Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
06-03-2022 20:33
Static task
static1
Behavioral task
behavioral1
Sample
69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe
Resource
win10v2004-en-20220113
General
-
Target
69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe
-
Size
1.9MB
-
MD5
c92d4a257901ebf90deb87da967f6b57
-
SHA1
c3d91035b8809b4bbbe2c30ccba3f09b5d1d5cf6
-
SHA256
69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050
-
SHA512
0edc0afe3ec41f2955c976c6f1acc9151ba7714adcb5d085f9a2f8c47187a87896ff96dd8be33cbd9b6a01360b658a62edf489a4b46157d48fe4cbf5d25c8c24
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Executes dropped EXE 9 IoCs
Processes:
OXYSploit-ByAlain-release.exeOXYSPloit-Release.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exepid process 3732 OXYSploit-ByAlain-release.exe 1420 OXYSPloit-Release.exe 2696 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 4780 OXYSPloitRelease4.exe -
Checks BIOS information in registry 2 TTPs 14 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
OXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion OXYSPloitRelease4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion OXYSPloitRelease4.exe -
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
OXYSPloit-Release.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exe69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exeOXYSploit-ByAlain-release.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation OXYSPloit-Release.exe Key value queried \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation OXYSPloitRelease4.exe Key value queried \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation OXYSPloitRelease4.exe Key value queried \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation 69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe Key value queried \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation OXYSploit-ByAlain-release.exe -
Identifies Wine through registry keys 2 TTPs 7 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
OXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Wine OXYSPloitRelease4.exe Key opened \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Wine OXYSPloitRelease4.exe Key opened \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Wine OXYSPloitRelease4.exe Key opened \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Wine OXYSPloitRelease4.exe Key opened \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Wine OXYSPloitRelease4.exe Key opened \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Wine OXYSPloitRelease4.exe Key opened \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Wine OXYSPloitRelease4.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
OXYSPloitRelease4.exedescription ioc process File opened for modification \??\PhysicalDrive0 OXYSPloitRelease4.exe -
Drops file in Program Files directory 7 IoCs
Processes:
OXYSploit-ByAlain-release.exesetup.exedescription ioc process File created C:\Program Files (x86)\info.bat OXYSploit-ByAlain-release.exe File opened for modification C:\Program Files (x86)\info.bat OXYSploit-ByAlain-release.exe File created C:\Program Files (x86)\OXYSPloit-Release.exe OXYSploit-ByAlain-release.exe File opened for modification C:\Program Files (x86)\OXYSPloit-Release.exe OXYSploit-ByAlain-release.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\fa1a8881-e213-4e4c-9091-24bd30d368bc.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220306203748.pma setup.exe File created C:\Program Files (x86)\__tmp_rar_sfx_access_check_30230109 OXYSploit-ByAlain-release.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
OXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exepid process 4024 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 4024 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 1632 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 3588 OXYSPloitRelease4.exe 2944 OXYSPloitRelease4.exe 1748 OXYSPloitRelease4.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
Processes:
svchost.exeAUDIODG.EXEdescription pid process Token: SeTcbPrivilege 5072 svchost.exe Token: SeTcbPrivilege 5072 svchost.exe Token: SeTcbPrivilege 5072 svchost.exe Token: SeTcbPrivilege 5072 svchost.exe Token: SeTcbPrivilege 5072 svchost.exe Token: 33 64 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 64 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
msedge.exepid process 1716 msedge.exe 1716 msedge.exe 1716 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exeOXYSploit-ByAlain-release.execmd.exeOXYSPloit-Release.exeOXYSPloitRelease4.exeOXYSPloitRelease4.exemsedge.exedescription pid process target process PID 2256 wrote to memory of 3732 2256 69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe OXYSploit-ByAlain-release.exe PID 2256 wrote to memory of 3732 2256 69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe OXYSploit-ByAlain-release.exe PID 2256 wrote to memory of 3732 2256 69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe OXYSploit-ByAlain-release.exe PID 3732 wrote to memory of 4808 3732 OXYSploit-ByAlain-release.exe cmd.exe PID 3732 wrote to memory of 4808 3732 OXYSploit-ByAlain-release.exe cmd.exe PID 3732 wrote to memory of 4808 3732 OXYSploit-ByAlain-release.exe cmd.exe PID 4808 wrote to memory of 1420 4808 cmd.exe OXYSPloit-Release.exe PID 4808 wrote to memory of 1420 4808 cmd.exe OXYSPloit-Release.exe PID 4808 wrote to memory of 1420 4808 cmd.exe OXYSPloit-Release.exe PID 1420 wrote to memory of 2696 1420 OXYSPloit-Release.exe OXYSPloitRelease4.exe PID 1420 wrote to memory of 2696 1420 OXYSPloit-Release.exe OXYSPloitRelease4.exe PID 1420 wrote to memory of 2696 1420 OXYSPloit-Release.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 4024 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 4024 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 4024 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 2944 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 2944 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 2944 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 3588 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 3588 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 3588 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 1632 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 1632 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 1632 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 1748 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 1748 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 1748 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 4780 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 4780 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 2696 wrote to memory of 4780 2696 OXYSPloitRelease4.exe OXYSPloitRelease4.exe PID 4780 wrote to memory of 4540 4780 OXYSPloitRelease4.exe notepad.exe PID 4780 wrote to memory of 4540 4780 OXYSPloitRelease4.exe notepad.exe PID 4780 wrote to memory of 4540 4780 OXYSPloitRelease4.exe notepad.exe PID 4780 wrote to memory of 1716 4780 OXYSPloitRelease4.exe msedge.exe PID 4780 wrote to memory of 1716 4780 OXYSPloitRelease4.exe msedge.exe PID 1716 wrote to memory of 4840 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4840 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe PID 1716 wrote to memory of 4516 1716 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe"C:\Users\Admin\AppData\Local\Temp\69f650e3a08473b7293b23ab0367dfb27fd9959fd5a3916f862e4a743a66a050.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\OXYSploit-ByAlain-release.exe"C:\Users\Admin\Desktop\OXYSploit-ByAlain-release.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\info.bat" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\OXYSPloit-Release.exeOXYSPloit-Release.exe -pM1RYANNE -dC:\Users\Admin\Desktop4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"5⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"C:\Users\Admin\Desktop\OXYSPloitRelease4.exe" /watchdog6⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"C:\Users\Admin\Desktop\OXYSPloitRelease4.exe" /watchdog6⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"C:\Users\Admin\Desktop\OXYSPloitRelease4.exe" /watchdog6⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"C:\Users\Admin\Desktop\OXYSPloitRelease4.exe" /watchdog6⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"C:\Users\Admin\Desktop\OXYSPloitRelease4.exe" /watchdog6⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exe"C:\Users\Admin\Desktop\OXYSPloitRelease4.exe" /main6⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt7⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser7⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbf66146f8,0x7ffbf6614708,0x7ffbf66147188⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:28⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:38⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7b0a25460,0x7ff7b0a25470,0x7ff7b0a254809⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7076 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,10819858720175022139,17022612399518457600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6848 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend7⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffbf66146f8,0x7ffbf6614708,0x7ffbf66147188⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download7⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf66146f8,0x7ffbf6614708,0x7ffbf66147188⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe7⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf66146f8,0x7ffbf6614708,0x7ffbf66147188⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus7⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbf66146f8,0x7ffbf6614708,0x7ffbf66147188⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x48c 0x2c81⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\OXYSPloit-Release.exeMD5
4442d99b3a9fb90de40b94e2f0286474
SHA1f3c823d663c6b5eeaaf34ba0d6d2b7e5c941a69d
SHA256381ca43359eb49ca36ae4aeeae7b8376b1d4745fd27bd21ed1b70bfa39800ac2
SHA512bb1c068c54bf438e74ad0f306808b64655c5b873bb32530d593e17f66e30cbf157be1de70d7e0a1c401dca45801022baf0bea54603852494d90292ebe576c532
-
C:\Program Files (x86)\OXYSPloit-Release.exeMD5
4442d99b3a9fb90de40b94e2f0286474
SHA1f3c823d663c6b5eeaaf34ba0d6d2b7e5c941a69d
SHA256381ca43359eb49ca36ae4aeeae7b8376b1d4745fd27bd21ed1b70bfa39800ac2
SHA512bb1c068c54bf438e74ad0f306808b64655c5b873bb32530d593e17f66e30cbf157be1de70d7e0a1c401dca45801022baf0bea54603852494d90292ebe576c532
-
C:\Program Files (x86)\info.batMD5
2af9dcd6a49591bbaaabb965384dba1d
SHA1eb275f922d23e68121c3a1c813207c438feffb21
SHA256bfa96019c8a18e924b11ea009400e9c309a0e0e58621b4304a111f9890100d73
SHA512c0d85137ac4ae93d87b05665ae7c6fc51b808af2fee5efc41fd7b5c9a62b39bc9e5bbafaf2409584ed16711cf95bc1551a4d80ca59eab1f04b6740cabac8e89b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
ee62affb981b3e9a3246eef79249ad40
SHA1a1c3564d86bb6341894e1efa65cd923a5c280c8f
SHA2564a3834071a2ac2372115d0e1146132f41a1497b6616d822eb926bf3ab32dc1ca
SHA5121450bfd79cbedfb186adfd9f7f2ff9c9296ffd5badae62048bbc67f808d431325ab5afbcc980251833a93f28dc3d6a74d2febdaf6d46697eacfac53c82b2acc4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
ee62affb981b3e9a3246eef79249ad40
SHA1a1c3564d86bb6341894e1efa65cd923a5c280c8f
SHA2564a3834071a2ac2372115d0e1146132f41a1497b6616d822eb926bf3ab32dc1ca
SHA5121450bfd79cbedfb186adfd9f7f2ff9c9296ffd5badae62048bbc67f808d431325ab5afbcc980251833a93f28dc3d6a74d2febdaf6d46697eacfac53c82b2acc4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
ee62affb981b3e9a3246eef79249ad40
SHA1a1c3564d86bb6341894e1efa65cd923a5c280c8f
SHA2564a3834071a2ac2372115d0e1146132f41a1497b6616d822eb926bf3ab32dc1ca
SHA5121450bfd79cbedfb186adfd9f7f2ff9c9296ffd5badae62048bbc67f808d431325ab5afbcc980251833a93f28dc3d6a74d2febdaf6d46697eacfac53c82b2acc4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
ee62affb981b3e9a3246eef79249ad40
SHA1a1c3564d86bb6341894e1efa65cd923a5c280c8f
SHA2564a3834071a2ac2372115d0e1146132f41a1497b6616d822eb926bf3ab32dc1ca
SHA5121450bfd79cbedfb186adfd9f7f2ff9c9296ffd5badae62048bbc67f808d431325ab5afbcc980251833a93f28dc3d6a74d2febdaf6d46697eacfac53c82b2acc4
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSPloitRelease4.exeMD5
9cd4ef4aab1841cfb3274d36cc599760
SHA1555df36876523dd1b395db32929eecfa4a759fa7
SHA2565fe7604e5f080d91e2f43fbe3fd053b8d78f7437b8ceab86cf07aab8f4dcc452
SHA5125aad5b5c9e3ac914d97057520e1c726f3e8c5fe3ac6acc7451c4d147c8d8e771be5463cfc8f0cb6fba75a2ec05e0da3fd1ca8df6ec6147fc6106291a1ab26d92
-
C:\Users\Admin\Desktop\OXYSploit-ByAlain-release.exeMD5
f59b1658efb38fd8fb7eb36d99896d2d
SHA1931646cb9dcc2afb7261daffe96e09880fa68a42
SHA256654091267fe517ccb5db63e446d2fb16c1e43cf9ca96fb7eb138fcf0ffefd536
SHA512e576c565f2fd765786866e51e713d8114c79410d4ef40143780ab06ccf07e84484499db3aa134aea7b9a5755accf677d2c9c2ad0ab45f0dd5e9180eba4f70ace
-
C:\Users\Admin\Desktop\OXYSploit-ByAlain-release.exeMD5
f59b1658efb38fd8fb7eb36d99896d2d
SHA1931646cb9dcc2afb7261daffe96e09880fa68a42
SHA256654091267fe517ccb5db63e446d2fb16c1e43cf9ca96fb7eb138fcf0ffefd536
SHA512e576c565f2fd765786866e51e713d8114c79410d4ef40143780ab06ccf07e84484499db3aa134aea7b9a5755accf677d2c9c2ad0ab45f0dd5e9180eba4f70ace
-
C:\note.txtMD5
afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\LOCAL\crashpad_1716_HDIKOZDRZLENSXFMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1632-184-0x0000000004650000-0x0000000004651000-memory.dmpFilesize
4KB
-
memory/1632-196-0x0000000004640000-0x0000000004641000-memory.dmpFilesize
4KB
-
memory/1632-182-0x00000000046A0000-0x00000000046A1000-memory.dmpFilesize
4KB
-
memory/1632-166-0x0000000000FA0000-0x00000000011FB000-memory.dmpFilesize
2.4MB
-
memory/1632-178-0x0000000004620000-0x0000000004621000-memory.dmpFilesize
4KB
-
memory/1632-167-0x0000000004690000-0x0000000004691000-memory.dmpFilesize
4KB
-
memory/1632-181-0x00000000046B0000-0x00000000046B1000-memory.dmpFilesize
4KB
-
memory/1632-183-0x0000000004660000-0x0000000004661000-memory.dmpFilesize
4KB
-
memory/1632-193-0x0000000004630000-0x0000000004631000-memory.dmpFilesize
4KB
-
memory/1748-189-0x0000000004760000-0x0000000004761000-memory.dmpFilesize
4KB
-
memory/1748-170-0x0000000004780000-0x0000000004781000-memory.dmpFilesize
4KB
-
memory/1748-160-0x0000000000FA0000-0x00000000011FB000-memory.dmpFilesize
2.4MB
-
memory/1748-169-0x0000000004790000-0x0000000004791000-memory.dmpFilesize
4KB
-
memory/1748-164-0x00000000047E0000-0x00000000047E1000-memory.dmpFilesize
4KB
-
memory/1748-165-0x00000000047D0000-0x00000000047D1000-memory.dmpFilesize
4KB
-
memory/1748-163-0x0000000004750000-0x0000000004751000-memory.dmpFilesize
4KB
-
memory/1748-161-0x00000000047C0000-0x00000000047C1000-memory.dmpFilesize
4KB
-
memory/1748-190-0x0000000004770000-0x0000000004771000-memory.dmpFilesize
4KB
-
memory/2696-146-0x0000000004CD0000-0x0000000004CD1000-memory.dmpFilesize
4KB
-
memory/2696-141-0x0000000000FA0000-0x00000000011FB000-memory.dmpFilesize
2.4MB
-
memory/2696-145-0x0000000004C90000-0x0000000004C91000-memory.dmpFilesize
4KB
-
memory/2696-143-0x0000000004D00000-0x0000000004D01000-memory.dmpFilesize
4KB
-
memory/2944-176-0x0000000004680000-0x0000000004681000-memory.dmpFilesize
4KB
-
memory/2944-173-0x00000000045D0000-0x00000000045D1000-memory.dmpFilesize
4KB
-
memory/2944-195-0x00000000045F0000-0x00000000045F1000-memory.dmpFilesize
4KB
-
memory/2944-194-0x00000000045E0000-0x00000000045E1000-memory.dmpFilesize
4KB
-
memory/2944-177-0x0000000004660000-0x0000000004661000-memory.dmpFilesize
4KB
-
memory/2944-153-0x0000000000FA0000-0x00000000011FB000-memory.dmpFilesize
2.4MB
-
memory/2944-179-0x0000000004610000-0x0000000004611000-memory.dmpFilesize
4KB
-
memory/2944-154-0x0000000004650000-0x0000000004651000-memory.dmpFilesize
4KB
-
memory/2944-180-0x0000000004600000-0x0000000004601000-memory.dmpFilesize
4KB
-
memory/3588-155-0x0000000000FA0000-0x00000000011FB000-memory.dmpFilesize
2.4MB
-
memory/3588-156-0x0000000004250000-0x0000000004251000-memory.dmpFilesize
4KB
-
memory/3588-175-0x0000000004210000-0x0000000004211000-memory.dmpFilesize
4KB
-
memory/3588-168-0x00000000041E0000-0x00000000041E1000-memory.dmpFilesize
4KB
-
memory/3588-172-0x0000000004260000-0x0000000004261000-memory.dmpFilesize
4KB
-
memory/3588-174-0x0000000004220000-0x0000000004221000-memory.dmpFilesize
4KB
-
memory/3588-192-0x0000000004200000-0x0000000004201000-memory.dmpFilesize
4KB
-
memory/3588-171-0x0000000004270000-0x0000000004271000-memory.dmpFilesize
4KB
-
memory/3588-191-0x00000000041F0000-0x00000000041F1000-memory.dmpFilesize
4KB
-
memory/4024-152-0x0000000004590000-0x0000000004591000-memory.dmpFilesize
4KB
-
memory/4024-188-0x0000000004550000-0x0000000004551000-memory.dmpFilesize
4KB
-
memory/4024-186-0x0000000004530000-0x0000000004531000-memory.dmpFilesize
4KB
-
memory/4024-187-0x0000000004540000-0x0000000004541000-memory.dmpFilesize
4KB
-
memory/4024-162-0x0000000004560000-0x0000000004561000-memory.dmpFilesize
4KB
-
memory/4024-157-0x0000000004520000-0x0000000004521000-memory.dmpFilesize
4KB
-
memory/4024-159-0x00000000045A0000-0x00000000045A1000-memory.dmpFilesize
4KB
-
memory/4024-158-0x00000000045B0000-0x00000000045B1000-memory.dmpFilesize
4KB
-
memory/4024-151-0x0000000000FA0000-0x00000000011FB000-memory.dmpFilesize
2.4MB
-
memory/4516-199-0x00007FFC14B60000-0x00007FFC14B61000-memory.dmpFilesize
4KB
-
memory/4780-148-0x0000000004F70000-0x0000000004F72000-memory.dmpFilesize
8KB
-
memory/4780-149-0x0000000004F00000-0x0000000004F01000-memory.dmpFilesize
4KB
-
memory/4780-216-0x0000000004F50000-0x0000000004F51000-memory.dmpFilesize
4KB
-
memory/4780-217-0x0000000004F80000-0x0000000004F81000-memory.dmpFilesize
4KB
-
memory/4780-197-0x0000000004FB0000-0x0000000004FB1000-memory.dmpFilesize
4KB
-
memory/4780-150-0x0000000004F40000-0x0000000004F41000-memory.dmpFilesize
4KB
-
memory/4780-147-0x0000000000FA0000-0x00000000011FB000-memory.dmpFilesize
2.4MB