Analysis Overview
SHA256
67d51245f00911de82fa3c3d63c8dffc686c1117dcced7cf245cb5fc8609a7ae
Threat Level: Likely malicious
The file Hype_RegeditNoRec.rar was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Obfuscated with Agile.Net obfuscator
Themida packer
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-07-15 18:51
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-15 18:50
Reported
2023-07-15 19:16
Platform
win7-20230712-en
Max time kernel
152s
Max time network
129s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Windows\Temp\vpxiis.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\Temp\vpxiis.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Windows\Temp\vpxiis.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\pnl.exe | N/A |
| N/A | N/A | C:\Windows\Temp\dowb.exe | N/A |
| N/A | N/A | C:\Windows\Temp\vpxiis.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\Temp\vpxiis.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\vpxiis.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Temp\pnl.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\pnl.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\dowb.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\vpxiis.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe
"C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe"
C:\Windows\Temp\pnl.exe
"C:\Windows\Temp\pnl.exe"
C:\Windows\Temp\dowb.exe
"C:\Windows\Temp\dowb.exe"
C:\Windows\Temp\vpxiis.exe
"C:\Windows\Temp\vpxiis.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 692
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.auth.gg | udp |
| US | 192.124.249.189:443 | api.auth.gg | tcp |
Files
memory/2928-55-0x0000000001240000-0x0000000002240000-memory.dmp
memory/2928-54-0x00000000748C0000-0x0000000074FAE000-memory.dmp
memory/2928-56-0x000000000F8A0000-0x000000000F8E0000-memory.dmp
\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
C:\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
C:\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
memory/2664-70-0x00000000748C0000-0x0000000074FAE000-memory.dmp
memory/2664-69-0x0000000000CB0000-0x0000000000CC6000-memory.dmp
C:\Windows\Temp\dowb.exe
| MD5 | d4c5a6b52a0360dd4c17ad9d32484477 |
| SHA1 | 6f0a77dfac1ee96c696f19a3a041fd74b7cf7e24 |
| SHA256 | ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4 |
| SHA512 | d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435 |
memory/2404-77-0x00000000748C0000-0x0000000074FAE000-memory.dmp
memory/2404-79-0x0000000001200000-0x000000000190C000-memory.dmp
memory/2664-76-0x0000000004C60000-0x0000000004CA0000-memory.dmp
C:\Windows\Temp\dowb.exe
| MD5 | d4c5a6b52a0360dd4c17ad9d32484477 |
| SHA1 | 6f0a77dfac1ee96c696f19a3a041fd74b7cf7e24 |
| SHA256 | ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4 |
| SHA512 | d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435 |
\Windows\Temp\dowb.exe
| MD5 | d4c5a6b52a0360dd4c17ad9d32484477 |
| SHA1 | 6f0a77dfac1ee96c696f19a3a041fd74b7cf7e24 |
| SHA256 | ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4 |
| SHA512 | d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435 |
\Windows\Temp\vpxiis.exe
| MD5 | 1339d9b2e6286b64fadaa6f8fad00091 |
| SHA1 | 47585a5bd08ecd1f939ebd0c2e74504376855146 |
| SHA256 | 1555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50 |
| SHA512 | 572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570 |
memory/2928-84-0x0000000012B50000-0x0000000013A64000-memory.dmp
memory/2664-85-0x0000000004C60000-0x0000000004CA0000-memory.dmp
C:\Windows\Temp\vpxiis.exe
| MD5 | 1339d9b2e6286b64fadaa6f8fad00091 |
| SHA1 | 47585a5bd08ecd1f939ebd0c2e74504376855146 |
| SHA256 | 1555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50 |
| SHA512 | 572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570 |
memory/2404-86-0x0000000000B90000-0x0000000000BD0000-memory.dmp
memory/2404-87-0x0000000000B90000-0x0000000000BD0000-memory.dmp
memory/976-88-0x0000000076460000-0x0000000076570000-memory.dmp
memory/976-89-0x0000000076460000-0x0000000076570000-memory.dmp
memory/976-90-0x0000000076460000-0x0000000076570000-memory.dmp
memory/976-91-0x0000000076250000-0x0000000076297000-memory.dmp
memory/976-92-0x0000000076460000-0x0000000076570000-memory.dmp
memory/2928-93-0x00000000748C0000-0x0000000074FAE000-memory.dmp
memory/976-94-0x0000000000D20000-0x0000000001C34000-memory.dmp
memory/976-95-0x0000000076460000-0x0000000076570000-memory.dmp
memory/976-96-0x0000000076460000-0x0000000076570000-memory.dmp
memory/976-97-0x0000000077890000-0x0000000077892000-memory.dmp
memory/976-101-0x0000000000D20000-0x0000000001C34000-memory.dmp
memory/976-100-0x0000000000D20000-0x0000000001C34000-memory.dmp
\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
memory/2928-107-0x000000000F8A0000-0x000000000F8E0000-memory.dmp
memory/2664-109-0x00000000748C0000-0x0000000074FAE000-memory.dmp
memory/2404-110-0x00000000748C0000-0x0000000074FAE000-memory.dmp
memory/2404-112-0x0000000000B90000-0x0000000000BD0000-memory.dmp
memory/2928-111-0x0000000012B50000-0x0000000013A64000-memory.dmp
memory/2404-113-0x0000000000B90000-0x0000000000BD0000-memory.dmp
memory/976-114-0x0000000076460000-0x0000000076570000-memory.dmp
memory/976-115-0x0000000076250000-0x0000000076297000-memory.dmp
memory/976-116-0x0000000000D20000-0x0000000001C34000-memory.dmp
memory/976-118-0x0000000076460000-0x0000000076570000-memory.dmp
memory/976-117-0x0000000076460000-0x0000000076570000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-15 18:50
Reported
2023-07-15 19:16
Platform
win10v2004-20230703-en
Max time kernel
153s
Max time network
157s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Windows\Temp\vpxiis.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\Temp\vpxiis.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Windows\Temp\vpxiis.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\pnl.exe | N/A |
| N/A | N/A | C:\Windows\Temp\dowb.exe | N/A |
| N/A | N/A | C:\Windows\Temp\vpxiis.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\Temp\vpxiis.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\vpxiis.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Temp\pnl.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\pnl.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\dowb.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\vpxiis.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe
"C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe"
C:\Windows\Temp\pnl.exe
"C:\Windows\Temp\pnl.exe"
C:\Windows\Temp\dowb.exe
"C:\Windows\Temp\dowb.exe"
C:\Windows\Temp\vpxiis.exe
"C:\Windows\Temp\vpxiis.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4764 -ip 4764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 1140
C:\Windows\SysWOW64\arp.exe
"C:\Windows\System32\arp.exe" -a
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffefa9446f8,0x7ffefa944708,0x7ffefa944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hype_RegeditNoRec\" -spe -an -ai#7zMap23308:96:7zEvent1920
C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe
"C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.136.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.auth.gg | udp |
| US | 192.124.249.189:443 | api.auth.gg | tcp |
| US | 8.8.8.8:53 | 189.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 95.101.74.90:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 90.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| NL | 95.101.74.28:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 28.74.101.95.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 95.101.74.28:443 | th.bing.com | tcp |
| NL | 95.101.74.40:443 | th.bing.com | tcp |
| NL | 95.101.74.40:443 | th.bing.com | tcp |
| NL | 95.101.74.28:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 40.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| NL | 65.9.86.4:443 | send-anywhere.com | tcp |
| NL | 65.9.86.4:443 | send-anywhere.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | wcs.naver.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 104.18.170.114:443 | cdn.cookielaw.org | tcp |
| NL | 23.42.198.213:443 | wcs.naver.net | tcp |
| US | 8.8.8.8:53 | wcs.naver.com | udp |
| US | 104.18.170.114:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 142.251.36.34:443 | www.googletagservices.com | tcp |
| US | 104.18.70.113:443 | ekr.zdassets.com | tcp |
| KR | 210.89.167.46:443 | wcs.naver.com | tcp |
| US | 157.240.24.13:443 | connect.facebook.net | tcp |
| US | 157.240.24.13:443 | connect.facebook.net | tcp |
| KR | 210.89.167.46:443 | wcs.naver.com | tcp |
| US | 8.8.8.8:53 | 4.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.70.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.170.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.198.42.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.24.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | d10lpsik1i8c69.cloudfront.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | m.servedby-buysellads.com | udp |
| US | 8.8.8.8:53 | cdn.carbonads.com | udp |
| US | 8.8.8.8:53 | send-anywhere.zendesk.com | udp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| DE | 143.204.214.30:443 | d10lpsik1i8c69.cloudfront.net | tcp |
| US | 104.16.51.111:443 | send-anywhere.zendesk.com | tcp |
| US | 151.139.128.10:443 | cdn.carbonads.com | tcp |
| US | 151.139.128.10:443 | cdn.carbonads.com | tcp |
| US | 104.18.29.38:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 95.101.74.202:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 95.101.74.202:80 | apps.identrust.com | tcp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 46.167.89.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.51.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.128.139.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.214.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.105.26.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | ed915ad0586e2c46670476c47cdd2689.safeframe.googlesyndication.com | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| NL | 142.250.179.161:443 | ed915ad0586e2c46670476c47cdd2689.safeframe.googlesyndication.com | tcp |
| GB | 159.65.16.11:443 | srv.buysellads.com | tcp |
| US | 8.8.8.8:53 | settings.luckyorange.net | udp |
| US | 8.8.8.8:53 | srv.carbonads.net | udp |
| GB | 46.101.85.187:443 | srv.carbonads.net | tcp |
| US | 172.67.75.100:443 | settings.luckyorange.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| NL | 142.251.36.34:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d4a553n24khrv.cloudfront.net | udp |
| NL | 142.250.179.161:443 | ed915ad0586e2c46670476c47cdd2689.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.16.65.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.85.101.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 18.65.39.94:443 | d4a553n24khrv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 151.139.128.10:443 | cdn4.buysellads.net | tcp |
| US | 8.8.8.8:53 | 94.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 151.101.0.176:443 | js.stripe.com | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 35.164.155.70:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 70.155.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file-13-233-93-51.send-anywhere.com | udp |
| IN | 13.233.93.51:443 | file-13-233-93-51.send-anywhere.com | tcp |
| US | 8.8.8.8:53 | 51.93.233.13.in-addr.arpa | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 142.250.179.134:443 | s0.2mdn.net | tcp |
| NL | 142.251.36.2:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| IN | 13.233.93.51:443 | file-13-233-93-51.send-anywhere.com | tcp |
| IN | 13.233.93.51:443 | file-13-233-93-51.send-anywhere.com | tcp |
| US | 8.8.8.8:53 | 216.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.8.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.29.38:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
memory/2256-133-0x0000000074730000-0x0000000074EE0000-memory.dmp
memory/2256-134-0x0000000000BC0000-0x0000000001BC0000-memory.dmp
memory/2256-135-0x0000000010150000-0x00000000101EC000-memory.dmp
memory/2256-136-0x00000000107A0000-0x0000000010D44000-memory.dmp
memory/2256-137-0x00000000101F0000-0x0000000010282000-memory.dmp
memory/2256-138-0x0000000010470000-0x0000000010480000-memory.dmp
memory/2256-139-0x0000000010120000-0x000000001012A000-memory.dmp
memory/2256-140-0x0000000010480000-0x00000000104D6000-memory.dmp
C:\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
C:\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
C:\Windows\Temp\pnl.exe
| MD5 | 48ef0378eb7d125c37a825e1727bf9c6 |
| SHA1 | beab162b64248eac8e070c23b706f6059ce5dcfa |
| SHA256 | 77afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7 |
| SHA512 | f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a |
C:\Windows\Temp\dowb.exe
| MD5 | d4c5a6b52a0360dd4c17ad9d32484477 |
| SHA1 | 6f0a77dfac1ee96c696f19a3a041fd74b7cf7e24 |
| SHA256 | ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4 |
| SHA512 | d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435 |
memory/4764-163-0x0000000074730000-0x0000000074EE0000-memory.dmp
memory/4764-164-0x0000000000CC0000-0x0000000000CD6000-memory.dmp
C:\Windows\Temp\dowb.exe
| MD5 | d4c5a6b52a0360dd4c17ad9d32484477 |
| SHA1 | 6f0a77dfac1ee96c696f19a3a041fd74b7cf7e24 |
| SHA256 | ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4 |
| SHA512 | d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435 |
C:\Windows\Temp\dowb.exe
| MD5 | d4c5a6b52a0360dd4c17ad9d32484477 |
| SHA1 | 6f0a77dfac1ee96c696f19a3a041fd74b7cf7e24 |
| SHA256 | ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4 |
| SHA512 | d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435 |
memory/876-175-0x0000000074730000-0x0000000074EE0000-memory.dmp
memory/4764-176-0x0000000003260000-0x0000000003270000-memory.dmp
C:\Windows\Temp\vpxiis.exe
| MD5 | 1339d9b2e6286b64fadaa6f8fad00091 |
| SHA1 | 47585a5bd08ecd1f939ebd0c2e74504376855146 |
| SHA256 | 1555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50 |
| SHA512 | 572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570 |
memory/2256-181-0x0000000074730000-0x0000000074EE0000-memory.dmp
memory/876-177-0x00000000006E0000-0x0000000000DEC000-memory.dmp
C:\Windows\Temp\vpxiis.exe
| MD5 | 1339d9b2e6286b64fadaa6f8fad00091 |
| SHA1 | 47585a5bd08ecd1f939ebd0c2e74504376855146 |
| SHA256 | 1555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50 |
| SHA512 | 572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570 |
memory/4724-182-0x00000000009B0000-0x00000000018C4000-memory.dmp
memory/4724-183-0x0000000076930000-0x0000000076A20000-memory.dmp
C:\Windows\Temp\vpxiis.exe
| MD5 | 1339d9b2e6286b64fadaa6f8fad00091 |
| SHA1 | 47585a5bd08ecd1f939ebd0c2e74504376855146 |
| SHA256 | 1555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50 |
| SHA512 | 572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570 |
memory/4724-184-0x0000000076930000-0x0000000076A20000-memory.dmp
memory/4724-185-0x0000000076930000-0x0000000076A20000-memory.dmp
memory/876-186-0x00000000059D0000-0x00000000059E0000-memory.dmp
memory/4764-188-0x0000000003260000-0x0000000003270000-memory.dmp
memory/4764-187-0x0000000003260000-0x0000000003270000-memory.dmp
memory/4724-189-0x0000000077244000-0x0000000077246000-memory.dmp
memory/4724-192-0x00000000009B0000-0x00000000018C4000-memory.dmp
memory/4724-193-0x00000000009B0000-0x00000000018C4000-memory.dmp
memory/2256-195-0x0000000010470000-0x0000000010480000-memory.dmp
memory/4764-196-0x0000000074730000-0x0000000074EE0000-memory.dmp
memory/4724-198-0x00000000009B0000-0x00000000018C4000-memory.dmp
memory/4724-199-0x0000000076930000-0x0000000076A20000-memory.dmp
memory/876-200-0x0000000074730000-0x0000000074EE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b5f5369274e3bfbc449588bbb57bd383 |
| SHA1 | 58bb46d57bd70c1c0bcbad619353cbe185f34c3b |
| SHA256 | 4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464 |
| SHA512 | 04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6073c7edf13321ba14e9fa0cb516d050 |
| SHA1 | 873b6cd5c7c224987bf0fbefb3d684cd7b0d0060 |
| SHA256 | 2f48d85e455aa90eaf6813cdcacb3d483155f1f8b5d07421258b09d4b7989ba5 |
| SHA512 | c39a015ff7815bebf24eebdf58410bd63d4f4729c229b4a1d1e31d61f23bf7c485beb83360b90524c9306fef49578b76980c443ded0f7b996995f2693279d768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19da0f49d905b576487c775f37e2bab7 |
| SHA1 | 615f38e7bca9e524eeb5a8b155a9dcd5ebd51eee |
| SHA256 | eb3fdbcc2a522f30928af14d0896f2310df00dfc15160aa80c2aa2946ff8e184 |
| SHA512 | 57cf1f39083bcf58c879756767f15cf6aaffe938f93e78d640d8da4095a7362b49c0134c3806d39315e90441c948439047b6c33b35cb15c0a2acc338f64ca292 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63e8173aa5f2be664a9e2b96c0d73027 |
| SHA1 | 93e078d9897185d7e79ad666b21456279c87f47d |
| SHA256 | 35c61a8bde9d74e081dc0a410c1a7f1145ed399437cd05f6f1ae36d314f5fd28 |
| SHA512 | a06046310b9f411070bb617af04725148ea9cd219498d25515c073cb1d42bad2477c39942afa6655aa999f27b804854778b0e6f44597696b8fb779b1db37e7b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 29213338df67d29d6454ee5d61ad3970 |
| SHA1 | 8c69ca76a2e639060d5ce835a9600e6ea3764a83 |
| SHA256 | d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51 |
| SHA512 | 14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 5e24ea2883b1203bc670337568007e83 |
| SHA1 | 4254f3cb556e228237e09b49c667992103a53067 |
| SHA256 | 59a20340bc9a4fabc3bf980c06730c8d7c0213f0cbd2517f9c6352fd53caed7a |
| SHA512 | 2d9f214e7d948c01937978388b87f93128d88f94399b361470030a34a7677bd3c66468e50ff351a3b1da73e2cad36226701ce69049c894d4fabcec5156fbe0f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afbac8db8576635858c3faca6d65ebc0 |
| SHA1 | fcd56acc260063187c3e3f095eac66ab628d1ac7 |
| SHA256 | 038f9348ae55ee613f450a2e1f5c39c44c0a160db3053c4dfa1d81d285acafe9 |
| SHA512 | c504b39b9feb15cb249fbce9e52055b47999a87d542a2b0c5cc8ac9a43a2fd0d2a7517f6f6a6e1621f0ca3fefd5f86995e1145efde28a8327c145e42195c76e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 162883770ef220b0b350e7b73303408a |
| SHA1 | 6032860f359ce4b608a7dbe0a81c9e2c3f42a554 |
| SHA256 | 6e8f3618b386ace91c948e9b33bca9719584adf3ce03bb2629ca5107be8b6d68 |
| SHA512 | c85556b7b52b2b7f669020e3011adcf83dd50a8739afee99214efb637ba442aefe364b2820c2f70513873312bdb5cbcf493de632e81d7dc162a58be7c10dde9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588eed.TMP
| MD5 | 268610d7299d9a550fb45f0d0aa71822 |
| SHA1 | cdb63502f9c902833469b153510534d335214a97 |
| SHA256 | 06638f5c7b574a14539c4ace50fb42edd5e1e6cb9c6b41a85d99fdd38566d087 |
| SHA512 | 59e92b92927aebce70c385dd27fb1f5886a24d2ed97b3e9c9c24ee5ae338e934965551d0e8f4fcb9b515378eaa74eadb81b45cf736b22ea6d1d9e263573f20d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ed8c64f319d5fd123a41784d8391e54 |
| SHA1 | 11d1f60184af1ce66ef989ed3b436f793c4bff19 |
| SHA256 | cd31eb28ecacf807072d8319c9613005a2ee4ab724a3c0cb40b27962a879d03c |
| SHA512 | e6c760b3269aa2566d6eafbde251fe2e995536a243db83153817a37688c471dc2bcb92953f8c55b216694305359ef1d56a1b35bbecb3f49f9a75d834e22506b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 690a0b117dce52f24c9748368f2627a6 |
| SHA1 | 53d5eef83faf9321cab98f2b55e55af2cd7c59c2 |
| SHA256 | 8934c4f89565e4ef55c13898fbcd261b0253c428d64385fe390c381eb341b3a2 |
| SHA512 | 063df50fcd2fbb176564da70cfa9f773d5386ea787bda235ccbc31eed99bf76c181a44a6e2ad9f52f5caa25ff23a3db7305ee8179a6c5505dea05871816f5011 |
C:\Users\Admin\Downloads\Hype_RegeditNoRec.rar
| MD5 | 5132a7af28488bb50504dc7a31ef52af |
| SHA1 | edb5c28a8fe7223318f9594a0b0acf60219d2798 |
| SHA256 | 67d51245f00911de82fa3c3d63c8dffc686c1117dcced7cf245cb5fc8609a7ae |
| SHA512 | 28c25524c9c5704a789e080dd6dff8b8e894d96416925fda17d9e40711338d3b4b48ebc8430d8eea03fed83d439856f64a0170e209b7b21f7ce915387f217e69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f90dac70d23f0ec1b7d5a6b891e3699b |
| SHA1 | 7e32dba63d0f9c524fcb82b1718b53df7b4c40fa |
| SHA256 | 3d8692fcfdbfeba8ccaa51306436e57a7713be8446e9d53eea5a84e78e5d6c35 |
| SHA512 | 071aac7eaf06b35c73493551b6e1bfe59de3aa0500fad9121bee0d663537f1b7b20942621b8d85f0d71877fc2030e6b601935d7173bb49bfe361af42899a2247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1ea67e9a0503275657dc2dd270fc6f21 |
| SHA1 | d112f56991ff071e8ea9b1c811eb53d5ae667e1c |
| SHA256 | 034c7708df50ca31ff513ec15aae147e7b5f5dee86a690476098107062d7dfcf |
| SHA512 | 24851aa051ae3485f1e72633c0dccf8374eaba6b4040ba89f0f1e52cbd79d5e8e28fcc10e73115a944eae2c9fc5f9c6952906de1fad93825ccff4a40b2840cde |
C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe
| MD5 | da1cdcc5ab856cca418521fbc589afba |
| SHA1 | 0f76841091b15367b0252de66d6d2b5ca3302c0e |
| SHA256 | 03352db4ea4b1c233237b5124f6b3f0c70c35975057e226469a8d8e0751e5e1e |
| SHA512 | d211d7188dd6f3b1d57aa79fb79ac1076bfbf306b0bf8500d222b66ab3c24acc76b6cc84df16fd7b2d85c6ac65a90494dd232c6f928c567a313b305184de272b |
C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe
| MD5 | da1cdcc5ab856cca418521fbc589afba |
| SHA1 | 0f76841091b15367b0252de66d6d2b5ca3302c0e |
| SHA256 | 03352db4ea4b1c233237b5124f6b3f0c70c35975057e226469a8d8e0751e5e1e |
| SHA512 | d211d7188dd6f3b1d57aa79fb79ac1076bfbf306b0bf8500d222b66ab3c24acc76b6cc84df16fd7b2d85c6ac65a90494dd232c6f928c567a313b305184de272b |
memory/4812-628-0x0000000074730000-0x0000000074EE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aae1da2c084faba043cdc73afc8e12ad |
| SHA1 | 13723363266006b58ccc45935608d03f59b62cca |
| SHA256 | d406667e03832d0ce084ca1eacb443d73886e2005cc6ada5612d376980d36342 |
| SHA512 | f0225936b4758385a23b3a78f8e5b033a8b5ce93d21cf5142bd604f8cb7b79b5f4d5db62e4aa7b5458aaa80f8631f7a38bf04f680304edf801d12d785d448fbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db2d2a0e5c85a851d4952cd9806bdebd |
| SHA1 | c999abd2877f430fd077a1d415f9f8b473463878 |
| SHA256 | d25fc4b5ad1d153407ee15c4a85629317e733ce9e5c764989b8957f10e398a45 |
| SHA512 | 9fbff3b66d2f2def929323ec6aed6feb2abecb5fe788c169b6283bcdbb3272217dc8a21cdddeb2e1c5982f759058fd007d60edecf318da857864f10f252830a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a0bd233ccf559d8f0abd2bd776e9bf4e |
| SHA1 | dd6de0090654377ba6ecc4e75f27264833c1d1c4 |
| SHA256 | d225955981fdfbab7ce145c738228c953ab48bdacd1230b134df2fbac511a771 |
| SHA512 | 951efc0e70f479185cf01621c6050997504fbface83764550e96d19ae544bea47df5dd4656c49a4b8cbde6e9d4a5d2587ae3692cb61286c1b9bd71cea7d64b57 |
memory/4812-772-0x0000000010290000-0x00000000102A0000-memory.dmp
memory/4812-773-0x0000000074730000-0x0000000074EE0000-memory.dmp
C:\Windows\Temp\DotNetZip.dll
| MD5 | 11bbdf80d756b3a877af483195c60619 |
| SHA1 | 99aca4f325d559487abc51b0d2ebd4dca62c9462 |
| SHA256 | 698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1 |
| SHA512 | ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29 |
C:\Windows\Temp\Guna.UI2.dll
| MD5 | f217e8054b7dbbcbd4ab10baf4750588 |
| SHA1 | b1c3089e6b895e6415c36beb82516746e19d2b55 |
| SHA256 | 6a542d4e68417d91d0a21f9e5b85449959325b29e2410c3ef1df7526dd091194 |
| SHA512 | ba778f3c3819364954b6681bbdb87cf9ca2c34d8b0e6e76df665a2d93a94c9b421893a977960d24a908bc9b7209749fee65c930ef0776a0195265193846fe56e |
memory/4812-776-0x0000000010290000-0x00000000102A0000-memory.dmp
memory/4812-777-0x0000000010290000-0x00000000102A0000-memory.dmp
memory/4812-778-0x0000000010290000-0x00000000102A0000-memory.dmp