b4e73ec77c418c69f9b6e67b

SHA1
7c14a78da7f6adc79a94b95fac5a778116820e17

SHA256
fc9fb9d6e3dfa400a51df18b7dfe73f5102b636b1db879083cbf1f9b5ab410c7

SHA512
f37bc3fa5e738ec9f28b13745727cb43482d9162f0002bcc7c125916af711647296279393fc919c59c907966ca663452c2ba60a68ae61d56d242a0fbc4461a71

Download Submit
C:\Users\Admin\Desktop\Files\CrSpoof.exe

Filesize
344KB

MD5
f0b64659f584d37b9f8ee6ebd16d0935

SHA1
a969380670a9b6cf5e8a64cc755b0aa2eb14336d

SHA256
335a157aaf5f464499c1c9f030de964612b8a1c3a770579d01dc63c2d40509e7

SHA512
09bd36f15a57f2d4c0b0cc3739fe027487adced352d87e42d9d9be6c8bcf42cdae19085c3cca4c5dfa49480d0aac243554d005c19d4aef5c6332138e7a6f9c52

Download Submit
C:\Users\Admin\Desktop\Files\Destover.exe

Filesize
89KB

MD5
e904bf93403c0fb08b9683a9e858c73e

SHA1
8397c1e1f0b9d53a114850f6b3ae8c1f2b2d1590

SHA256
4c2efe2f1253b94f16a1cab032f36c7883e4f6c8d9fc17d0ee553b5afb16330c

SHA512
d83f63737f7fcac9179ca262aa5c32bba7e140897736b63474afcf4f972ffb4c317c5e1d6f7ebe6a0f2d77db8f41204031314d7749c7185ec3e3b5286d77c1a3

Download Submit
C:\Users\Admin\Desktop\Files\Discord.exe

Filesize
45KB

MD5
9dcd35fe3cafec7a25aa3cdd08ded1f4

SHA1
13f199bfd3f8b2925536144a1b42424675d7c8e4

SHA256
ce4f85d935fe68a1c92469367b945f26c40c71feb656ef844c30a5483dc5c0be

SHA512
9a4293b2f2d0f1b86f116c5560a238ea5910454d5235aedb60695254d7cc2c3b1cd9dd1b890b9f94249ee0ca25a9fb457a66ca52398907a6d5775b0d2e2b70d3

Download Submit
C:\Users\Admin\Desktop\Files\DriverFixerProSetup_STD-SILENT.3.exe

Filesize
9.5MB

MD5
86a27da2d8ab1a48e9183e8a868ad569

SHA1
826c87582f242044f3a7ce63d0ce09324e4bd8fa

SHA256
2dbcaab96b58a2db2649286a6959deed62ee12e8a412022cd9aca0d5050b2bc8

SHA512
4912683034a4f2c349655d7978e0c2ae6a7edc35755ba7440ef5ebd86d7afb2510bb8273cf2b44413d550879b59efe38be5556638efa4f0366dab9ec944ba201

Download Submit
C:\Users\Admin\Desktop\Files\ENP.exe

Filesize
440KB

MD5
a867557587bfa32ff08dc141b71e205b

SHA1
437c034545cf9236fa5a587380811fb2cfdff091

SHA256
74f2fda68a5826b4fefd19984ef59aa76aee954cf703b4a28713d23afabfc2dd

SHA512
fde30fb52bea2bbc6686e2c3a80729dfb8af81cc3752150990941e74920ec8f3fd0609456e28c32af038d858bb0d233d0f8d6775d92694925c5f4e6719467b90

Download Submit
C:\Users\Admin\Desktop\Files\ExtremeInjector.exe

Filesize
550KB

MD5
ee6be1648866b63fd7f860fa0114f368

SHA1
42cab62fff29eb98851b33986b637514fc904f4b

SHA256
e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511

SHA512
d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a

Download Submit
C:\Users\Admin\Desktop\Files\FreeYoutubeDownloader.exe

Filesize
396KB

MD5
13f4b868603cf0dd6c32702d1bd858c9

SHA1
a595ab75e134f5616679be5f11deefdfaae1de15

SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

Download Submit
C:\Users\Admin\Desktop\Files\GoodFrag.exe

Filesize
31KB

MD5
14caad7ca134fecc2f7a410c00d04bab

SHA1
c9561c1ce6d69d66c211e74de945bee7e72b2fd7

SHA256
6dd71673be0e890114a8c455c51976f8b67fcf2991b3207bb88bb317abba43e9

SHA512
2f08c1d119cc955e282525311bc7125429be0c27ea799d44acadb3f31cb238012e2930826b6ec5805d365c965032839f87419038d98ad58517d53189317dfa92

Download Submit
C:\Users\Admin\Desktop\Files\Google%20Chrome.exe

Filesize
290KB

MD5
ffc71cc9ceab904d343dd59f24fe842c

SHA1
6860d912829e81bf53d3ba74959c5c840e0e7ada

SHA256
37f248814f6a77bebc1615359a622ad05dd36744b16faac5f6682f382e25c380

SHA512
89fdbbe70e78633e69f42faaeae1849ea5dd5be0d824410bcce8263a6a10a2c4f6778cdc15c92a7ff2f2ad1958f32f7737748517625cf747110ef664c84e420f

Download Submit
C:\Users\Admin\Desktop\Files\InstructionalPostings.exe

Filesize
1.5MB

MD5
c8f28ff2f4e935729188fe583e2bad12

SHA1
739dab29451779acc7fbdf207acc772bc9c03c75

SHA256
751c27bef3d94bf3fccc780e6658d1441dc1efc01fcd9f56f82cbe2c43668c16

SHA512
a7a72aecdee7f8f791a36e5b88c55bb3b4ab23b1444f496dfdf3dd3f373ca7bfa6419a61f943d8f3a662db2ce0ebe0d26156c3329f49b1ea9746f033abaa703c

Download Submit
C:\Users\Admin\Desktop\Files\Krishna33.exe

Filesize
97KB

MD5
1ebef0766160be26918574b1645c1848

SHA1
c30739eeecb96079bcf6d4f40c94e35abb230e34

SHA256
3e664b59ba376749eb9b596b6499bf7edcec5d34382ead80964f9fe92a4c3c83

SHA512
01c42bb22a92543a3408c6f420593443357a53915937341b5eaf8563ee775dbdeba7af38e2df9c9cf249a512a5a42c65c4c4d39d100e8a4143e58fd235b85951

Download Submit
C:\Users\Admin\Desktop\Files\LinkedinTuVanDat.exe

Filesize
327KB

MD5
e00fac5836ce0e292228254b4f73cfa9

SHA1
a2b8ccb2032b4b02d38cdec523e91b1c94eb6915

SHA256
0b1da36b598c9a556a96133b625413f10198c763f07345cc8a47c29991dfff68

SHA512
5749c5dfc33f9670d3eb39745758a1644c185e3af9d71a2d3b635df8235563205d0e55b916c1cdc8a4091946e106ddafb5c9b7397818010f8e34e2e6278ef1f9

Download Submit
C:\Users\Admin\Desktop\Files\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Desktop\Files\MS14-068.exe

Filesize
3.3MB

MD5
6450254d888950d0137da706c58b2fe4

SHA1
677f7c6e9fa320ac3175619b69acc61da6e07539

SHA256
6782c5111abd17435851432895b55cc6371d323a06d710801551cea800bf65d0

SHA512
c4c515149e00a8aad95a4715ba48166be2e6f402b711000ea9257e364f956ebb43a5297314f74bfde49fe72b3e06e7d8659161f012b5cb428a8210117545b0fb

Download Submit
C:\Users\Admin\Desktop\Files\NdisInstaller3.2.32.1.exe

Filesize
720KB

MD5
856b304059bba7cd73f05328e48daff8

SHA1
e9e52af6dd4715ece91d253bda4acba43abcf277

SHA256
f6ce81e27f70f5563c0e69a0d8e027deb28e96d3bef447d8cdd687ce3b8a3919

SHA512
fbf4373b94199b06a19e751f9cdcad6c05ecaed496f8d5d352f05bc5d6e53dfeac18ae3b5896f1da816c68da1c6254a7ea3335872aa8f296262662a67433606d

Download Submit
C:\Users\Admin\Desktop\Files\Network.exe

Filesize
81KB

MD5
603d9bdaf52c221c1bfa5800e91b828a

SHA1
c030e6a90f7f7b76ac118bbd48cfc1e8ab6a9e0d

SHA256
67c01db8a59269b272326a8f29ff7f540e5ada94b9faa991ac308e1e04a9c41b

SHA512
08ff5b8a6f499823622043faf07da834eb651dda35d43eb49a5aaaa7da2a1f8b7461f7f743327b5f004f752132b21e52e44cc42aa4b1bb98708b5c3fa25e3174

Download Submit
C:\Users\Admin\Desktop\Files\OOBebroker.exe

Filesize
2.2MB

MD5
c6e4d3fbc193ee034b6ce5b9d2c887b8

SHA1
e2e3037e1b8c20978968b566092729ef823fc64b

SHA256
9d69a62619e5bbe6246ab771b5c839903e0e986438cc26e1bd9a6706c1a9c4ca

SHA512
e7995c6eccecaba8e95abd24eb699a280d57481adb837f8c838157a4eb9b883a0f27fb68ab664c0effdd3a1ab4351193a1ec52f41784caf0b5bc2ef970680b8e

Download Submit
C:\Users\Admin\Desktop\Files\Petya.A.exe

Filesize
225KB

MD5
af2379cc4d607a45ac44d62135fb7015

SHA1
39b6d40906c7f7f080e6befa93324dddadcbd9fa

SHA256
26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

SHA512
69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

Download Submit
C:\Users\Admin\Desktop\Files\PowerRat.exe

Filesize
463KB

MD5
f8a989ff9bf3894acb35c791d053cbec

SHA1
afb3cf59d939b5be709ed23d8b424987e618dbe4

SHA256
d417caa99ea8b4f00e4a6cc324a7901dbfddc0dbe19de513bcf4e84ceac90d21

SHA512
8dc32c1c7b408dcb8c95838d96ee711acf6157ae54fb44c1f07834eeec9618977ebdbb134e27c2663593b3372d4855146f5e24f4df7ffdd6f5028c0818cdf01b

Download Submit
C:\Users\Admin\Desktop\Files\Runtime%20Broker.exe

Filesize
3.1MB

MD5
196e2ae082841b1ab98dcfa445cf2704

SHA1
4af7f4bb970331ae1eb569100de98c93b61c5459

SHA256
c3e669b477d3e633bf336fc5d2506c86c8fc61b4d0be36fe2bbe3b361cf70a70

SHA512
b64cf310fc65954c4873889ce68bce0539435539d6ff017d8c0238ee829ec9fd5220398558f58e17e9154210856f245d94bd6bcf7780edf0aae6bed71958232e

Download Submit
C:\Users\Admin\Desktop\Files\Sentil.exe

Filesize
3.1MB

MD5
cff3e677b6383632eff6d1b52cd6d277

SHA1
0936fb4aa7e39f2b56bc1b4c9364bb95e8f0c2a8

SHA256
0d57b81c8c42d3450782af358d0938d813abc28ec18b3ad6c81bd680a3efbbea

SHA512
ddc33da48cf00e6ee4a57a07a98630082082f5cf76b9c1f844b17ff7f8328f0986a0d95f458947c6ca141a657991b31c608d9b3a9bdc83428ee53e55a34c2e61

Download Submit
C:\Users\Admin\Desktop\Files\Server.exe

Filesize
43KB

MD5
c9f41a3ed0dfafb9a6268d8828f4c03e

SHA1
79366b8d5fb765398d6b0f3da1bee0ee66daafb2

SHA256
3d34af6f1b5f337212f9dc65ef22f6ff9009a5c2647dbe6f8c5b4b12c2b89258

SHA512
26991a889399579b97c079eeac26910e88ad9d69dc4d62f212b4b43aca051c30665581db4169c0cd6875370e224d40efd2a8d197264f2418acedb1b123e1c916

Download Submit
C:\Users\Admin\Desktop\Files\Solara_Protect.exe

Filesize
63KB

MD5
9eb074e0713a33f7a6e499b0fbf2484c

SHA1
132ca59a5fb654c3d0794f92f05eaf43e3a7af94

SHA256
519f3ceedba4471f3d5178451c1007911145fb6eaf4e259a2c29b8e3483dabb1

SHA512
367fbbf6f058ef21367e329c8b0373d482c9c97dfbb42a67b17c9b1dc1d0139ae879c8ddb87b0960c5545746610d2c5690343abb458818c2dea9dbca66f39794

Download Submit
C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe

Filesize
4.5MB

MD5
528b9a26fd19839aeba788171c568311

SHA1
8276a9db275dccad133cc7d48cf0b8d97b91f1e2

SHA256
f84477a25b3fd48faf72484d4d9f86a4152b07baf5bc743656451fe36df2d482

SHA512
255baefe30d50c9cd35654820f0aa59daccd324b631cc1b10a3d906b489f431bba71836bb0558a81df262b49fb893ca26e0029cca6e2c961f907aac2462da438

Download Submit
C:\Users\Admin\Desktop\Files\Steanings.exe

Filesize
300KB

MD5
9848b927987f298730db70a89574fdad

SHA1
c7c60e246f5025ca90622ca0eca8749452bab43e

SHA256
984bfd0f35280b016c3385527d3eec75afe765bb13c67059d1d2aa31673cec04

SHA512
613b646775e89039ac2107e229269228999cdc6cb691251b2e95dab7e8308c105f132a51ed0fd56cc8c756388956cb375f921142e57936bed35f3c2f41a19cda

Download Submit
C:\Users\Admin\Desktop\Files\TORRENTOLD-1.exe

Filesize
1.5MB

MD5
d0c0e2b8cdcf7891093e828326fc7240

SHA1
82d4bc2c660c5853818925351b1f01a4933755a3

SHA256
4ef46582ae95f961c0a0af8262de20681d9fc34ab18ead54a634448c077fd82d

SHA512
35033dddd0ed3ebb292be5e3eb1f01f116b71ff63cf03efdf069be081bb58c7582f9ab0756184905db6050c462197f40fdedee67436c8952edf23a24301723df

Download Submit
C:\Users\Admin\Desktop\Files\TrainJX2.exe

Filesize
129KB

MD5
d7c44d5002256a8d79d9cfefb1518fc4

SHA1
d5194ae733a89a53cd5f6a5d934a64c7a64f8b29

SHA256
825649d86febcf97976dcb337a55bb7527f5136a4069d4b8c0285afdb5c604a0

SHA512
355be9fc7121db11170a45026cfc941dd6f7f886157800da318b02bbbec814aeba01d0569d0864b2c0af99d387d0e250a8c8a88c0d900739c1a1d156354458a7

Download Submit
C:\Users\Admin\Desktop\Files\Updater.exe

Filesize
1.1MB

MD5
b733da8487a8222cd6e36cf1b84d860e

SHA1
fda290d4d8233a70e8e53100021a6028f788bec9

SHA256
a1494955ebdb4ccc4ffd3792455949555bcd7ccc7ecaf1b704c8d9d2e6d83b8c

SHA512
9011700b2d62ac01f78a001ba8696df81f3c680a33d0679899069eeab3b4dc0159b74c3bb2014be7f3d417a3cd55edc02f8dad1191ba99adc97949263b0037bd

Download Submit
C:\Users\Admin\Desktop\Files\VC_redist.x64.exe

Filesize
8.0MB

MD5
0a593b0f5fb4b3bb32081c01651dd0d6

SHA1
0d078f6ade095e0eec4fdf0eae6a769fa4cc0516

SHA256
f60c357ebff2df721d6a640213e2a8652f0eb4eb058c4029f4947dd28706b417

SHA512
5f5359c1e22193025d7004b9d799306f41d7b5c1f9be6d24263690e9b7661070febb313d43d8f60988b682453bdb1560cf7a225fb2cca46d15d8c4bcf66abda7

Download Submit
C:\Users\Admin\Desktop\Files\VClientssss.exe

Filesize
170KB

MD5
2849126121a33f1cdfa7efae66042a7c

SHA1
a199574787d2b86f2d45f9e45f410907fbd14dfc

SHA256
3813a34c99a620d16fda882616a169c2df11d30304ae6f16e0270457fe0e26a4

SHA512
e3389dd80a35bdaa75e06b0d6be330951d48b2bb24b3db34387248eaac1532e72bcd15c6724bd021da7406d805fb3b7a9e6869f5208da75582b6b9738c7480e7

Download Submit
C:\Users\Admin\Desktop\Files\VsGraphicsResources.exe

Filesize
3.1MB

MD5
9505eb22bd1997ed978361c94eeec069

SHA1
44960e64e796065c05c0a97352b76a6e17c7c6cd

SHA256
0698ee82cda578803dc0accdfa78cc038c27382ba93293df3adaae6f188a5ec0

SHA512
f4656c0276d3d7602d1564fd4e705abd213d93df2551dc09c2df2810d07af1c35fea29aa716e4d0bcb107df262755047c92158d333496f786110905fd029d978

Download Submit
C:\Users\Admin\Desktop\Files\XClient.exe

Filesize
59KB

MD5
cf14fac9fa45e4989ad1db2910ed98fd

SHA1
9e6381b831257bebf6356984e6ac3764aee72a84

SHA256
3df057f43a8c20c88fe2a2266ac09414fcf9dac4037e9a4f6e95ab66e6409636

SHA512
184a88c77ee9e8254cbe4489447d89a710b057efa6fe9f0510a93da91e200dd6717416b275140b31301fed6800884cc62b7941854565c96462f109dd7f972e0a

Download Submit
C:\Users\Admin\Desktop\Files\ZipUnlocker.exe

Filesize
5.4MB

MD5
900d87e8284ef7c95f7c95dd8134c5fc

SHA1
c97c50ddcdb6376b5876434aea558df2b79758cf

SHA256
7eccdff8e0477e65e24a98bb79f9f09ae2520b395a58e24c0eec8759d6babf8a

SHA512
2a00cc0c0b6ca9c6f8aab437a4da6930d3ffd412110781ca9b440a1318ad2f1b7848dabee1127c29a6f774cad1abda9ba308706463605a3f28b86732850e9861

Download Submit
C:\Users\Admin\Desktop\Files\access.exe

Filesize
72KB

MD5
5af2fd64b9622284e9cb099ac08ae120

SHA1
96976bf0520dd9ec32c691c669e53747c58832fb

SHA256
e6546048ed1bbfb903629cb7ec600c1bfc6e7085ea96e73022747f38f19730ce

SHA512
a393b2017a53c6b768761bab71439e280ef7ba357930b2c912aea338d66800b04d969f8716d5c19714e34d71d9c436dc2e97282a5a712f46d5f0d7bfa0f956e3

Download Submit
C:\Users\Admin\Desktop\Files\alex12312.exe

Filesize
445KB

MD5
857dd215dcf687086dc512e0002e6152

SHA1
56a21c4b605d1b59cf75b94aaf54469217cc2447

SHA256
6eef468b5db8b7e40857a5f5096ce7f3bf37e62cf487f218cd610e38f394c75a

SHA512
e942999e42db88999ebf8933f2d25a642145fd433d537240fadcc12e71b5f0480642631a25ee2605910784aa18e1e282c906dbe3bee0fb276a8432a39d19bb5b

Download Submit
C:\Users\Admin\Desktop\Files\alphaTweaks.exe

Filesize
34KB

MD5
cb2ef57bbbe7c0397afa6b2051dffdb4

SHA1
2ad1647eec1b7906a809b6f6e1c62868e680f3f2

SHA256
7fb3e8292f32340a438f2f8132a8a266c59fb31377796a09a927be956c62cd4e

SHA512
ce079f9e54a6ac461a36c7c0051cd470b4c8db7cf2192158b659126b48183ed36d15221036b515e3d26571c8e1593fcb3835a013cf278371d717cea41856805c

Download Submit
C:\Users\Admin\Desktop\Files\assignment.exe

Filesize
11KB

MD5
9eeb9bd649ea54616def4dbea8e6ef23

SHA1
818e1338d3d0d42bb34a9c3006da5de963cd545c

SHA256
f9a97d0e6d8e8129f62f47b652d26ea7a27f1996760a41c6c9730062a601ac94

SHA512
c36e27d599e9cd19e903d564a1ad23e90e46f8dafb9f677a5b5b070d309fe974d25173b92b24ba7a5fbe4c4e3b04586ab7a33e499046009afe03e3c75ee759fd

Download Submit
C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe

Filesize
72KB

MD5
e2fc88419295970ffa4e773dcf566f14

SHA1
4a1779a909364cde7921cee916492faf25a054fd

SHA256
03e9d40b1a4fe605b9830af70bc6f3368a5b2ad308e518640275c8b312c6ebce

SHA512
ee3ef00652094724394932944e96f3a847e4acea6af18a2d83b9b4ca29b719deb9aeddcc37e19b420f78d4b3d909807c5890e210abd2ca20ade951ab2c348f5e

Download Submit
C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe

Filesize
45KB

MD5
092c3991693cf8e0023895e4c1681fae

SHA1
eac132697a7317fb617a2237df11395bfc76b18d

SHA256
86e691956c37b1594ef05158264e82e28655233a446fb06d4e269769ed582f06

SHA512
64c3575fba4e9eba8b93e60b557dce0108ff97b0556736f5fd30b2af080d2786062afbaf57ffe6988d7a0b170f00faf4b8aaf871a978fbe7e05342cc673c9e48

Download Submit
C:\Users\Admin\Desktop\Files\brbotnet.exe

Filesize
50KB

MD5
4c753f7a2af14b8dc43f2d169ea61752

SHA1
638351849fcc8620d493cb4e1bb7651271afebdb

SHA256
a951bb26b99601f732f9333d11dfa5028e78d90ef80287dc7e82a2c37de61993

SHA512
d804fdac55c840857265631bb02005ec2da42fa0acbda2129e1d00056f42a0708be24fee89c3959c9ae18772d7b77b70760558c366f43798cb84334da708881b

Download Submit
C:\Users\Admin\Desktop\Files\built.exe

Filesize
3.1MB

MD5
a813f565b05ee9df7e5db8dbbcc0fa43

SHA1
f508e738705163233b29ba54f4cb5ec4583d8df1

SHA256
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156

SHA512
adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e

Download Submit
C:\Users\Admin\Desktop\Files\cHSzTDjVl.exe

Filesize
112KB

MD5
043fe9d1a841d94435f8882125769b0c

SHA1
f410048ce061a747048dee6166ef001a6448871d

SHA256
d9f20fbf64170d65d1a1f2fd66a997913cab8ddb1389df8b1fd1e7ae0f1d0b5b

SHA512
40f15d849cf49a6965c7feb86f52fdcb96b84e4bd3f3aba26010e7ac44168cbbd27ee97bab4e34dbff0550e64eb65f2fb403a96bd8fc9275fdbb573d4bd3ffcc

Download Submit
C:\Users\Admin\Desktop\Files\connector1.exe

Filesize
72KB

MD5
32282cfa34ebd3aa220bb196c683a46e

SHA1
4299a9a8e97a6ad330c1e0e2cc3368834a40f0cb

SHA256
3c3ce0355bfa42b379830b93a76cffd32fceed54e6b549ae4a1132ca30b392ff

SHA512
b567f434a313d270a53945a75d3303db179964faabde22786b37e8399b03d2ab664f11d03f93f5e22ea1aa8b38b1481fcdd302e688c5c1e9c3f1e3516ceebfb4

Download Submit
C:\Users\Admin\Desktop\Files\dI1.exe

Filesize
59KB

MD5
5d966bd3cfa99496c768608ceb800844

SHA1
73ab1135352ebff69328a09c0c45317ce4ec62be

SHA256
965c1f43a36692ddee3854fb878f91a137a2da1ab7c477c30308ac46d3ee3cd0

SHA512
5d610ca35106c9884b5cb57384dfdb5b0a843432d5b9fffdbe3fcc18e138b19dfcacb95f7bf6e8ff8267768e2c77be8322ec5b2a65a06d4c5d02b152b8697c39

Download Submit
C:\Users\Admin\Desktop\Files\ddosziller.exe

Filesize
47KB

MD5
fcd50c790fc613bb52c7cea78a90d7ba

SHA1
06197d1e57e63af0b898de2b8388c447e2c6cc71

SHA256
1a626198cb756125b04335293477b64d6bf0b8c1a3c9dbee117afd247fa477d6

SHA512
1e9c923d08fae0818ba190efa1f7199ded9a04687022832730107cc9f9383262da14555d06f366df2b73123182ad4c9033a7205efc75b9535e39b8e676aef86c

Download Submit
C:\Users\Admin\Desktop\Files\diskutil.exe

Filesize
3.2MB

MD5
64037f2d91fe82b3cf5300d6fa6d21c3

SHA1
61c8649b92fc06db644616af549ff5513f0f0a6d

SHA256
33aab91831bba3a5fea7f49da16d5506254d66377d3074ff9457af4220be670e

SHA512
2a70ef0c4d3a2237175078f0e84cd35d7d595422c3aa5219d6f0fe876f82cf60e1d4f592a58f166cf8175c52d275c21950c5ea421416fee8877dfaec5b9be008

Download Submit
C:\Users\Admin\Desktop\Files\done12312.exe

Filesize
286KB

MD5
4ca928ae23fcfa668b951b98f847a10c

SHA1
2390606cab60a13706644016b7a6e5498277b14b

SHA256
9e6aef22dddfad9f4f3e2b478c59e5091233270da722712011011df2b6cf2ac0

SHA512
ce90304762bdcd23b7a7dbc1404a197b2cf267e1399240a91f8c7689efc9e188e20b2e565a1062bb8fd1827a377abaeec4d84992e2b35859bf49537ee763596c

Download Submit
C:\Users\Admin\Desktop\Files\donut.exe

Filesize
157KB

MD5
77fdab910751ae4b3b437ed594ee1b4d

SHA1
04feabf0b665f3e4bc29950f7ffc291d9cc4a9d1

SHA256
ee0fbd09ef81052faa267adb297a644ab51e80245e66346f97e31834bae9814b

SHA512
6c5682df48028f0660e50d4e450cbd742f02668f46df2757920e0305ba4cb8cfa00221119a24f2916b4013b4569d7829ad8d5e4e98287c451410a87b4d883b2d

Download Submit
C:\Users\Admin\Desktop\Files\downloader.exe

Filesize
198KB

MD5
64f01094081e5214edde9d6d75fca1b5

SHA1
d7364c6fb350843c004e18fc0bce468eaa64718f

SHA256
5861fcac5dcd75e856fb96a2f0563df56e321a4be2c420618763d0bf495700a0

SHA512
a7679967d985d006a3c6b000d32b5a258b3c489bddb303c98d9cc54fa597d8a410fa66980767fcf1defe682f7952f744fd3bace26e66244a2529dbddd7a35db0

Download Submit
C:\Users\Admin\Desktop\Files\eric.exe

Filesize
1017KB

MD5
a58f4b66d02c4c1b64b4ceec7814270e

SHA1
7e20d0b40266de5758c41dbc04714d0f10b210d8

SHA256
4df44b98ee0ac16555fc876bc475a7bbcaf2fd9f874271a5047511b16756d1e3

SHA512
b5cae5138a2ea5dbdc78509cb296a46e03c2cf5603c9a3eea496817c10c6114147928863347a940db92558c066feed2967f769b5cba12500299d5e24e69f753a

Download Submit
C:\Users\Admin\Desktop\Files\esign-app.exe

Filesize
1.9MB

MD5
538aeeefac0c750a2f506a6f3815c7ae

SHA1
4ae1eb347e7f73618824d1c5e58dd7f0eab31848

SHA256
383af7126e2e28748b4b75c66cc3406933a935931185d37b672a033cb193a26c

SHA512
ae7eb66f9e2e83442a72b9b837e3ab0d36fa16cf8b45609055d569d2d1e63c63190eb93079450a60fb3b908844144b186c6e180a0c586a7c82fd0f2290890c81

Download Submit
C:\Users\Admin\Desktop\Files\evetbeta.exe

Filesize
92KB

MD5
6f6137e6f85dc8dac7ff87ca4c86af4c

SHA1
fc047ad39f8f2f57fa6049e1883ccab24bea8f82

SHA256
a370eacabf4af9caa5502c39b40c95eda6be23666231e24da1b56277a222f3e9

SHA512
2a3d60bac0a40730b49d361d13000115539c448ef1ecbbffafa22ebe78fc9009db0846e84e7f3c3526d22d5531cedddae8fae7678f453e48876581824cd9dea4

Download Submit
C:\Users\Admin\Desktop\Files\fern_wifi_recon%252.34.exe

Filesize
72KB

MD5
0cf225d4e9a1a440b7f9194d56533598

SHA1
fb7446f256e389fe8f957ccb34422870b52fb233

SHA256
2c042ffcb4b89bf6a65195ca81430a0497a827c125b24aea15822302d4d76a59

SHA512
7e8efd8a96545b54762ad2d4998e55332f1162d007ce544b5d6aeb4112f1674924319b9a2369cbb90c08fddfe0549242bf9ac563e54c9ed11d0f633ae7a10853

Download Submit
C:\Users\Admin\Desktop\Files\file5.exe

Filesize
648KB

MD5
38836c26314605862f3ca3bfe0936b46

SHA1
b68d2a35b2d9f5083e3b2574ec409c6dbb615fd1

SHA256
3e151c518a16e949c618995aa6e38f509ff95f4fcc0f2a84a13a64f310e34e1b

SHA512
dc0aecfe210fd1169eea3118ca09de6dcb4e53ad6a7aee25580df1b82b224fa551a4c961756fbf0a415ab77aec2a26867cfd16fe0358bb1024da80b9e7bdc67e

Download Submit
C:\Users\Admin\Desktop\Files\g354ff43hj67.exe

Filesize
3.0MB

MD5
a41636257412c033699c1a011ed43a33

SHA1
2eb7aa5fb3593f649bcefaf881a1568d6315d33d

SHA256
c59eef617ae47d1b1885b1625277a0def737d8b109733418e2ad64cc38ad4377

SHA512
48a3c7cb7e1ad242115040bbd9be3d08ed0e5a397ea62a056e166fca0dcb112cadb6e582a470e2bf79e7368f0147faad6cc646f67de2fc92bfdeb630cd196902

Download Submit
C:\Users\Admin\Desktop\Files\heo.exe

Filesize
27KB

MD5
feaca07182c6be327551ba4402a338c7

SHA1
5c699eb735def4473b9b02de282ccead84af1061

SHA256
26e9813dd9d80e2b2441d799608214697d7262e24c739bcc11563756c22d3efc

SHA512
0ada77bc81af9b5d865f06cd6f91457281bdebbf07183367b7d3d0bd598ad7d3ce081b0d1f0741efbbe6c3839620bb17b637ff9727cb3440d5b96b3eab70dda1

Download Submit
C:\Users\Admin\Desktop\Files\javaw.exe

Filesize
3.3MB

MD5
bde8439cc73c6f0303199e7cefeb1950

SHA1
83152a1171c13c2f64209cd12303d6e1beafdc48

SHA256
6f61cf46bd0b442cffc00bf3fe51d082e8d13351879759f565392bc202f90648

SHA512
ccb88f50004010739aa2e36781330bafd4f9b31132a56c1a80f948cf55727d30a273d3f04d44f2663c44a894031f1715c33244b04071744717a8087d7c497224

Download Submit
C:\Users\Admin\Desktop\Files\k360.exe

Filesize
156KB

MD5
f86b63e6925e860799e3c9d05753d087

SHA1
cfeaaafbc94eb877cdc4bb06a97be4da23cc7420

SHA256
83980c19359ee3b803a7f62738e6392bdea11e84e8d8c4502f1d82f1132382a4

SHA512
2e5c6aae30853f64d1048b9e289e2a2677bc9a18078a84c5d06166f530c2a10a5d78aedc29194d239a1b1ae27663a6922b11a2ec3822900b6351fa1fddb82971

Download Submit
C:\Users\Admin\Desktop\Files\kollfdsf.exe

Filesize
573KB

MD5
b3d5b12b5a8975ea11a53dfe3589daa0

SHA1
0939d278700e3f2617447f018cb10e93010ccae1

SHA256
59774180353dd5cf48c73b66d0675afe2a04408f0888595c85a9f6495caa79fc

SHA512
38457e52fd1a530f09243d750872362239f75ca5c0a79641b12385d7472064e5045f3b9ea0bb957b58dce9761a2e640e62f2a01749f77da18b138742a15ddada

Download Submit
C:\Users\Admin\Desktop\Files\kololololo.exe

Filesize
1.2MB

MD5
646254853368d4931ced040b46e9d447

SHA1
c9e4333c6feb4f0aeedf072f3a293204b9e81e28

SHA256
5a6764d23bb3d50f08f15b95e214a6dca0afb78e7416a21b72982c3649a49e9e

SHA512
485f252cd358ea41be648e013dc3ddeee1e57f8dea3ef42a5c8236a9769e7ebcf8bae1d5a36f55b6fb2cdcbbcf1878eca7d7885b63445cb081688a9512512819

Download Submit
C:\Users\Admin\Desktop\Files\loader.exe

Filesize
4.8MB

MD5
eb562e873c0d6ba767964d0de55ac5a9

SHA1
b0ca748a3046d721ec2dec8c3dbd0f204e01a165

SHA256
e8e3cddcc753e66757c3d6a47b63117f718103f03a039b40a4553849e04b8aec

SHA512
60a60cff48d0cf9293d5c84993f3f1883ccf25ccc261eaaed9fae9c41169001e802ba6926f72e8d61962e106f583b5dcb6fdbc4f1d1e88c679e91e4b41efb227

Download Submit
C:\Users\Admin\Desktop\Files\mmcerts.exe

Filesize
1.3MB

MD5
b375f8f73341369bbd2731c652132b03

SHA1
2e33dfc94b8b2afff1ca73af9516f0d649df0282

SHA256
d719cb6f0288867122e8780c2e326952b1858036f7a036821d77e2e7443fe2fb

SHA512
421c237fcdb37093cb347f7a1f6323070d3362c85114b0fe83e41c742fde957567ff84b2d3170dc226efbbd5b4bc6febed8759d90c8a3c05458876311d1b41e9

Download Submit
C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe

Filesize
93KB

MD5
8be7cd574b5424c43a6d0ccc4a989412

SHA1
946d22547849765d756071f63be3417b30f39c6f

SHA256
87a40d2e8ebe033ff3d359309dda136f1bced5c5578c8ea7d05b9d97e5adb12f

SHA512
8aff9965a7c8ccb357b3e026c2b65eb0457d4967ddbbb269f781ce62c9c77667b3a7ed4e8794bdaff6a7adfd46757cf1579bf740ec5a0d2747efa824bcf18eeb

Download Submit
C:\Users\Admin\Desktop\Files\nedux.exe

Filesize
996KB

MD5
a69d947c07bcede3dc11bf997fab61f4

SHA1
c8a4ad59578a75c30f0873a6ebe185715e0467cb

SHA256
adb2ae1b951cd191e868e851a41273684edf491b094bcbd38fcbdf96117e3764

SHA512
2e9aa7d9fec5cc7c703de8567e9a8084b3b5aefb6f8eb6e820f823f75d7fb6ba1210df2f2ae5245cf42c6bc8884c899cde61c7bfdfa43afcaba6ee93d73c67ab

Download Submit
C:\Users\Admin\Desktop\Files\njrat.exe

Filesize
23KB

MD5
8a71e8ebf8c24d8f7b48a29fc023815e

SHA1
3c279527d5f1dba32466fbd19b7d073df291e596

SHA256
36882afaff37f70be8d2566f1b4f8a05764c27305f4809002f1ee2822b6d8ea5

SHA512
258c88e0993258f091b5ce3bd57aae8be0d8f30be0f420aea08bad9a99242e1f246a6c140c933fc088b6ada2b1046f1195c3030593ce1338fb77925452348a4e

Download Submit
C:\Users\Admin\Desktop\Files\perviy.exe

Filesize
239KB

MD5
23ad8a022dd0138e14615a93b01d87da

SHA1
8c8d2b1d1c8006410fab2111b56ab55e0d55eb8b

SHA256
fbb5cee6f3ee4ca8643b64da8d85e2aee256199f009d195d8b776cf0445e4b91

SHA512
c1889f29d8813b4853a688900c461a6f45950038387069176fc8950ba44f6c53705a39fdc09dfdd32979cd3f12790898fe505ea3c725f55413b4b3234e545c86

Download Submit
C:\Users\Admin\Desktop\Files\pornhub_downloader.exe

Filesize
88KB

MD5
759f5a6e3daa4972d43bd4a5edbdeb11

SHA1
36f2ac66b894e4a695f983f3214aace56ffbe2ba

SHA256
2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d

SHA512
f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

Download Submit
C:\Users\Admin\Desktop\Files\prueba.exe

Filesize
429KB

MD5
f20d14ea889df6490d81db79d57a9b19

SHA1
c9654e2a5e67205c4a7e3cac67676246bd9735f7

SHA256
ae9384f6fc3fea2276f6897e910a5d5b7a3ad995420363788815e0754ff9469f

SHA512
5c251039426f083a7480c7bfb6339a017979fca5ad0ea318fc7e9da23a74a58729c916d300759733343c6e48c8009fb48b46c744b94ef3b0048e09cb204779df

Download Submit
C:\Users\Admin\Desktop\Files\pt.exe

Filesize
171KB

MD5
28a59e0252785560a69e8c492b1e90da

SHA1
455a3309fb9e516961b0cf23832084ce0df9d4e2

SHA256
59f2d97c7614eff044608982e55303fab7567be5d9f898f614f782fd675df8fa

SHA512
925361f1ae15c66c21f921232c94dee0fc705ad8c6eee32258a1ecbfab784371329097803391bf23fc1e7563c4ce7cd0731aae833c4c09049c749aa7bb929936

Download Submit
C:\Users\Admin\Desktop\Files\random.exe

Filesize
942KB

MD5
d865d10e25cebf84f38063cd78ed022f

SHA1
fa8802caaaca5b2c01c0ba9af26487f2adf725e9

SHA256
7d2642337b002497caa6d7b3ba656fb34f9a22160ea2d353e9e9acc5b5a7db18

SHA512
cc60de7b15faca13b975f3cbdd0991355ebcaafa4d4e595e0954fa30c18377d11537bb1a8e2ea9c1b67b399ce9681b99cb3d3109908c4659c65631b3da5a6d8a

Download Submit
C:\Users\Admin\Desktop\Files\s.exe

Filesize
41KB

MD5
9315b5f908ce50b71309ca55161662fe

SHA1
67f6f3d007d95a72c79aab3bae0c17d8089b840a

SHA256
817f6294bc1d47fcff8528e558352223f9f4fc2e8030484f3fa65802da8406d3

SHA512
3e1cf1c3f4d696f4b535acd5b5cc34f0288691b6dc06cb3eab9b223bdd0d780a31ae31da4940ddf779b39db3afc0381cd2d564c944d837bce4ac0b4978d30c31

Download Submit
C:\Users\Admin\Desktop\Files\sharp.exe

Filesize
145KB

MD5
d85182eab218d23a09fb64c75fb7413a

SHA1
5cea790d53710a414c2351e57039f649de074a32

SHA256
30ac89bbc88577e708c6a37fd3bf2fad7d3af925a4558148396f1dbdcced2af5

SHA512
3f52f2d636c8cbac3cafc2a2fa740fa5741d6ec0876b6c0125ff78e163edbcde3343d09be49196dbc82b81dc824a7efe4c3a5e9007a8369785475310f8bd00c1

Download Submit
C:\Users\Admin\Desktop\Files\shell.exe

Filesize
72KB

MD5
b46f3e8790d907a8f6e216b006eb1c95

SHA1
a16301af03d94abe661cc11b5ca3da7fc1e6a7bb

SHA256
f400dfc798338bf8c960fe04bafe60a3f95d4facd182ab08448b4918efe35262

SHA512
16345afb33b8626893da0700b9ac7580cdea3b3d42ace6d137abb9f6e99a0e446d9af2fbb98979b7ea815cab07fb6eb368a590166bdf048deacd7fd63c429de9

Download Submit
C:\Users\Admin\Desktop\Files\spectrum.exe

Filesize
502KB

MD5
1441905fc4082ee6055ea39f5875a6c5

SHA1
78f91f9f9ffe47e5f47e9844bd026d150146744e

SHA256
1b05c4d74e0d17a983f9b91aa706a7a60f37ec270b7e2433d6798afa1c7be766

SHA512
70e9ab0e49b4bf89505f16c499538daebc1e8da72488cd63ff60747d15a1d486ba38802b0622c9240d10ff68ab32e6bb36a0b809e7cd0e2ec4945d023ce86c5c

Download Submit
C:\Users\Admin\Desktop\Files\support.client.exe

Filesize
81KB

MD5
9c73efafa7b9ce51b4abf859f8767769

SHA1
cb19892bd7dd42a2580d974c5f89f2396ae292bb

SHA256
54fda9b0ef458399924f6b4b4120765a872b0efbaba59b69c841b7b12ee33fda

SHA512
755aada1b6fd9991d196b394d0e98bf9963e2cb05ee571e9889090353086f0df54f3849c636f320f226ff00f17f1e393d0d60b6cae8adbdbcc9175fdd2304db0

Download Submit
C:\Users\Admin\Desktop\Files\svchost.exe

Filesize
75KB

MD5
1ece670aaa09ac9e02ae27b7678b167c

SHA1
d98cffd5d00fe3b8a7a6f50a4cd2fc30b9ec565d

SHA256
b88c6884675cdb358f46c1fbfeddf24af749372a6c14c1c4a2757d7bde3fbc39

SHA512
ad8b877261b2f69c89aa429691da67100a054006504a2735948415eebdc38eba20f923d327347560d066e65b205e80ea8f0a296e586107dc051d9edc410b40c5

Download Submit
C:\Users\Admin\Desktop\Files\svhost.exe

Filesize
502KB

MD5
e3cfe28100238a1001c8cca4af39c574

SHA1
9b80ea180a8f4cec6f787b6b57e51dc10e740f75

SHA256
78f9c811e589ff1f25d363080ce8d338fa68f6d2a220b1dd0360e799bbc17a12

SHA512
511e8a150d6539f555470367933e5f35b00d129d3ed3e97954da57f402d18711dfc86c93acc26f5c2b1b18bd554b8ea4af1ad541cd2564b793acc65251757324

Download Submit
C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe

Filesize
4.3MB

MD5
ed40540e7432bacaa08a6cd6a9f63004

SHA1
9c12db9fd406067162e9a01b2c6a34a5c360ea97

SHA256
d6c7bdab07151678b713a02efe7ad5281b194b0d5b538061bdafdf2c4ca1fdaa

SHA512
07653d534a998248f897a2ed962d2ec83947c094aa7fe4fb85e40cb2771754289fe2cef29e31b5aa08e8165d5418fe1b8049dedc653e799089d5c13e02352e8d

Download Submit
C:\Users\Admin\Desktop\Files\testme.exe

Filesize
93KB

MD5
007cc72f39b8261fda0d3ca9054f46bc

SHA1
7a2d2aaa860bced45ebdaa41eba3412c715d27fd

SHA256
b10f27a30807f8c7e6cd91d168b092a03768882b77b2122e5598f01a5c04c0c7

SHA512
2b1894aea4345bb81fa34ddad67e995b1050cbe57760ba3437733f0a7ecf3832e58bbf3cf655254c5744f13e3aa0f56ed891ab4e8d3c715aaa454ac49a565dfc

Download Submit
C:\Users\Admin\Desktop\Files\tretiy.exe

Filesize
239KB

MD5
ac0c7c7b446033358b09302bd31fc48f

SHA1
d94ba46cd56463959570012ce1bfa3dff470cef5

SHA256
edb35dbc785eb95c331b565181a78e26980e4e70b7733630205bf24095d1bacf

SHA512
d1fee8891a5cb792156083b86f6f60417497056eb5fc896c665f4a4ea3b21c67f8bf3527d5e7e14a711079af0ff5df7304e8338c9d2c3aa6d4b6b6a6098784eb

Download Submit
C:\Users\Admin\Desktop\Files\trojan.exe

Filesize
93KB

MD5
03a91c200271523defc69d1086624c7a

SHA1
0742e4d35435c02bc13b4bfffc7b5f995d923b7d

SHA256
e9df366bbb1860c68f8005d6cfd305770784f03f9af6db37852067165a5a3b49

SHA512
16c0ad78e252cf6b2c107b594f060cb39093208d837250e80fb82e358f5bd957a4276f6b8fe656234fa919a0c79b028f181dd7d206a1e0148dce3581a0b2debf

Download Submit
C:\Users\Admin\Desktop\Files\w.exe

Filesize
47KB

MD5
d4826d365cf4dd98966196f868817394

SHA1
2d17bf67b0a179b2f32a3f6e57c960a9eae42be5

SHA256
2ab6b6abe9e3f1d24bf8606a675915e600413c8a9089de5ae3606b595a70aab5

SHA512
6269bd39c8682aa9e22422c162034de84cbf1d82ff46c25c7dd04a60759d88958b1ac7e4488f315b4e5e4a3b173af1132eedd741ce99265c6d1c4fab9f94d180

Download Submit
C:\Users\Admin\Desktop\Files\whats-new.exe

Filesize
108KB

MD5
a774da459014620248490f5bcddb2cea

SHA1
451b5c9ccd458908f8132dc8f9f754d2c54016b0

SHA256
7748028d079b05131fa680290366c8a094d756ee1ae3fb7b9f68883b6cdea7b7

SHA512
8939387e38bc8222d705315987736f98d6b78330c75b9804aded78d3e1702ad674bd874163d830326523d4523d787b56e0221ab0855471a7a4d24fbe97232641

Download Submit
C:\Users\Admin\Desktop\Files\wudi.exe

Filesize
1.6MB

MD5
8e08c7f1e6c8bf265e96f7f11d0d9d08

SHA1
99989678ac0585836787bca3f7d9075e99f36f55

SHA256
d99703b64f00939a2ad4199644d25ac4fceb2524fd3873f2ce0da7f251ee6198

SHA512
9a5294e7143a0255accece06887bb487f2bf78d792603db26b481a317cb861c0b71e78a58d373413bc3e8c8935072a27478ff026fb3bc373209a6343e2db34c6

Download Submit
memory/1956-3263-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1956-3261-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/1956-3264-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/3000-3307-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4832-2227-0x0000000005260000-0x00000000052FC000-memory.dmp

Filesize
624KB

Download
memory/4832-2226-0x0000000000880000-0x0000000000888000-memory.dmp

Filesize
32KB

Download
memory/5352-2547-0x0000000000F40000-0x0000000000F52000-memory.dmp

Filesize
72KB

Download
memory/7708-2799-0x0000000004E00000-0x0000000004E56000-memory.dmp

Filesize
344KB

Download
memory/7708-2739-0x00000000003A0000-0x00000000003BC000-memory.dmp

Filesize
112KB

Download
memory/8232-2305-0x00000000005E0000-0x00000000005F6000-memory.dmp

Filesize
88KB

Download
memory/8688-2275-0x0000000000FD0000-0x0000000000FE6000-memory.dmp

Filesize
88KB

Download
memory/8764-2307-0x0000000000F90000-0x0000000000FAE000-memory.dmp

Filesize
120KB

Download
memory/9492-2566-0x0000000000570000-0x0000000000582000-memory.dmp

Filesize
72KB

Download
memory/9492-2576-0x0000000005660000-0x0000000005C04000-memory.dmp

Filesize
5.6MB

Download
memory/9492-2582-0x00000000051F0000-0x0000000005282000-memory.dmp

Filesize
584KB

Download
memory/9544-2800-0x0000000005CB0000-0x0000000005CCE000-memory.dmp

Filesize
120KB

Download
memory/9544-3009-0x0000000006760000-0x00000000067C6000-memory.dmp

Filesize
408KB

Download
memory/9544-2321-0x00000000000F0000-0x000000000011A000-memory.dmp

Filesize
168KB

Download
memory/9544-2747-0x0000000005E10000-0x0000000005E86000-memory.dmp

Filesize
472KB

Download
memory/9544-2770-0x0000000005E90000-0x0000000005EE0000-memory.dmp

Filesize
320KB

Download
memory/9592-2323-0x000002AD33DD0000-0x000002AD33F56000-memory.dmp

Filesize
1.5MB

Download
memory/9592-2677-0x000002AD34DD0000-0x000002AD34E20000-memory.dmp

Filesize
320KB

Download
memory/9592-2322-0x000002AD19840000-0x000002AD19848000-memory.dmp

Filesize
32KB

Download
memory/9624-2370-0x0000000000A50000-0x0000000000CA0000-memory.dmp

Filesize
2.3MB

Download
memory/9624-2430-0x0000000000A50000-0x0000000000CA0000-memory.dmp

Filesize
2.3MB

Download
memory/9792-2347-0x0000000000DF0000-0x0000000000E0A000-memory.dmp

Filesize
104KB

Download
memory/9820-2954-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/9976-2358-0x0000000000CB0000-0x0000000000CE0000-memory.dmp

Filesize
192KB

Download
memory/10364-2534-0x0000000000620000-0x0000000000632000-memory.dmp

Filesize
72KB

Download
memory/10420-2433-0x0000000000B90000-0x0000000000C14000-memory.dmp

Filesize
528KB

Download
memory/10660-2441-0x0000000000E40000-0x0000000000E56000-memory.dmp

Filesize
88KB

Download
memory/10684-2980-0x0000000000BB0000-0x0000000000ED4000-memory.dmp

Filesize
3.1MB

Download
memory/10828-2479-0x0000000000600000-0x0000000000610000-memory.dmp

Filesize
64KB

Download
memory/10944-2801-0x0000000000D70000-0x0000000000E00000-memory.dmp

Filesize
576KB

Download
memory/10976-2459-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/11260-2549-0x0000000000880000-0x0000000000892000-memory.dmp

Filesize
72KB

Download
memory/11852-3040-0x0000000000EA0000-0x00000000010F0000-memory.dmp

Filesize
2.3MB

Download
memory/11852-2986-0x0000000000EA0000-0x00000000010F0000-memory.dmp

Filesize
2.3MB

Download
memory/11896-3097-0x00000000004C0000-0x00000000004CE000-memory.dmp

Filesize
56KB

Download
memory/11896-3291-0x000000001B100000-0x000000001B122000-memory.dmp

Filesize
136KB

Download
memory/11944-3074-0x0000000000220000-0x00000000002B9000-memory.dmp

Filesize
612KB

Download
memory/11952-2953-0x00000000006D0000-0x00000000007D4000-memory.dmp

Filesize
1.0MB

Download
memory/12008-2725-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/12152-3331-0x0000000005400000-0x000000000557C000-memory.dmp

Filesize
1.5MB

Download
memory/12152-2676-0x0000000000930000-0x0000000000942000-memory.dmp

Filesize
72KB

Download
memory/12160-2674-0x00000000006A0000-0x00000000006F0000-memory.dmp

Filesize
320KB

Download
memory/12212-2832-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

Filesize
72KB

Download
memory/12212-2819-0x0000000005A90000-0x00000000060A8000-memory.dmp

Filesize
6.1MB

Download
memory/12212-2835-0x0000000004D10000-0x0000000004D4C000-memory.dmp

Filesize
240KB

Download
memory/12212-2820-0x0000000005470000-0x000000000557A000-memory.dmp

Filesize
1.0MB

Download
memory/12212-2779-0x0000000004BD0000-0x0000000004BDA000-memory.dmp

Filesize
40KB

Download
memory/12212-2853-0x0000000004D60000-0x0000000004DAC000-memory.dmp

Filesize
304KB

Download
memory/12212-2740-0x0000000000110000-0x0000000000162000-memory.dmp

Filesize
328KB

Download
memory/12220-3397-0x00007FF7EF250000-0x00007FF7EF29C000-memory.dmp

Filesize
304KB

Download
memory/12220-2681-0x00007FF7EF250000-0x00007FF7EF29C000-memory.dmp

Filesize
304KB

Download
memory/12456-2808-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/12696-2890-0x0000000000AC0000-0x0000000000DE4000-memory.dmp

Filesize
3.1MB

Download
memory/12756-3075-0x0000000000D80000-0x0000000000D8D000-memory.dmp

Filesize
52KB

Download
memory/12836-2887-0x0000000000C90000-0x0000000000FB4000-memory.dmp

Filesize
3.1MB

Download
memory/12888-3048-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/12888-2999-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/12888-3046-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/12900-3072-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/13028-2886-0x00000000003A0000-0x0000000000418000-memory.dmp

Filesize
480KB

Download
memory/13112-2904-0x0000000000400000-0x00000000005FC000-memory.dmp

Filesize
2.0MB

Download
memory/13112-3375-0x0000000000400000-0x00000000005FC000-memory.dmp

Filesize
2.0MB

Download
memory/13120-2934-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/13120-3383-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/13360-3117-0x0000000000040000-0x000000000005A000-memory.dmp

Filesize
104KB

Download
memory/13452-3094-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/13452-3093-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/13452-3096-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/13776-3290-0x00000000009D0000-0x0000000000CF4000-memory.dmp

Filesize
3.1MB

Download
memory/14032-3213-0x0000000000D20000-0x0000000000D32000-memory.dmp

Filesize
72KB

Download
memory/14068-3289-0x0000000000940000-0x0000000000C80000-memory.dmp

Filesize
3.2MB

Download
memory/14352-3330-0x00000000007F0000-0x0000000000B14000-memory.dmp

Filesize
3.1MB

Download
memory/15276-3353-0x0000000000A00000-0x000000000157D000-memory.dmp

Filesize
11.5MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads