Analysis Overview
SHA256
71f8c272463987c3323776ba0b07f2c500410b5aa8a1a50ae32f3e213d02413c
Threat Level: Known bad
The file 2023-07-15.zip was found to be: Known bad.
Malicious Activity Summary
Async RAT payload
Healer
Asyncrat family
Gafgyt/Bashlite
Mirai
RedLine
Modifies Windows Defender Real-time Protection settings
Amadey family
RedLine payload
Blackmoon family
Amadey
Djvu Ransomware
GCleaner
Detected Gafgyt variant
SectopRAT payload
Redline family
Sectoprat family
NetSupport
Gafgyt family
Blackmoon, KrBanker
Mirai family
Njrat family
Detect Blackmoon payload
njRAT/Bladabindi
Detects Healer an antivirus disabler dropper
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Modifies Windows Firewall
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Themida packer
Reads user/profile data of web browsers
Checks BIOS information in registry
Requests dangerous framework permissions
Checks computer location settings
UPX packed file
Windows security modification
Accesses 2FA software files, possible credential harvesting
Checks whether UAC is enabled
Looks up external IP address via web service
Checks installed software on the system
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Program Files directory
HTTP links in PDF interactive object
Program crash
Enumerates physical storage devices
One or more HTTP URLs in PDF identified
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Creates scheduled task(s)
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Runs net.exe
Suspicious behavior: MapViewOfSection
Enumerates system info in registry
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-07-16 17:46
Signatures
Amadey family
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Asyncrat family
Blackmoon family
Detect Blackmoon payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected Gafgyt variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gafgyt family
Mirai family
Njrat family
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Redline family
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Sectoprat family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read audio files from external storage. | android.permission.READ_MEDIA_AUDIO | N/A | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
One or more HTTP URLs in PDF identified
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-16 17:45
Reported
2023-07-16 18:02
Platform
win10v2004-20230703-en
Max time kernel
444s
Max time network
902s
Command Line
Signatures
Amadey
Blackmoon, KrBanker
Detect Blackmoon payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected Gafgyt variant
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Healer an antivirus disabler dropper
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
GCleaner
Gafgyt/Bashlite
Healer
Mirai
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
NetSupport
RedLine
njRAT/Bladabindi
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP013.TMP\d9809524.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\RewSpacer714\RewSpacer714.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe | N/A |
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP036.TMP\y9844077.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\x7853339.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP013.TMP\v4550162.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\8b3b326b5933fe0df56ed8222a43f436799de3caa14ed09125bdbc537d56eb86.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\ff3e22df306eca9b6314b52e2b97d1dedca75e38d21b41cff14cbc8fe029e839.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP038.TMP\x9359883.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup22 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP022.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP027.TMP\y3825745.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup29 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP029.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\7f14f9058b9aca46b621012998441597fcc6cea96d95c8585b2e085fc12b282a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\06fa25bf45ac966436327e2941921b0c5592810b08a9d9f7a7b02a5047fa7301.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\y7389349.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup10 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP010.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\x2977053.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP017.TMP\x9359883.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP019.TMP\v9941993.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup30 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP030.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP029.TMP\y4313616.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP033.TMP\x2060363.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP030.TMP\y8978427.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup37 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP037.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP036.TMP\y9844077.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\x1762007.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\f25f6e9dcfd0c26519ea437ef7c7bbfb0072640b03868b1e450daaf63ccdfd4f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup7 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP007.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\x8556293.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\f8008675eee8ef82dd1b56c2b400ab345f415ca32bdafec51bc50ed4550c10ea.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP023.TMP\x4689687.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup26 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP026.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\8b3b326b5933fe0df56ed8222a43f436799de3caa14ed09125bdbc537d56eb86.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup38 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP038.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\x1762007.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup6 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP006.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\f99f8eb87369eca8dcb8c1ae4c964f39af5a2536bde56d95b67d65caa72a75e3.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\x8556293.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup15 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP015.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP014.TMP\v6014456.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP016.TMP\x1762007.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP029.TMP\y4313616.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\ff3e22df306eca9b6314b52e2b97d1dedca75e38d21b41cff14cbc8fe029e839.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup19 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP019.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\d2ae032262a8f1a87b7545ac6c7a93d17f5ba60d142dc09cea56fd367794cb02.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP020.TMP\v5108401.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\5c392e2a2961e96d305b3ed9af854e043f75ae80b219c612fbc6cd000399f7d6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup23 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP023.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\5c392e2a2961e96d305b3ed9af854e043f75ae80b219c612fbc6cd000399f7d6.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP026.TMP\y1886631.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup31 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP031.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP030.TMP\y8978427.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup32 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP032.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\7e66ce12cb717f604e25134c168ddcde4e271e6235f4b5233d875d10de68ef45.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup33 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP033.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP032.TMP\x9429950.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\2bd214cc-e934-4e0e-8220-2f9c2a6f43f2\\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe\" --AutoStart" | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\x6841492.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup12 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP012.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\fc838e1a5e3f4ee801d8f9162ce93d36e8081ba32a85cc436229d5980942a6ae.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP014.TMP\v6014456.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\7f14f9058b9aca46b621012998441597fcc6cea96d95c8585b2e085fc12b282a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup39 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP039.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP038.TMP\x9359883.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup13 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP013.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\v7064354.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup17 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP017.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP016.TMP\x1762007.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP035.TMP\y9416386.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup20 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP020.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP019.TMP\v9941993.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup35 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP035.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\0e02bc2035e70151fd6ff41cd430a369188c063a8bf17b8e81ee55a6f5a612a5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\y9203246.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup5 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\x6841492.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup8 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP008.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\x7853339.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup16 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP016.TMP\\\"" | C:\Users\Admin\Desktop\2023-07-15\ff3e22df306eca9b6314b52e2b97d1dedca75e38d21b41cff14cbc8fe029e839.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\d2ae032262a8f1a87b7545ac6c7a93d17f5ba60d142dc09cea56fd367794cb02.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup36 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP036.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP035.TMP\y9416386.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\x2977053.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup11 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP011.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\x5291614.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\IXP024.TMP\x9660278.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup27 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP027.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP026.TMP\y1886631.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\7e66ce12cb717f604e25134c168ddcde4e271e6235f4b5233d875d10de68ef45.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\Desktop\2023-07-15\f99f8eb87369eca8dcb8c1ae4c964f39af5a2536bde56d95b67d65caa72a75e3.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup25 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP025.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP024.TMP\x9660278.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup34 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP034.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP033.TMP\x2060363.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5412 set thread context of 5796 | N/A | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe |
| PID 5376 set thread context of 1600 | N/A | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe |
| PID 3240 set thread context of 5664 | N/A | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe |
| PID 4508 set thread context of 5236 | N/A | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-3N7UC.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Config\is-VKQDH.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-NJSDR.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\RewSpacer714\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Config\is-FF6OS.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-ULV2E.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-Q5SBR.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-RLIAQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-S3GEV.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-V272C.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-OOQPT.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-J62M4.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-OQE2T.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\is-BDOTN.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-LCPAV.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-M8NR7.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-36PG0.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-KTVCF.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-BI6HV.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-JSL6Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-I44RF.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-F45KR.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-NH2ES.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-OTQ6C.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-IBLFD.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\is-3012H.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\is-7HFLD.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-DASIF.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-KF7A8.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-KQJQ8.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-63JGJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-EJ2H1.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-UN1HI.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Config\is-JTN3H.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Config\is-7N4LT.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-UE0TC.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-J12F3.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-CIAKS.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\RewSpacer714\RewSpacer714.exe | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-H693E.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\is-O8L0P.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-AQREJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-O65OJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-JBIDV.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-U0V8E.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\is-7C22Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Config\is-BBEB4.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-T93AI.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-KE169.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-4ATQM.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-2MQ8G.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\is-6S0Q7.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-H6IH1.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-OUAGF.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-A4VDO.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-SDFRC.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-BDE7K.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-7Q0HF.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-4RLRR.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-510F9.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-QCUJL.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-M4FGJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| File created | C:\Program Files (x86)\RewSpacer714\Skins\Blue\is-6AP11.tmp | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\e7393157.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\e7393157.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\e7393157.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\c:\xyx\rundl123.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | \??\c:\xyx\rundl123.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\2 = 4a00310000000000e3562c6510006f647400380009000400efbee3562c65e3562c652e000000d9ef0100000007000000000000000000000000000000de5c63006f0064007400000012000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "1350" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\2\MRUListEx = ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\0\0\1 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).x = "4294967295" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).y = "4294967295" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\3\MRUListEx = ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 02000000010000000300000000000000ffffffff | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = 03000000000000000200000001000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\0\0\0\1\MRUListEx = ffffffff | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).left = "550" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\3\NodeSlot = "17" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "66" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev = "0" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | N/A | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\e7393157.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\2023-07-15\f56e9c3379c3d9e10485aad4cf74e97dd4578b5f594a0ffa94da6e131faccc28.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\RewSpacer714\RewSpacer714.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\2023-07-15\8b6c0fc5b522a74102b87dc42c1fde82ff6783dd77bcb34801e946354b21122f.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\2023-07-15\8b6c0fc5b522a74102b87dc42c1fde82ff6783dd77bcb34801e946354b21122f.exe | N/A |
| N/A | N/A | \??\c:\xyx\rundl123.exe | N/A |
| N/A | N/A | \??\c:\xyx\rundl123.exe | N/A |
| N/A | N/A | \??\c:\xyx\rundl123.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\2023-07-15.zip
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\2023-07-15\" -spe -an -ai#7zMap93:78:7zEvent406
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd1e8e46f8,0x7ffd1e8e4708,0x7ffd1e8e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MalTester-2.0-master\" -spe -an -ai#7zMap4692:102:7zEvent24162
C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe
"C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Users\Admin\Desktop\2023-07-15\06fa25bf45ac966436327e2941921b0c5592810b08a9d9f7a7b02a5047fa7301.exe
06fa25bf45ac966436327e2941921b0c5592810b08a9d9f7a7b02a5047fa7301.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\y9203246.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\y9203246.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\y7389349.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\y7389349.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\k0794642.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\l3008907.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\l3008907.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2377580323699580327,17283865449961574941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4672 /prefetch:2
C:\Users\Admin\Desktop\2023-07-15\f25f6e9dcfd0c26519ea437ef7c7bbfb0072640b03868b1e450daaf63ccdfd4f.exe
"C:\Users\Admin\Desktop\2023-07-15\f25f6e9dcfd0c26519ea437ef7c7bbfb0072640b03868b1e450daaf63ccdfd4f.exe"
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\x6212548.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\x6212548.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\x6841492.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\x6841492.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\f5934149.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\f5934149.exe
C:\Users\Admin\Desktop\2023-07-15\f56e9c3379c3d9e10485aad4cf74e97dd4578b5f594a0ffa94da6e131faccc28.exe
"C:\Users\Admin\Desktop\2023-07-15\f56e9c3379c3d9e10485aad4cf74e97dd4578b5f594a0ffa94da6e131faccc28.exe"
C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7UT4I.tmp\is-L4NNF.tmp" /SL4 $60236 "C:\Users\Admin\Desktop\2023-07-15\f56e9c3379c3d9e10485aad4cf74e97dd4578b5f594a0ffa94da6e131faccc28.exe" 1461412 69120
C:\Users\Admin\Desktop\2023-07-15\f99f8eb87369eca8dcb8c1ae4c964f39af5a2536bde56d95b67d65caa72a75e3.exe
"C:\Users\Admin\Desktop\2023-07-15\f99f8eb87369eca8dcb8c1ae4c964f39af5a2536bde56d95b67d65caa72a75e3.exe"
C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\x8556293.exe
C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\x8556293.exe
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" helpmsg 14
C:\Program Files (x86)\RewSpacer714\RewSpacer714.exe
"C:\Program Files (x86)\RewSpacer714\RewSpacer714.exe"
C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\x7853339.exe
C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\x7853339.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\f1478350.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\f1478350.exe
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 helpmsg 14
C:\Users\Admin\Desktop\2023-07-15\f8008675eee8ef82dd1b56c2b400ab345f415ca32bdafec51bc50ed4550c10ea.exe
"C:\Users\Admin\Desktop\2023-07-15\f8008675eee8ef82dd1b56c2b400ab345f415ca32bdafec51bc50ed4550c10ea.exe"
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\x2977053.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\x2977053.exe
C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\x5291614.exe
C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\x5291614.exe
C:\Users\Admin\AppData\Local\Temp\IXP011.TMP\f6503608.exe
C:\Users\Admin\AppData\Local\Temp\IXP011.TMP\f6503608.exe
C:\Users\Admin\AppData\Roaming\{48cf2340-19df-11ee-a94e-806e6f6e6963}\xnEcXPm2KiS2D.exe
C:\Users\Admin\Desktop\2023-07-15\fc838e1a5e3f4ee801d8f9162ce93d36e8081ba32a85cc436229d5980942a6ae.exe
"C:\Users\Admin\Desktop\2023-07-15\fc838e1a5e3f4ee801d8f9162ce93d36e8081ba32a85cc436229d5980942a6ae.exe"
C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\v7064354.exe
C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\v7064354.exe
C:\Users\Admin\AppData\Local\Temp\IXP013.TMP\v4550162.exe
C:\Users\Admin\AppData\Local\Temp\IXP013.TMP\v4550162.exe
C:\Users\Admin\AppData\Local\Temp\IXP014.TMP\v6014456.exe
C:\Users\Admin\AppData\Local\Temp\IXP014.TMP\v6014456.exe
C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe
C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\a3970777.exe
C:\Users\Admin\Desktop\2023-07-15\ff3e22df306eca9b6314b52e2b97d1dedca75e38d21b41cff14cbc8fe029e839.exe
"C:\Users\Admin\Desktop\2023-07-15\ff3e22df306eca9b6314b52e2b97d1dedca75e38d21b41cff14cbc8fe029e839.exe"
C:\Users\Admin\AppData\Local\Temp\IXP016.TMP\x1762007.exe
C:\Users\Admin\AppData\Local\Temp\IXP016.TMP\x1762007.exe
C:\Users\Admin\AppData\Local\Temp\IXP017.TMP\x9359883.exe
C:\Users\Admin\AppData\Local\Temp\IXP017.TMP\x9359883.exe
C:\Users\Admin\AppData\Local\Temp\IXP018.TMP\f7670901.exe
C:\Users\Admin\AppData\Local\Temp\IXP018.TMP\f7670901.exe
C:\Users\Admin\Desktop\2023-07-15\d2ae032262a8f1a87b7545ac6c7a93d17f5ba60d142dc09cea56fd367794cb02.exe
"C:\Users\Admin\Desktop\2023-07-15\d2ae032262a8f1a87b7545ac6c7a93d17f5ba60d142dc09cea56fd367794cb02.exe"
C:\Users\Admin\AppData\Local\Temp\IXP019.TMP\v9941993.exe
C:\Users\Admin\AppData\Local\Temp\IXP019.TMP\v9941993.exe
C:\Users\Admin\AppData\Local\Temp\IXP020.TMP\v5108401.exe
C:\Users\Admin\AppData\Local\Temp\IXP020.TMP\v5108401.exe
C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\v9098000.exe
C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\v9098000.exe
C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe
C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\a0991154.exe
C:\Users\Admin\Desktop\2023-07-15\5c392e2a2961e96d305b3ed9af854e043f75ae80b219c612fbc6cd000399f7d6.exe
"C:\Users\Admin\Desktop\2023-07-15\5c392e2a2961e96d305b3ed9af854e043f75ae80b219c612fbc6cd000399f7d6.exe"
C:\Users\Admin\AppData\Local\Temp\IXP023.TMP\x4689687.exe
C:\Users\Admin\AppData\Local\Temp\IXP023.TMP\x4689687.exe
C:\Users\Admin\AppData\Local\Temp\IXP024.TMP\x9660278.exe
C:\Users\Admin\AppData\Local\Temp\IXP024.TMP\x9660278.exe
C:\Users\Admin\AppData\Local\Temp\IXP025.TMP\f4962868.exe
C:\Users\Admin\AppData\Local\Temp\IXP025.TMP\f4962868.exe
C:\Users\Admin\Desktop\2023-07-15\8b6c0fc5b522a74102b87dc42c1fde82ff6783dd77bcb34801e946354b21122f.exe
"C:\Users\Admin\Desktop\2023-07-15\8b6c0fc5b522a74102b87dc42c1fde82ff6783dd77bcb34801e946354b21122f.exe"
\??\c:\xyx\rundl123.exe
"c:\xyx\rundl123.exe"
C:\Users\Admin\Desktop\2023-07-15\8b3b326b5933fe0df56ed8222a43f436799de3caa14ed09125bdbc537d56eb86.exe
"C:\Users\Admin\Desktop\2023-07-15\8b3b326b5933fe0df56ed8222a43f436799de3caa14ed09125bdbc537d56eb86.exe"
C:\Users\Admin\AppData\Local\Temp\IXP026.TMP\y1886631.exe
C:\Users\Admin\AppData\Local\Temp\IXP026.TMP\y1886631.exe
C:\Users\Admin\AppData\Local\Temp\IXP027.TMP\y3825745.exe
C:\Users\Admin\AppData\Local\Temp\IXP027.TMP\y3825745.exe
C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe
C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\k3248676.exe
C:\Users\Admin\Desktop\2023-07-15\7f14f9058b9aca46b621012998441597fcc6cea96d95c8585b2e085fc12b282a.exe
"C:\Users\Admin\Desktop\2023-07-15\7f14f9058b9aca46b621012998441597fcc6cea96d95c8585b2e085fc12b282a.exe"
C:\Users\Admin\AppData\Local\Temp\IXP029.TMP\y4313616.exe
C:\Users\Admin\AppData\Local\Temp\IXP029.TMP\y4313616.exe
C:\Users\Admin\AppData\Local\Temp\IXP030.TMP\y8978427.exe
C:\Users\Admin\AppData\Local\Temp\IXP030.TMP\y8978427.exe
C:\Users\Admin\AppData\Local\Temp\IXP031.TMP\k2934424.exe
C:\Users\Admin\AppData\Local\Temp\IXP031.TMP\k2934424.exe
C:\Users\Admin\Desktop\2023-07-15\7e66ce12cb717f604e25134c168ddcde4e271e6235f4b5233d875d10de68ef45.exe
"C:\Users\Admin\Desktop\2023-07-15\7e66ce12cb717f604e25134c168ddcde4e271e6235f4b5233d875d10de68ef45.exe"
C:\Users\Admin\AppData\Local\Temp\IXP032.TMP\x9429950.exe
C:\Users\Admin\AppData\Local\Temp\IXP032.TMP\x9429950.exe
C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\b6138604.exe
C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\b6138604.exe
C:\Users\Admin\AppData\Local\Temp\IXP033.TMP\x2060363.exe
C:\Users\Admin\AppData\Local\Temp\IXP033.TMP\x2060363.exe
C:\Users\Admin\AppData\Local\Temp\IXP034.TMP\f5241043.exe
C:\Users\Admin\AppData\Local\Temp\IXP034.TMP\f5241043.exe
C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe
"C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe"
C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe
C:\Users\Admin\AppData\Local\Temp\IXP022.TMP\b2535753.exe
C:\Users\Admin\Desktop\2023-07-15\0e02bc2035e70151fd6ff41cd430a369188c063a8bf17b8e81ee55a6f5a612a5.exe
"C:\Users\Admin\Desktop\2023-07-15\0e02bc2035e70151fd6ff41cd430a369188c063a8bf17b8e81ee55a6f5a612a5.exe"
C:\Users\Admin\AppData\Local\Temp\IXP035.TMP\y9416386.exe
C:\Users\Admin\AppData\Local\Temp\IXP035.TMP\y9416386.exe
C:\Users\Admin\AppData\Local\Temp\IXP036.TMP\y9844077.exe
C:\Users\Admin\AppData\Local\Temp\IXP036.TMP\y9844077.exe
C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe
C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\k7357202.exe
C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\l2165870.exe
C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\l2165870.exe
C:\Users\Admin\AppData\Local\Temp\IXP014.TMP\c2698527.exe
C:\Users\Admin\AppData\Local\Temp\IXP014.TMP\c2698527.exe
C:\Users\Admin\AppData\Local\Temp\IXP031.TMP\l6857822.exe
C:\Users\Admin\AppData\Local\Temp\IXP031.TMP\l6857822.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5872 -ip 5872
C:\Users\Admin\Desktop\2023-07-15\ff3e22df306eca9b6314b52e2b97d1dedca75e38d21b41cff14cbc8fe029e839.exe
"C:\Users\Admin\Desktop\2023-07-15\ff3e22df306eca9b6314b52e2b97d1dedca75e38d21b41cff14cbc8fe029e839.exe"
C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\x1762007.exe
C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\x1762007.exe
C:\Users\Admin\AppData\Local\Temp\IXP038.TMP\x9359883.exe
C:\Users\Admin\AppData\Local\Temp\IXP038.TMP\x9359883.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 136
C:\Users\Admin\AppData\Local\Temp\IXP039.TMP\f7670901.exe
C:\Users\Admin\AppData\Local\Temp\IXP039.TMP\f7670901.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\IXP013.TMP\d9809524.exe
C:\Users\Admin\AppData\Local\Temp\IXP013.TMP\d9809524.exe
C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe
C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
"C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe"
C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\e7393157.exe
C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\e7393157.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "danke.exe" /P "Admin:N"&&CACLS "danke.exe" /P "Admin:R" /E&&echo Y|CACLS "..\3ec1f323b5" /P "Admin:N"&&CACLS "..\3ec1f323b5" /P "Admin:R" /E&&Exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "danke.exe" /P "Admin:N"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "RewSpacer714.exe" /f & erase "C:\Program Files (x86)\RewSpacer714\RewSpacer714.exe" & exit
C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\l2831548.exe
C:\Users\Admin\AppData\Local\Temp\IXP037.TMP\l2831548.exe
C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe
"C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "RewSpacer714.exe" /f
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\2bd214cc-e934-4e0e-8220-2f9c2a6f43f2" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\SysWOW64\cacls.exe
CACLS "danke.exe" /P "Admin:R" /E
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\3ec1f323b5" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\3ec1f323b5" /P "Admin:R" /E
C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe
"C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe
"C:\Users\Admin\Desktop\2023-07-15\6a9a99a1a7186ff8a18bda16208904a1408f534ed188cd053db9a4ce98f66642.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe
"C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe"
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe
"C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe"
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build3.exe
"C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build3.exe"
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\SystemID\PersonalID.txt
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe
"C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe"
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe
"C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe"
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build3.exe
"C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build3.exe"
C:\Users\Admin\Desktop\2023-07-15\f2ad63902e8caa11b83d3457c899b957b39891df52188830f6702376bd2783cb.exe
"C:\Users\Admin\Desktop\2023-07-15\f2ad63902e8caa11b83d3457c899b957b39891df52188830f6702376bd2783cb.exe"
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\Desktop\2023-07-15\c0b4b7b1183401644c556b5cc8e92c0f13970a370fca43635785f65f81e9a1d5.exe
"C:\Users\Admin\Desktop\2023-07-15\c0b4b7b1183401644c556b5cc8e92c0f13970a370fca43635785f65f81e9a1d5.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 1752 -ip 1752
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1752 -s 184
C:\Users\Admin\Desktop\2023-07-15\cc0f70f4c9b185dacf984c2f7f721d11ad293a7e2b654fbf26180e7ebfe54f81.exe
"C:\Users\Admin\Desktop\2023-07-15\cc0f70f4c9b185dacf984c2f7f721d11ad293a7e2b654fbf26180e7ebfe54f81.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 808
C:\Users\Admin\Desktop\2023-07-15\a5ccd3bdbd42202c5ffa0c8da8dcddd38064607b84b356e7015d22c06c865514.exe
"C:\Users\Admin\Desktop\2023-07-15\a5ccd3bdbd42202c5ffa0c8da8dcddd38064607b84b356e7015d22c06c865514.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 816
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 960
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 960
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1576
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1520
C:\Users\Admin\Desktop\2023-07-15\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe
"C:\Users\Admin\Desktop\2023-07-15\93682aac34f1d48553ff05d088f225210bad9e69ea3efb75da3371d096aa2fed.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5328 -ip 5328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1784
C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe
"C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe"
C:\Users\Admin\Desktop\2023-07-15\35822e68e8334cb47ca9cf01a80ec85047fbf6218298a4c4ee08b41b02bb9658.exe
"C:\Users\Admin\Desktop\2023-07-15\35822e68e8334cb47ca9cf01a80ec85047fbf6218298a4c4ee08b41b02bb9658.exe"
C:\Users\Admin\AppData\Local\Temp\Server.exe
"C:\Users\Admin\AppData\Local\Temp\Server.exe"
C:\Users\Admin\AppData\Local\Temp\Server.exe
"C:\Users\Admin\AppData\Local\Temp\Server.exe"
C:\Users\Admin\Desktop\2023-07-15\129c4c144e93fbc74c73e70d260ea088c238e2a6c6de24afd5da5c7cf693994e.exe
"C:\Users\Admin\Desktop\2023-07-15\129c4c144e93fbc74c73e70d260ea088c238e2a6c6de24afd5da5c7cf693994e.exe"
C:\Users\Admin\Desktop\2023-07-15\93cd731eed51206fecdd8256968f39f07ba9d95087570d076a355bcf2012394c.exe
"C:\Users\Admin\Desktop\2023-07-15\93cd731eed51206fecdd8256968f39f07ba9d95087570d076a355bcf2012394c.exe"
C:\Users\Admin\Desktop\2023-07-15\93cd731eed51206fecdd8256968f39f07ba9d95087570d076a355bcf2012394c.exe
"C:\Users\Admin\Desktop\2023-07-15\93cd731eed51206fecdd8256968f39f07ba9d95087570d076a355bcf2012394c.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 5496 -ip 5496
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 3896 -ip 3896
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5496 -s 1100
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3896 -s 1056
C:\Users\Admin\AppData\Roaming\server.exe
"C:\Users\Admin\AppData\Roaming\server.exe"
C:\Users\Admin\Desktop\2023-07-15\09a80b3870d5af6dfa77084e125e4def7cc12a449424d49186a7abd18c083a51.exe
"C:\Users\Admin\Desktop\2023-07-15\09a80b3870d5af6dfa77084e125e4def7cc12a449424d49186a7abd18c083a51.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe" "server.exe" ENABLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\KSBPoqJvKv.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\KSBPoqJvKv" /XML "C:\Users\Admin\AppData\Local\Temp\tmp1CE7.tmp"
C:\Users\Admin\Desktop\2023-07-15\a5ccd3bdbd42202c5ffa0c8da8dcddd38064607b84b356e7015d22c06c865514.exe
"C:\Users\Admin\Desktop\2023-07-15\a5ccd3bdbd42202c5ffa0c8da8dcddd38064607b84b356e7015d22c06c865514.exe"
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\xyx\rundl123.exe
"C:\xyx\rundl123.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd203146f8,0x7ffd20314708,0x7ffd20314718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8568 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x324
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13237452832871214607,11584537197221294305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
C:\Users\Admin\AppData\Local\Temp\3ec1f323b5\danke.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 95.101.74.90:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.113.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 95.101.74.28:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 95.101.74.28:443 | th.bing.com | tcp |
| NL | 95.101.74.28:443 | th.bing.com | tcp |
| NL | 95.101.74.28:443 | th.bing.com | tcp |
| NL | 95.101.74.28:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.2:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.112.4:443 | github.com | tcp |
| US | 140.82.112.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 4.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.6:443 | api.github.com | tcp |
| US | 140.82.113.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 140.82.112.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.238.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 95.101.74.111:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 111.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| NL | 45.12.253.56:80 | 45.12.253.56 | tcp |
| NL | 45.12.253.72:80 | 45.12.253.72 | tcp |
| NL | 45.12.253.75:80 | 45.12.253.75 | tcp |
| US | 8.8.8.8:53 | 56.253.12.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.253.12.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.253.12.45.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| HK | 45.207.9.4:1150 | tcp | |
| US | 8.8.8.8:53 | 4.9.207.45.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| HK | 45.207.9.4:1150 | tcp | |
| US | 8.8.8.8:53 | whois.pconline.com.cn | udp |
| CN | 121.14.45.19:80 | whois.pconline.com.cn | tcp |
| US | 8.8.8.8:53 | 19.45.14.121.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.3:80 | 77.91.68.3 | tcp |
| US | 8.8.8.8:53 | 3.68.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.217.0.162.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 101.15.18.104.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 209.78.101.95.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | colisumy.com | udp |
| US | 8.8.8.8:53 | zexeq.com | udp |
| RO | 62.217.232.10:80 | colisumy.com | tcp |
| HU | 84.224.64.169:80 | zexeq.com | tcp |
| HU | 84.224.64.169:80 | zexeq.com | tcp |
| US | 8.8.8.8:53 | 10.232.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.64.224.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 128.140.92.122:8081 | 128.140.92.122 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.92.140.128.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| FI | 77.91.124.31:80 | tcp | |
| US | 8.8.8.8:53 | 29.68.91.77.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.3:80 | 77.91.68.3 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| FI | 77.91.124.31:80 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 74.144.221.88.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| FI | 77.91.124.31:80 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.3:80 | 77.91.68.3 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 128.140.92.122:8081 | 128.140.92.122 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| NL | 173.222.113.107:80 | download.microsoft.com | tcp |
| NL | 173.222.113.107:443 | download.microsoft.com | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 107.113.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | Dfaiernewa21.com | udp |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| GB | 62.172.138.8:80 | geo.netsupportsoftware.com | tcp |
| GB | 62.172.138.8:80 | geo.netsupportsoftware.com | tcp |
| GB | 62.172.138.8:80 | geo.netsupportsoftware.com | tcp |
| DE | 185.212.44.49:1237 | Dfaiernewa21.com | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 8.138.172.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.44.212.185.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | tyfdfdfs.ddns.net | udp |
| EG | 41.237.177.231:5552 | tyfdfdfs.ddns.net | tcp |
| US | 8.8.8.8:53 | 231.177.237.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.124.67.191:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 191.67.124.3.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| US | 8.8.8.8:53 | 139.56.68.138.in-addr.arpa | udp |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.124.67.191:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 25.69.169.192.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FR | 147.135.165.22:17748 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 168.188.125.3.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.3:80 | 77.91.68.3 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| NL | 104.110.240.113:443 | www.bing.com | tcp |
| NL | 104.110.240.113:443 | www.bing.com | tcp |
| NL | 104.110.240.113:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 113.240.110.104.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 104.110.240.121:443 | r.bing.com | tcp |
| NL | 104.110.240.114:443 | r.bing.com | tcp |
| NL | 104.110.240.114:443 | r.bing.com | tcp |
| NL | 104.110.240.121:443 | r.bing.com | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 121.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.240.110.104.in-addr.arpa | udp |
| NL | 104.110.240.114:443 | r.bing.com | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | www.hitmanpro.com | udp |
| NL | 104.110.240.75:443 | www.hitmanpro.com | tcp |
| NL | 104.110.240.75:443 | www.hitmanpro.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 92.122.101.18:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.169.114:443 | cdn.cookielaw.org | tcp |
| US | 104.18.169.114:443 | cdn.cookielaw.org | tcp |
| US | 104.18.169.114:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | pricingapi.cleverbridge.com | udp |
| US | 104.18.28.38:443 | geolocation.onetrust.com | tcp |
| US | 104.16.242.229:443 | pricingapi.cleverbridge.com | tcp |
| US | 8.8.8.8:53 | 114.169.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| NL | 104.110.240.75:443 | www.hitmanpro.com | tcp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.241.14:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | scripts.demandbase.com | udp |
| US | 8.8.8.8:53 | siteimproveanalytics.com | udp |
| NL | 65.9.86.83:443 | scripts.demandbase.com | tcp |
| US | 8.8.8.8:53 | 38.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.242.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.241.247.162.in-addr.arpa | udp |
| US | 172.64.172.12:443 | siteimproveanalytics.com | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| GB | 18.172.153.74:443 | api.company-target.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.190.60.146:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | tag-logger.demandbase.com | udp |
| US | 8.8.8.8:53 | 6025286.global.siteimproveanalytics.io | udp |
| NL | 52.222.139.5:443 | tag-logger.demandbase.com | tcp |
| US | 35.174.221.234:443 | 6025286.global.siteimproveanalytics.io | tcp |
| US | 8.8.8.8:53 | 83.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.172.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.221.174.35.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 125.214.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 35.157.111.131:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 35.157.111.131:14936 | 7.tcp.eu.ngrok.io | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | www.sophos.com | udp |
| NL | 104.110.240.73:443 | www.sophos.com | tcp |
| NL | 104.110.240.73:443 | www.sophos.com | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | img03.en25.com | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| DE | 184.24.21.236:443 | img03.en25.com | tcp |
| DE | 184.24.21.236:443 | img03.en25.com | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | js.driftt.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | partners.tremorhub.com | udp |
| NL | 13.227.219.86:443 | js.driftt.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| US | 34.236.168.162:443 | partners.tremorhub.com | tcp |
| US | 8.8.8.8:53 | 236.21.24.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s1777052651.t.eloqua.com | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| NL | 192.29.202.14:443 | s1777052651.t.eloqua.com | tcp |
| NL | 192.29.202.14:443 | s1777052651.t.eloqua.com | tcp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| NL | 65.9.86.2:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | 162.168.236.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.202.29.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.86.9.65.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | metrics.api.drift.com | udp |
| US | 8.8.8.8:53 | conversation.api.drift.com | udp |
| US | 8.8.8.8:53 | customer.api.drift.com | udp |
| US | 8.8.8.8:53 | targeting.api.drift.com | udp |
| US | 8.8.8.8:53 | bootstrap.api.drift.com | udp |
| US | 34.193.113.164:443 | bootstrap.api.drift.com | tcp |
| GB | 18.172.153.74:443 | api.company-target.com | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 1037686-36.chat.api.drift.com | udp |
| US | 34.228.110.134:443 | 1037686-36.chat.api.drift.com | tcp |
| US | 8.8.8.8:53 | presence.api.drift.com | udp |
| US | 54.173.95.250:443 | presence.api.drift.com | tcp |
| US | 8.8.8.8:53 | event.api.drift.com | udp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 8.8.8.8:53 | flow.api.drift.com | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | 134.110.228.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.95.173.54.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | driftt.imgix.net | udp |
| NL | 199.232.150.208:443 | driftt.imgix.net | tcp |
| US | 8.8.8.8:53 | autocomplete.demandbase.com | udp |
| NL | 65.9.86.122:443 | autocomplete.demandbase.com | tcp |
| DE | 35.157.111.131:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 208.150.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.86.9.65.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 35.157.111.131:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 35.157.111.131:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 104.110.240.114:443 | r.bing.com | udp |
| NL | 104.110.240.185:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 185.240.110.104.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.67.15.169:14936 | 7.tcp.eu.ngrok.io | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| US | 8.8.8.8:53 | 169.15.67.3.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.67.15.169:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | fr.wikipedia.org | udp |
| US | 208.80.154.224:443 | fr.wikipedia.org | tcp |
| US | 208.80.154.224:443 | fr.wikipedia.org | tcp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| US | 8.8.8.8:53 | login.wikimedia.org | udp |
| US | 8.8.8.8:53 | meta.wikimedia.org | udp |
| US | 208.80.154.240:443 | upload.wikimedia.org | tcp |
| US | 208.80.154.240:443 | upload.wikimedia.org | tcp |
| US | 208.80.154.240:443 | upload.wikimedia.org | tcp |
| US | 208.80.154.240:443 | upload.wikimedia.org | tcp |
| US | 208.80.154.240:443 | upload.wikimedia.org | tcp |
| US | 208.80.154.240:443 | upload.wikimedia.org | tcp |
| US | 8.8.8.8:53 | 224.154.80.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.154.80.208.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.67.15.169:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| NL | 104.110.240.114:443 | r.bing.com | udp |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.67.15.169:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| NL | 104.110.240.185:443 | th.bing.com | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| NL | 95.101.21.11:443 | aefd.nelreports.net | tcp |
| DE | 3.67.15.169:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 11.21.101.95.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.67.15.169:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 3.67.15.169:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.126.224.214:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | 214.224.126.3.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.126.224.214:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 3.126.224.214:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.3:80 | 77.91.68.3 | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 3.126.224.214:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | emailgenerator.org | udp |
| US | 172.67.155.180:80 | emailgenerator.org | tcp |
| US | 172.67.155.180:80 | emailgenerator.org | tcp |
| US | 8.8.8.8:53 | www.emailgenerator.org | udp |
| US | 172.67.155.180:443 | www.emailgenerator.org | tcp |
| US | 172.67.155.180:443 | www.emailgenerator.org | udp |
| US | 8.8.8.8:53 | 180.155.67.172.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | selfishsnake.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 34.110.253.203:443 | selfishsnake.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.253.110.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| US | 18.65.39.115:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 18.65.39.115:443 | static.adsafeprotected.com | tcp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | 115.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 34.110.253.203:443 | selfishsnake.com | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.36.35:443 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-if-v6exp3-v4.metric.gstatic.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.162:443 | www.googletagservices.com | tcp |
| NL | 142.250.179.162:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | 156.124.96.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-if-v6exp3-v4.metric.gstatic.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.163:443 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-if-v6exp3-v4.metric.gstatic.com | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| NL | 142.251.36.35:443 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 142.251.163.120:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nz6.googlevideo.com | udp |
| NL | 74.125.100.202:443 | rr5---sn-5hne6nz6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 202.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.163.251.142.in-addr.arpa | udp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 142.251.163.120:443 | csi.gstatic.com | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| NL | 142.250.179.163:443 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-if-v6exp3-v4.metric.gstatic.com | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-850694-i2-v6exp3.v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-344398-i1-v6exp3.ds.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-850694-i1-v6exp3.ds.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-344398-i2-v6exp3.v4.metric.gstatic.com | udp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| NL | 142.251.39.114:443 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-850694-i1-v6exp3.ds.metric.gstatic.com | tcp |
| NL | 142.250.179.146:443 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-344398-i2-v6exp3.v4.metric.gstatic.com | tcp |
| NL | 142.251.39.114:443 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-850694-i1-v6exp3.ds.metric.gstatic.com | tcp |
| NL | 142.250.179.178:443 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-344398-i1-v6exp3.ds.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | 114.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.179.250.142.in-addr.arpa | udp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | p4-cvtt7yqfrf2o4-hk4bu6msvkvza62f-850694-s1-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-bsknnycm7mfu2-t3ekhlbi7gcrm5oj-344398-s1-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| DE | 3.125.188.168:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.68.56.232:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 232.56.68.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| DE | 3.68.56.232:14936 | 7.tcp.eu.ngrok.io | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 138.68.56.139:80 | 138.68.56.139 | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.68.56.232:14936 | 7.tcp.eu.ngrok.io | tcp |
| FR | 147.135.165.22:17748 | tcp | |
| DE | 3.68.56.232:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| FI | 77.91.68.56:19071 | tcp | |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| DE | 3.68.56.232:14936 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp | |
| US | 208.80.154.224:443 | login.wikimedia.org | tcp |
| US | 8.8.8.8:53 | remitancegp.duckdns.org | udp |
| US | 192.169.69.25:6790 | remitancegp.duckdns.org | tcp |
| FI | 77.91.68.56:19071 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f6f47b83c67fe32ee32811d6611d269c |
| SHA1 | b32353d1d0ed26e0dd5b5f1f402ffd41a105d025 |
| SHA256 | ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc |
| SHA512 | 6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d |
\??\pipe\LOCAL\crashpad_4672_UCZWWOCTCUVJFJAE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eac0679b8e4fed2e06df885b87562744 |
| SHA1 | bf9354f957de361acd5cf5a3f702e2ca0f0c79bd |
| SHA256 | f1e92d39fd6352a82c2badceaeb3b4f18c7a6182273ccf3785df8e4400569087 |
| SHA512 | 3a608672fd6cf25d6185e966c566f1e9d3bd3e8c7e81f2b2ebb3feb0ddc981cc0e6f41ffe7720ebb046de9baca79f212734ada8a1d97ca4bd71e5036564c9aa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\967aa00e-633d-42ec-9d07-f26eaad4ef35.tmp
| MD5 | f587bf7b0dd4f9bbed90c73bd81b5902 |
| SHA1 | f1e7611e2be3f1e245da519ef3aa4cb7cf551905 |
| SHA256 | 57221697c833afde6e01cbc133dd47182e5a40b287d0ebac1afd98cc1e413a2b |
| SHA512 | 282e22bad644abd637d06e0709e50263719a99bef57eff216f023f9f58f648d9f5eb6ca64d26186b00c539ac319e67bd41127d0b4c3037b2b0f9bea252741232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | efa306b72f6945894bf275a30e5e6896 |
| SHA1 | 0f8e5505618d852ab7d14a8542ede3bc9427cf96 |
| SHA256 | 870f2b2a4438fb42fd1dee44cfc0880dd154d6b90aab884ccf17b9def9c35f2d |
| SHA512 | e59b842560e7e62542e580d98d37b287c1aa46ca225565d4b0742515f0419959876d824a90b5ed097feccc2be8351dbb6b924dc6007565ae5d0a87d70f7753b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5544c64f2a8f49dabc19eb84267b1c9b |
| SHA1 | c5b78d63a8bab1c7b985f7ea2f268d0d7809071e |
| SHA256 | a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f |
| SHA512 | 38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3383de6e55d433b9ea307170c53b50d5 |
| SHA1 | 79c4c7e1ecf305459ffaff28eae6cd69f04d1d7b |
| SHA256 | 60b0412cdfe8715a64da764a4233c30f9a0cc31b342c5c4ccd80e96b1184ac32 |
| SHA512 | 034da5abc66d224119ab88c448236b668cc1f9b2fcbab77a425cff38e9438fa7c936f01927e88731f37b9a1b1643ddf9deeb5c1b6a8dfb6c9e979e53a96076a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0cdeb41d71dda4cce00cc71e5e6a3417 |
| SHA1 | 43630fd2aefa71918592bb9b339b575858057887 |
| SHA256 | 7eccf8fa7441453ef320f246261650be81eb159a25c812678b5b393bba8e6a2b |
| SHA512 | abdefa497055598086dc547a460d8853a5a9a0c2ab97c727e49e15d1a563b32f097b97be61505b4e69d57f6437edd24e9d709e40813e984fe2370b1bf8a3369a |
C:\Users\Admin\Downloads\Unconfirmed 402483.crdownload
| MD5 | 8e4e8e909d7e6946ce6945ba9dab6ffd |
| SHA1 | 54819df31a80f0b02e1ff770e83a0f602445b2e1 |
| SHA256 | ffe1da66575c55b2a0a64e53f30124ac43f69760062642a7458ac85ab127869d |
| SHA512 | f320bde24719f59ce7fc99fd51d9c4fb6c31508926848d967f0fb519f87bc0f81e3b3f0c837d00c8a46d8d5768c5783c49e173f4923f67c41e61cdb437c8fd9f |
C:\Users\Admin\Downloads\MalTester-2.0-master.zip
| MD5 | 8e4e8e909d7e6946ce6945ba9dab6ffd |
| SHA1 | 54819df31a80f0b02e1ff770e83a0f602445b2e1 |
| SHA256 | ffe1da66575c55b2a0a64e53f30124ac43f69760062642a7458ac85ab127869d |
| SHA512 | f320bde24719f59ce7fc99fd51d9c4fb6c31508926848d967f0fb519f87bc0f81e3b3f0c837d00c8a46d8d5768c5783c49e173f4923f67c41e61cdb437c8fd9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2bdbd21028fd173b2efc6edc277d29f3 |
| SHA1 | dab75544f857fb81afe207759acf4e41d110d1e8 |
| SHA256 | ba545873feb62155190fe95df5446dd01c2a04f1f28bb41a474b4fd9306cb737 |
| SHA512 | dcecf3478f47a942846aab1fff57ecb8c259f19e320f23c2fa31bfc32130174c2847c0111c5f5a3d13ac9552ac06cf6deded94d1d0f8208c5dff608a18ec3f49 |
C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe
| MD5 | e1606b69ee4e58966bc1d0b0db9c7d3c |
| SHA1 | b9b266a20187f4d3649395545b92b86ec4982ca4 |
| SHA256 | fe29a89f3cafdae3c78ba4b7eac1c98dcbf2b6077871e8149db8a815472fdd8f |
| SHA512 | 0eeb924f1ab337b6421c09e7bae5c702ecea54e3acb2f8a800354f5362dfb440a7cd510af71b0b4285fb6f8d4c37b2911f9817e172a072421a789fbe025bb31b |
C:\Users\Admin\Desktop\2023-07-15\MalTester2.exe
| MD5 | e1606b69ee4e58966bc1d0b0db9c7d3c |
| SHA1 | b9b266a20187f4d3649395545b92b86ec4982ca4 |
| SHA256 | fe29a89f3cafdae3c78ba4b7eac1c98dcbf2b6077871e8149db8a815472fdd8f |
| SHA512 | 0eeb924f1ab337b6421c09e7bae5c702ecea54e3acb2f8a800354f5362dfb440a7cd510af71b0b4285fb6f8d4c37b2911f9817e172a072421a789fbe025bb31b |
memory/2776-799-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-800-0x00007FFD3CDB0000-0x00007FFD3CE6E000-memory.dmp
memory/2776-801-0x00007FFD3C4A0000-0x00007FFD3C769000-memory.dmp
memory/2776-802-0x00007FFD3E750000-0x00007FFD3E945000-memory.dmp
memory/2776-803-0x00007FFD00030000-0x00007FFD00031000-memory.dmp
memory/2776-804-0x00007FFD3C4A0000-0x00007FFD3C769000-memory.dmp
memory/2776-805-0x00007FFD00000000-0x00007FFD00002000-memory.dmp
memory/2776-806-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-807-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-810-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-811-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-813-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-817-0x0000000180000000-0x0000000180017000-memory.dmp
memory/2776-815-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-824-0x000000001E000000-0x000000001E392000-memory.dmp
memory/2776-834-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-853-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-854-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-855-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-857-0x00007FFD3CDB0000-0x00007FFD3CE6E000-memory.dmp
memory/2776-858-0x00007FFD3E750000-0x00007FFD3E945000-memory.dmp
memory/2776-859-0x000000001D1A0000-0x000000001D1C1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5ad987662efa40d87212f6b8098733d1 |
| SHA1 | 97052586b3171f561d0ae55901d35efcfeea3618 |
| SHA256 | 8b9689d11723c56704a7107002946e69331a2e066f1fd047238e86e136a2ccde |
| SHA512 | eac5ce2ec16018651d5f2954a6fc0067c0bfc84522a9eafc6b488f883138f9118980cc2e487f783b88c5e6aa1613602ddf3d399aedee6c0e0804bc7c53ab35d1 |
memory/2776-875-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/2776-877-0x00007FFD3C4A0000-0x00007FFD3C769000-memory.dmp
C:\Users\Admin\Desktop\2023-07-15\03eb3ee05f268435324e7fb457b067a4c84506c7e30fc9e0776f3bb66f567317.dll
| MD5 | b2e023958e9d931b60f8963d3ba7bbd8 |
| SHA1 | 90f184d723a68e24732e2002612c60b16780cef9 |
| SHA256 | 03eb3ee05f268435324e7fb457b067a4c84506c7e30fc9e0776f3bb66f567317 |
| SHA512 | 363460fa040e04d870e39e28ed0d93aaa78cb74d1d53a16fbbd4163169b3ab4c3de6eb816f1d3e46d87c75f80f0c1cf437bf336c6ba2ab4621eef52c7a4347f1 |
C:\Users\Admin\Desktop\2023-07-15\062b460fe70e37e2b3ebf3a03073970d7b302dae6886c0124a74a7c899184f97.pdf
| MD5 | a7e4bb3759a2c1250824d363606f54fd |
| SHA1 | a95388f62553473e117659eadaaf6274b79b4da1 |
| SHA256 | 062b460fe70e37e2b3ebf3a03073970d7b302dae6886c0124a74a7c899184f97 |
| SHA512 | 81097deb477b1a6569fad996d7977422820fe65f31a38218ac0801cd63aa4789aada8ab5b65b404774fa2f6b00013d7157c6c636b2b4e4a743d67145b5389e4b |
C:\Users\Admin\Desktop\2023-07-15\06fa25bf45ac966436327e2941921b0c5592810b08a9d9f7a7b02a5047fa7301.exe
| MD5 | e3ef0c50c6708cb146c567c962ea8fa6 |
| SHA1 | 8d60b3273c73fb23816d6e3cf49c264fd667bcd6 |
| SHA256 | 06fa25bf45ac966436327e2941921b0c5592810b08a9d9f7a7b02a5047fa7301 |
| SHA512 | 4b5f2568e6494bed1510efaf841d4741122641e010cd907680e4b74ab8d7c78e92aa1698025701f5b6d2baee8612d6b19bf25b07352032ea6e5829cc2782842d |
C:\Users\Admin\Desktop\2023-07-15\09a80b3870d5af6dfa77084e125e4def7cc12a449424d49186a7abd18c083a51.exe
| MD5 | 1befbcbcd8f24344b834701d6f4a34c6 |
| SHA1 | 9fcaf1a3e5b981fd45342f25a58aca9af723aeb9 |
| SHA256 | 09a80b3870d5af6dfa77084e125e4def7cc12a449424d49186a7abd18c083a51 |
| SHA512 | 1c79ca3c34447b3d7291f52d82add536e82796aaa9ad1c95607433ea770f972951dcdb7601657656484e0c61ed2e455f9e7197e4c8038b05448c22b06fa6d26b |
C:\Users\Admin\Desktop\2023-07-15\3a72fc9f3393aca5c38f6760c73834037961903f36e357cfe8440ab068d51bcf.exe
| MD5 | 2384c97477cb7db734defbfcd57bff0d |
| SHA1 | b92549351e4cc19caed666f4d190dd48ef821e49 |
| SHA256 | 3a72fc9f3393aca5c38f6760c73834037961903f36e357cfe8440ab068d51bcf |
| SHA512 | 649aae39248a9833eff5159bb1ff7cd749f4d243c6a4dc3ca7fc7f2ec826fd0af38dd265c7c0ba653d44c494c7b66d17e3d6433333f99265c488a5bd3dfe298d |
C:\Users\Admin\Desktop\2023-07-15\3a0e00cd4624d8436b42d43e24ca4202c96d20ed6c032d64410eed824216b54c.elf
| MD5 | 54d36cac8fdd4ca192f68011d5019f6b |
| SHA1 | 1c8b27c4b51d6d53d7ff4e1b03125a8ea7881620 |
| SHA256 | 3a0e00cd4624d8436b42d43e24ca4202c96d20ed6c032d64410eed824216b54c |
| SHA512 | 4d7ccb19cee613246c3b67fdb4dfe9129982aad8503f0c88b7a174614abb7c639a87c35c82a7d6a4cd6ff4caaba4bd36262110758f38e7abd4a0b1cc93bfc007 |
C:\Users\Admin\Desktop\2023-07-15\39f61bb54268ac1f2907f2dd50b8890bd56527cb0685d0913fadb48814db3168.elf
| MD5 | a63bb1bc4a0d583201759456b68fd719 |
| SHA1 | 6f8707734d0821c60861f4f0033c5eb5347696b4 |
| SHA256 | 39f61bb54268ac1f2907f2dd50b8890bd56527cb0685d0913fadb48814db3168 |
| SHA512 | 68dab3a80702867eeda3f85818b9b87c0c3e054abc5a9c1c35d485595b607097cb52a066ca657fe5a1ad1bec2fa8391985a14413069711013570c5e3bcabc1f3 |
C:\Users\Admin\Desktop\2023-07-15\3838b3748057b6afbf57524ac258eb631442870eb9a4f793ee1cc70a0e8bddff.exe
| MD5 | de6202e4bd878897abf62dc97ff065a2 |
| SHA1 | 72d4e59e0701a320d55897172d6dadbe2bc84f67 |
| SHA256 | 3838b3748057b6afbf57524ac258eb631442870eb9a4f793ee1cc70a0e8bddff |
| SHA512 | 1148d4132eb5b3af66ac5f02d95cfb52fe23190242513a17a973d5ea079ba9f94405988136335ae7e6c28799e0e22f0628fa719f08918dde700b7376c8131482 |
C:\Users\Admin\Desktop\2023-07-15\36b37d50a6a7fafeda2ca38bbf88c73ac85f8b8913e389b24824b4af97dfd40e.exe
| MD5 | 06dd58af20da8523066a57966dee3d0d |
| SHA1 | 8843f556378d12a657009c48377bc7d2d44737fc |
| SHA256 | 36b37d50a6a7fafeda2ca38bbf88c73ac85f8b8913e389b24824b4af97dfd40e |
| SHA512 | c7ee327d2704bbbfaab187db2c6f8d95b89f3cad92ad0818e74f83282354e644f25718c93013944b1bef89e9b1367eab2c1b81cf85684ffb0a36b459b8fafe21 |
C:\Users\Admin\Desktop\2023-07-15\35dd5894cd34027def53441e870ff03c67ff0301b12b94cda712bacd70dee160.elf
| MD5 | d5514251434fa2af07fbc3798e4e9483 |
| SHA1 | 69e6bd2034faeeb6e0352038f0aa6cd27f630ecc |
| SHA256 | 35dd5894cd34027def53441e870ff03c67ff0301b12b94cda712bacd70dee160 |
| SHA512 | 5f01d332a26e2386ffda558639a368ba0b764ca0da20bb3fdcf06ff748b04ffa5d86b5e978510fac4c56f0e83e2c9ea14b2d602b5557a8c6b631df60bed11b55 |
C:\Users\Admin\Desktop\2023-07-15\35822e68e8334cb47ca9cf01a80ec85047fbf6218298a4c4ee08b41b02bb9658.exe
| MD5 | 131cc4da76d323e1792e458585a9161f |
| SHA1 | 2391bf26f9f880672a3469d8137fdd9c0daacd30 |
| SHA256 | 35822e68e8334cb47ca9cf01a80ec85047fbf6218298a4c4ee08b41b02bb9658 |
| SHA512 | 5c5b62217c04770f18e108b5623e0302329dceb28a695fe8bad316b9d8787aaa0dcf5f056bcc223d600aa45348c8e857e4bc48b56b878d3117e30afc64d0f1a4 |
C:\Users\Admin\Desktop\2023-07-15\34898928c7f591a9d4ff99b2472a8390e5d76e6b5f4013e515c4196497974a15.exe
| MD5 | b57b619a9b01a2f61df8e92fb902718e |
| SHA1 | ffdf4b062bd347d7e3d1f2aaf269911f750b67e4 |
| SHA256 | 34898928c7f591a9d4ff99b2472a8390e5d76e6b5f4013e515c4196497974a15 |
| SHA512 | d7ccfd94de6164729550204169dcb1fab1c895accfba43169b3c0a5ceae0774a85d977a235817ae81017c6358a780838245d0e793d0b0ddfafa63ab8cab40acb |
C:\Users\Admin\Desktop\2023-07-15\343654200c9db2a900567314c843bc6ed5e3cec03733e0b0c05d0f3d656a44ff.exe
| MD5 | 1a124274d3e7541658d99792c8f039ea |
| SHA1 | 2b4dbe0b0e2a5a88c6418e68b06a15b669955e1b |
| SHA256 | 343654200c9db2a900567314c843bc6ed5e3cec03733e0b0c05d0f3d656a44ff |
| SHA512 | c7606c020dccd36b8347c0a91fcd57d630f97033fa25deb1f3263398eabb94732f518a85e9fcee51015558201e2178afe87732759074e455cb0284ac5202ac7c |
C:\Users\Admin\Desktop\2023-07-15\339ca83fa250482aba6dcfeee8e5780adaa069eb67fc6f49907acd40fcf2a742.exe
| MD5 | 871fccd209afd016eac3f4b8ecf36864 |
| SHA1 | cb1faa8daef0e8259820aef196abae6fa47c63cd |
| SHA256 | 339ca83fa250482aba6dcfeee8e5780adaa069eb67fc6f49907acd40fcf2a742 |
| SHA512 | 2ed2c31f07297d05623e9aeed298dc931b432f5a4db0c5b1837298e85020b3127c0897a90c2b9f92cd3caedf2b1f67ec0bdc098c2e8a8a77f0a75b01cccb5fd5 |
C:\Users\Admin\Desktop\2023-07-15\30d7ad2ac73f27b333121e31d22949937dc62d122feb10ccb44ab0d24edd4e04.elf
| MD5 | d3b8af61dc11a65066bd60aac1d14400 |
| SHA1 | 0991f9629fb3a68f527e9dcc810465e338cd3987 |
| SHA256 | 30d7ad2ac73f27b333121e31d22949937dc62d122feb10ccb44ab0d24edd4e04 |
| SHA512 | fa604a1c4dd75d134e07aaecc2e8716366eee095cb54447acb2911a5a6d9bc55b82de7f097f363463e9814cd889776428bd0760461973be57af7307cd4062db3 |
C:\Users\Admin\Desktop\2023-07-15\2fc938491c21e70d94e8de8846ed3d9c32c333b868bd4e6345a28738c2524026.exe
| MD5 | 3bb3abaaf3c4eceded3899593f073ed2 |
| SHA1 | 579951776a28aaeabe643e5e306258e5f2880485 |
| SHA256 | 2fc938491c21e70d94e8de8846ed3d9c32c333b868bd4e6345a28738c2524026 |
| SHA512 | 7a6a08c4ec85b9ed86e943f7ad18a0d36026399db2c53a630f00a358015ed2ceb6fc9a27f98473022a61461b185eda1e1133ae775a0347ead24f213cff4ae70e |
C:\Users\Admin\Desktop\2023-07-15\2eddb9ad4d2a0464b190b9b45f70123de0d57bbb9a78069a6776c40fe3065e9b.msi
| MD5 | bf2daa80d913adb5079e3ef317ee94ae |
| SHA1 | 098e4b2683b7de3d4472c6e27fb45ac51b87146c |
| SHA256 | 2eddb9ad4d2a0464b190b9b45f70123de0d57bbb9a78069a6776c40fe3065e9b |
| SHA512 | 9a93e07614caf5dfb1c33cc0bcd2a72b10e98e7b91fd9b674e6fb09150ae9757b1e125ce957ee023ee94a16ccd0ffc362dd8869f8e3e48657b196e84216d407d |
C:\Users\Admin\Desktop\2023-07-15\2e9be9941bfa56dfbe3b93f05956d27b9ca13ee7d7cca9f0acafd0a0cf74f742.exe
| MD5 | 5a2a7a6d62e1834e2726f6ec40abf3b3 |
| SHA1 | 50223744d00088b6b717e06bbac655babe1c0b2d |
| SHA256 | 2e9be9941bfa56dfbe3b93f05956d27b9ca13ee7d7cca9f0acafd0a0cf74f742 |
| SHA512 | 29f97b8a1d9d12cff2da4b41c35991b058a7220cec78eb8aea48448dc30591c6e50792821c88d6927d039a7093b296dc4f8e9716ed9adc7cd2d9dba330daf3fd |
C:\Users\Admin\Desktop\2023-07-15\2d6bb4984408560ea6d9a08036984d102e5304627cbcf8cc5bc8ecc1bf4a3c2b.elf
| MD5 | 6b3bfe53e6b4ee7461500b80bd5e8aba |
| SHA1 | a4fd8f79a1ac5ff92aba4fe664334ae595ff359d |
| SHA256 | 2d6bb4984408560ea6d9a08036984d102e5304627cbcf8cc5bc8ecc1bf4a3c2b |
| SHA512 | 4473b7168a3a6d5ea9bcb11fd53b528cc0a77e9a2491495e6368791bb1665e5d1e5a7e3ca4e5acad409fc4a478172f6509f4d617b971412f6aec9ca81aa428e9 |
C:\Users\Admin\Desktop\2023-07-15\2abe0fecc0a8b88610b508c3cc81991b498a53860585a85af1334c2799fe2b53.exe
| MD5 | 0b78cf77b51add1e796e907ab8b2fd46 |
| SHA1 | bd19941e783c723d60cd4c8296ddfee48d6753f2 |
| SHA256 | 2abe0fecc0a8b88610b508c3cc81991b498a53860585a85af1334c2799fe2b53 |
| SHA512 | 089dd35fdab187ead68f8e7f447d40476f5f7b50311a397016eafcaa66c2e2bffd12bd41b59355ec7c8f7ee6bfd380da1cd29d3e350892bd7118397345cd9722 |
C:\Users\Admin\Desktop\2023-07-15\28a49c600d6fb71e806482145c1c84070eb1da0e621211792a8bf8a2a6bc047c.exe
| MD5 | 88a61c0bd35a5c2a1b3a44845acc60b5 |
| SHA1 | cc179931fe117eab845fb06c45f44c9c7cab031f |
| SHA256 | 28a49c600d6fb71e806482145c1c84070eb1da0e621211792a8bf8a2a6bc047c |
| SHA512 | 9c2f8814920a183ea5979236e6594956371f1aa39684dc387af4c1ef48018a173d83ff9960c70f94af1d8aa2ea86cd70290723ca8286d8073a7493cfdca38fbb |
C:\Users\Admin\Desktop\2023-07-15\2748995dd79da265db6a23c20365943d3c3632fde874ad56c49915150bd01043.exe
| MD5 | dc4af13653424361c3cf615cdfff3afa |
| SHA1 | 1194c7654ecd0056e3c87ed9223d62f4380d52c6 |
| SHA256 | 2748995dd79da265db6a23c20365943d3c3632fde874ad56c49915150bd01043 |
| SHA512 | 850e180167cf3c430d3c5a8ed0ab7d261f368476eb7bef565e106da47e4d3ebc00d452f49f4aa670d065da167ec589a23305becc70323148caec2e719727c684 |
C:\Users\Admin\Desktop\2023-07-15\26a5d623f91c10a0c087eded6e2327bc9656916ff9c28f7e09c6775ac03fc74b.exe
| MD5 | ff0a9828a4057cb1c91f5f6d4fdc49c0 |
| SHA1 | 38e3ef2507520010b92aa6bf9cb3102a3b66a9bf |
| SHA256 | 26a5d623f91c10a0c087eded6e2327bc9656916ff9c28f7e09c6775ac03fc74b |
| SHA512 | fd369cbec358131735c3c0bef9591ca73a04537cc731d85089a182378d068d6ac7e67d9ff6b7c9ff1649e36b757db9722958ea09d2204709a3d0d1d35b5c6a02 |
C:\Users\Admin\Desktop\2023-07-15\2545c609ccb1017905021f389a11263b934bc58e4591c52a50c5840c4da798cc.elf
| MD5 | f4908c5177c8aac10b09e32a3cfa0593 |
| SHA1 | 33827d132e1901aee3951ca536fc8437dfea8706 |
| SHA256 | 2545c609ccb1017905021f389a11263b934bc58e4591c52a50c5840c4da798cc |
| SHA512 | 96ec68033401c7ff493360bc70471b63c364232a3b1c604ee60fe08bc972c4ca1b46ab542125d5df5e0a93edd35bd3c1640df2a5c8f6a16f2f29103f6e6152d3 |
C:\Users\Admin\Desktop\2023-07-15\24ab3142b0d486ac95fecfdafbdec4a55fab644cc846f1ef0ee5cff99815060b.exe
| MD5 | 739091de71c6674a92a21e9cd6448f2b |
| SHA1 | 597e2377589846c1668c65c415ba19d8242802b9 |
| SHA256 | 24ab3142b0d486ac95fecfdafbdec4a55fab644cc846f1ef0ee5cff99815060b |
| SHA512 | 4b89fae06db5e01c8244c10308c14af92b8a0bba73e8541c4b45f187bf466cb54bb95be1a312a5983afb597409cd3f607bcb45a14290907408d19aecaf90738f |
C:\Users\Admin\Desktop\2023-07-15\241436ab1c6295c599571b0982dda15b2d965f7c4670780167047f58edaa618e.elf
| MD5 | ef6365c300b824d7ea2663ab628cbad7 |
| SHA1 | 6376f21b1263373c8fa760d537c1842009aacc48 |
| SHA256 | 241436ab1c6295c599571b0982dda15b2d965f7c4670780167047f58edaa618e |
| SHA512 | 9ea4a83b7bd508035327e05856200256c963289567f41ede8d1a9f26b0e0fefd122083242659ded1021394388215149d1a4b448c90f16d789bd85e8f09864dcc |
C:\Users\Admin\Desktop\2023-07-15\224b7b26c1497adca4d5d55c997bbf9bb1f3dd2581601586ce9aea287153596c.exe
| MD5 | 0a770a5612eaec3b511bd7d1923f52bf |
| SHA1 | 8886e0bb2e3f1eeb6977af0cebd76e4d92c7ea72 |
| SHA256 | 224b7b26c1497adca4d5d55c997bbf9bb1f3dd2581601586ce9aea287153596c |
| SHA512 | a247284f0bc353a9dc3ef40479587636e2a4dd018ff5f933afc795e99ce888880cc0383e5f4ec7e7700865c259c2b5eeef28e69ca03b7e41f8f50b5fdd448cbb |
C:\Users\Admin\Desktop\2023-07-15\223c6b10a1be237146346e413a48fdb42e9daa605a574ea5b820882199163156.exe
| MD5 | 1c8d25d3c68d2d7b1ec9eb38162f20c3 |
| SHA1 | 564c22c9ff3d207a721fa02577a4eb60b9dc5d79 |
| SHA256 | 223c6b10a1be237146346e413a48fdb42e9daa605a574ea5b820882199163156 |
| SHA512 | 14a7178e2956745cff44677f685a9e333fe07a2f8e60f1d2e72ff4ccf65463c02c3b643d9c15a8093160a6c7a67ff819f8eac3e0a94c5bb53c1b2c23e6899c2c |
C:\Users\Admin\Desktop\2023-07-15\2212f90549226b12ea3f904b203aa9d2b401d5c36e38aaa84590b19e72c35515.elf
| MD5 | 8832e8e1f79e5176f78c5c361bb9729c |
| SHA1 | ecee02a9b14b0fddc8a8109064fa7c86a9c49835 |
| SHA256 | 2212f90549226b12ea3f904b203aa9d2b401d5c36e38aaa84590b19e72c35515 |
| SHA512 | 1ef65189c3399b29c9f5fc21b86594e945f174c69a64e7f753d13638ebe8a69db998857e8845ae12d1a6f74fe10b04fcc176c4886a985586c1a4c6cd46460a8a |
C:\Users\Admin\Desktop\2023-07-15\1f22cc9d2af57339c0ab4e4732f399e5959b3dfbb887e2abc7758d23a15365ca.exe
| MD5 | e2cf44f4b32e406e6a9eb72f8205f0d3 |
| SHA1 | f504821bd2c5df13231c1b731f555e26c562a936 |
| SHA256 | 1f22cc9d2af57339c0ab4e4732f399e5959b3dfbb887e2abc7758d23a15365ca |
| SHA512 | d4e6497cf2b705d513d8d8e873c2838a27a5c01813661200e164d1269279f528abd4bc403f71b0049369176fa4ec1f4ccd0618a3956288ac3b3591ee8b784465 |
C:\Users\Admin\Desktop\2023-07-15\1efc35be01df7d6b35bff6faf16867d16bf8f0b8eef5e1467af14f09ec7c47ea.exe
| MD5 | 291bd504ef0c56e4e5afafb74e7e245f |
| SHA1 | 39250ba3840d98c152040c5504d51274a54afe16 |
| SHA256 | 1efc35be01df7d6b35bff6faf16867d16bf8f0b8eef5e1467af14f09ec7c47ea |
| SHA512 | 1f972d23a02ec8cf8c912e7063e7e465202ad07df063d4346196c257cd7daf2afc206ba4366270a716532898b5b4b0f00689a78d2d60fff7fedfe7a8aeedfc81 |
C:\Users\Admin\Desktop\2023-07-15\1cdd7c76746f3ea695aaa39f2420e71638cdf6c0d05aa187f0a4d2d1eb23eb27.exe
| MD5 | 7565de937291fdf2f686f518f1b16fa5 |
| SHA1 | f70e13819951f4abb172fa7e20321871c5dfc828 |
| SHA256 | 1cdd7c76746f3ea695aaa39f2420e71638cdf6c0d05aa187f0a4d2d1eb23eb27 |
| SHA512 | 1360e65810220c5c7b9034bc503ba8053b4a58518bb6a7cdb226fc1d3d8c57c46322cecdf2e77e8d38b434555968aa31ce18c97dbbe8f8c8844203a419c50972 |
C:\Users\Admin\Desktop\2023-07-15\1c1b7b481b545be25c3c4257d32d78d36d01af819143c3a6fbfafad8ba9829d7.exe
| MD5 | 2bd8ce3f336859a8a76bc36b571e55ed |
| SHA1 | a5a1a7da1ae620eb0bfe9a30aef18f78421fd956 |
| SHA256 | 1c1b7b481b545be25c3c4257d32d78d36d01af819143c3a6fbfafad8ba9829d7 |
| SHA512 | 8dc87c2fcf1ed43a28dfbf7c76795497ff07629018e93e83c9e0793c979fc4282fff5892a33b4e0313dc5f9615ceb4c74112b25ce6ccf7c2acb9a878aa913365 |
C:\Users\Admin\Desktop\2023-07-15\1a49e44c5b359bc89e4bf9f20620f6b1b20034c66476e9eb8bbb27909123b7ba.elf
| MD5 | 164d66ee62c2954d5d329d1b8d503f70 |
| SHA1 | ed995ca94d98d2aa0679c7446f258bafa22ef778 |
| SHA256 | 1a49e44c5b359bc89e4bf9f20620f6b1b20034c66476e9eb8bbb27909123b7ba |
| SHA512 | 5d412c1e77818f4366162b993f74615b33fb27e1618a818061045e6d6aab7288760ecdba0b839fadbb99912437247a9b7eff4bcd1a8f21aecc758b975ccccac1 |
C:\Users\Admin\Desktop\2023-07-15\19b389b0ab35c43e6c9331ca34eefdae65972a5cbe4baa0cf1e70ccc31e5b236.exe
| MD5 | a5b4436993909e210d1e1cc662a37f43 |
| SHA1 | ead806c4ae1bf62ba7ffe660370ca75979926b91 |
| SHA256 | 19b389b0ab35c43e6c9331ca34eefdae65972a5cbe4baa0cf1e70ccc31e5b236 |
| SHA512 | 581d824f5a9020d363e7609ad5a0fe35ac06c69b2ddd4b02959d2e375c5fc6c1393ec2b8fecfffa95baaa810a54f6c33544830e03821a72e7d0e157924332972 |
C:\Users\Admin\Desktop\2023-07-15\1769956679948e0bff3a2aeaac5ee6fc544cedeedf7097e871950437f15eca5c.exe
| MD5 | ed6ebe102f42d37c47aedab1c6b2224e |
| SHA1 | d53cfe34b3b6c11ab0ad81da0e71663b78ea613b |
| SHA256 | 1769956679948e0bff3a2aeaac5ee6fc544cedeedf7097e871950437f15eca5c |
| SHA512 | 5e8c686c4d3f367604cfe42da247012ff0d7e595b5f16e0c8cad5c88745963953d86e2de1878b80aa8f2768bc5a7179100c578df2c266d765948cd7805dc7a34 |
C:\Users\Admin\Desktop\2023-07-15\149362dbc7d16e9cc94572978fce59b9564ff1ee564bb1b61da5e1a45b98e876.elf
| MD5 | 3078f29682af8e258078592f0ae44528 |
| SHA1 | a824e26696221b697e430f6a7a9bf9d2657d34e7 |
| SHA256 | 149362dbc7d16e9cc94572978fce59b9564ff1ee564bb1b61da5e1a45b98e876 |
| SHA512 | 6f9268a814a89b2d3fc3e5148da3adf0881631c66414cb5e85ee5a846e7612d783725bd1e37eb59d5c797d68fe1d8a089b38617fc8726ec8b7f032c82419d788 |
C:\Users\Admin\Desktop\2023-07-15\129c4c144e93fbc74c73e70d260ea088c238e2a6c6de24afd5da5c7cf693994e.exe
| MD5 | acdcd0e846c7f1458c8e24336ed33bd0 |
| SHA1 | 4133703ca1409916ce76731b66447d5b46dffaed |
| SHA256 | 129c4c144e93fbc74c73e70d260ea088c238e2a6c6de24afd5da5c7cf693994e |
| SHA512 | 82422acb85365dc2323688448ff812dc1d47f0dd260d1502971744bfcf2c5b2a5cffd045c777c602d66d091b48326b02ff6d983fec32aefd8f450c50c3c558e2 |
C:\Users\Admin\Desktop\2023-07-15\12824fea2ff92802e5d983b7c99c3e94ffcbd6712dc8e24f1d72e36db73ca023.exe
| MD5 | 3cd42c1fb7030a447294068d1915a825 |
| SHA1 | f24328dd0c386b509aaafb1914d80cbb1be7d7c8 |
| SHA256 | 12824fea2ff92802e5d983b7c99c3e94ffcbd6712dc8e24f1d72e36db73ca023 |
| SHA512 | 15fbda9eb18b6ec483d6ae91d8806fba44c9924c9000bd3ea25382dc8e24e5b9db860021d65a301399f7fc97c10df36af3c1c757ec309315102f6ef400e21acd |
C:\Users\Admin\Desktop\2023-07-15\0e02bc2035e70151fd6ff41cd430a369188c063a8bf17b8e81ee55a6f5a612a5.exe
| MD5 | 5f9868f8f5d9543a2026cf1976774a86 |
| SHA1 | b7d159ac3df1fdf81cbf07b46104c814499bf38b |
| SHA256 | 0e02bc2035e70151fd6ff41cd430a369188c063a8bf17b8e81ee55a6f5a612a5 |
| SHA512 | 949604521186ce0da94749fcb5b192b5ec64716445b152205486435645059d697d2defc0f7191cb10a91a86b52d3cd6b7d9208b6732611f8ffe689ba75f2c261 |
C:\Users\Admin\Desktop\2023-07-15\0af720cebd22dd81eb2d8ad327d65c9bd4bdb7b7f3c50c400f270e7c19af5f19.exe
| MD5 | 67a90f4a4bce7dce31f34e172728f717 |
| SHA1 | 7594b687b020fe1487d25c347336106201106437 |
| SHA256 | 0af720cebd22dd81eb2d8ad327d65c9bd4bdb7b7f3c50c400f270e7c19af5f19 |
| SHA512 | 8b5bcfba556eb3e8f4a89224ec9483f76a3e5a9b322bbc593942bfe5fde01bb83bb4eb37e0d573fc04ccb44674ab150a57d0092a8634fe8fc4ca2520ec179045 |
C:\Users\Admin\Desktop\2023-07-15\0a5d1e1baa7798784b0dfc771acde2696ce291c1c8c08eaf1bd05378d1a4e456.elf
| MD5 | 816801fca5186bdc2c41972d414d2898 |
| SHA1 | aedbd400689cb5690386ec689c8defc8cea6995f |
| SHA256 | 0a5d1e1baa7798784b0dfc771acde2696ce291c1c8c08eaf1bd05378d1a4e456 |
| SHA512 | 3ea7e9ac4ccd9e23052de358d1d58ee6fa846037ed69e87cfcf0634e8d311bff118b80bce027f0f6b991d94d3a173aae5bc236f505280d177fa34ac513756cae |
memory/2776-925-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/1668-951-0x0000000000400000-0x000000000044E000-memory.dmp
memory/1668-950-0x0000000001F30000-0x0000000001F6E000-memory.dmp
memory/1668-957-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/1668-958-0x0000000001F30000-0x0000000001F6E000-memory.dmp
memory/1668-959-0x0000000002500000-0x0000000002501000-memory.dmp
memory/2776-960-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/1668-961-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/1668-964-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/5112-967-0x00000000005C0000-0x000000000064C000-memory.dmp
memory/5112-966-0x0000000000400000-0x000000000047F000-memory.dmp
memory/5112-973-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/5112-974-0x00000000005C0000-0x000000000064C000-memory.dmp
memory/5112-976-0x0000000008520000-0x0000000008B38000-memory.dmp
memory/5112-977-0x0000000007F50000-0x000000000805A000-memory.dmp
memory/5112-978-0x0000000006C80000-0x0000000006C90000-memory.dmp
memory/5112-979-0x0000000008080000-0x0000000008092000-memory.dmp
memory/5112-980-0x00000000080A0000-0x00000000080DC000-memory.dmp
memory/2776-981-0x00007FF6B1EE0000-0x00007FF6B4D68000-memory.dmp
memory/5112-984-0x0000000000400000-0x000000000047F000-memory.dmp
memory/5112-985-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/5112-986-0x0000000006C80000-0x0000000006C90000-memory.dmp
memory/4600-1006-0x0000000002020000-0x00000000020AC000-memory.dmp
memory/4600-1007-0x0000000000400000-0x000000000047F000-memory.dmp
memory/4600-1013-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/4600-1014-0x0000000002020000-0x00000000020AC000-memory.dmp
memory/4432-1017-0x0000000000400000-0x0000000000417000-memory.dmp
memory/4652-1029-0x0000000002100000-0x0000000002101000-memory.dmp
memory/4600-1030-0x0000000006D20000-0x0000000006D30000-memory.dmp
C:\Program Files (x86)\RewSpacer714\readme.txt
| MD5 | ce494d2d223aed950fea67f657d3fa3e |
| SHA1 | 97a19c02487c41e3a079cd6764afffeb5e838b26 |
| SHA256 | c8fa111c5b9537e3b6cab9ba763e164e27fa469f2232b82a54b206a7d892b9e9 |
| SHA512 | 687bf3bd7de28dc45ea622672dc59d7e45d9ce83530a7db6462447ea247a9bde061738c454e09b48531aab9cce802c8491aa730e4da65e63daf31c65ffc39fe1 |
C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\i2976642.exe
| MD5 | 09c7a2b7bef95d5087cffc6953055d0a |
| SHA1 | 00e0c74272555ef2f4350d0c581c845c0683ad6d |
| SHA256 | ddaa953af210dcfcb5020fc61786f8626afcc10ada97506ac28d879dbe5f69e1 |
| SHA512 | d0100c2d8560efd0e633d6b19efc65db58841fd778b0e01f63c6caffa142100520887e6f6625c5fcae8ac4fb99b7570548b3ae22ba3f4b2941e40a357aff9c93 |
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\g7591861.exe
| MD5 | 8c6b79ec436d7cf6950a804c1ec7d3e9 |
| SHA1 | 4a589d5605d8ef785fdc78b0bf64e769e3a21ad6 |
| SHA256 | 4e1377f9874f333dcb0b1b758e3131949e667fc39aadf3091e4e3b7cdbaeef1d |
| SHA512 | 06f2de433876963bb7bbddbe93cab0b7dd22164d1c10726294445944dcf5fa4a0fb450fc683c32565177a81a6103f6a5f11d291958bc7fcff7fdb9cf41a001ce |
memory/5092-1220-0x0000000000400000-0x000000000148F000-memory.dmp
memory/4936-1223-0x0000000000400000-0x000000000047F000-memory.dmp
memory/4936-1228-0x00000000005D0000-0x000000000065C000-memory.dmp
memory/4936-1238-0x0000000074790000-0x0000000074F40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\h3672457.exe
| MD5 | 7e93bacbbc33e6652e147e7fe07572a0 |
| SHA1 | 421a7167da01c8da4dc4d5234ca3dd84e319e762 |
| SHA256 | 850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38 |
| SHA512 | 250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91 |
memory/4936-1256-0x0000000006B50000-0x0000000006B60000-memory.dmp
memory/4600-1257-0x0000000000400000-0x000000000047F000-memory.dmp
memory/1700-1259-0x0000000000400000-0x000000000047F000-memory.dmp
memory/1700-1267-0x0000000002000000-0x000000000208C000-memory.dmp
memory/4600-1268-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/1700-1269-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/4432-1288-0x0000000000400000-0x0000000000417000-memory.dmp
memory/4652-1292-0x0000000002100000-0x0000000002101000-memory.dmp
memory/1700-1317-0x0000000006CB0000-0x0000000006CC0000-memory.dmp
memory/3856-1319-0x0000000000400000-0x000000000042E000-memory.dmp
memory/4600-1321-0x0000000006D20000-0x0000000006D30000-memory.dmp
memory/5092-1323-0x0000000000400000-0x000000000148F000-memory.dmp
memory/3856-1324-0x0000000000430000-0x000000000043A000-memory.dmp
memory/3856-1326-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/4472-1330-0x0000000000400000-0x000000000047F000-memory.dmp
memory/4472-1333-0x0000000002020000-0x00000000020AC000-memory.dmp
memory/4936-1334-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/4472-1335-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/4936-1341-0x0000000006B50000-0x0000000006B60000-memory.dmp
memory/4472-1347-0x0000000006D30000-0x0000000006D40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP021.TMP\c9331399.exe
| MD5 | 96fbcfa061fb8f37f03aadac1ada8b3a |
| SHA1 | 5560302ff9a72063a37d62dc0f9a0b0d51fe70ab |
| SHA256 | 6a37494e388428cd63c83b271db0cc730af9f7fa322e96b9f07e94327d7bd2d6 |
| SHA512 | 95a7631a63df2fcf94a65910ed3c208ed14ec90872408be00bd95ce80941131eca757db98cea533265ed552b8c50f5c301e6d9283ce263b11390a576be53365f |
memory/3488-1371-0x0000000001F50000-0x0000000001F8E000-memory.dmp
memory/1700-1372-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/3488-1373-0x0000000000400000-0x000000000044E000-memory.dmp
memory/3488-1375-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/1700-1378-0x0000000006CB0000-0x0000000006CC0000-memory.dmp
memory/3856-1394-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/5204-1398-0x0000000000400000-0x000000000047E000-memory.dmp
memory/5204-1404-0x00000000005D0000-0x000000000065C000-memory.dmp
memory/5204-1405-0x0000000074790000-0x0000000074F40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1Y0EG8YX\dll[1].htm
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
memory/4472-1409-0x0000000074790000-0x0000000074F40000-memory.dmp
memory/5204-1410-0x0000000002280000-0x0000000002290000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP031.TMP\k2934424.exe
| MD5 | 3abffec7a9d624610b5f82e8b9db12f6 |
| SHA1 | 078871a1b046e38effbddbe5031cd8422c9e6049 |
| SHA256 | d9cf45d86ca5fbf4dc7966cceca86beb73034f56a09fd19e9455ef45d12ff66d |
| SHA512 | 8034405fd6da7cef6131c8a3ae0f69ce4c23953576ab5402680014d7c6b5f4b69fede92294142aa85d191d43ca2206a04ea81884e645565ed545d7a130ce023a |
C:\Users\Admin\AppData\Local\Temp\IXP028.TMP\l2165870.exe
| MD5 | c17b26498ce24b93db974c0e7cbd1fb7 |
| SHA1 | 55c64e4fefea5684bd8fb952bf6b427757d58e39 |
| SHA256 | 742e13313ae8665432ea86be99830f92e6a902d48f7d0a564e07049c7cd69854 |
| SHA512 | 6661a89c837d743667b8aac645d4e83dd05627c99d4b7a24a8f03de86306191686a43d72cc70a52ed2c18803d4473c73da55d3d1de9b9a10039dcf8aa91d4a4c |
C:\Users\Admin\AppData\Local\Temp\IXP015.TMP\x1762007.exe
| MD5 | f6df16bae2871aedc79c6565e0f37ef5 |
| SHA1 | 574525b48efc7d990a22bfe6eeb3c0f976bdf418 |
| SHA256 | 8555d6839089d414ce5929ce2f95cca072e97bc63afaedcf14ea770d6e3b3c34 |
| SHA512 | fe81b831b5c3972bf98e0ae7c3d8d30637939a9c79a5f018e754813ca7fd9dbc78e856f1309cfb36cbc63cf0f11e2990bbdb2592e6d1d9fb18b3e666405f3673 |
C:\Users\Admin\AppData\Local\Temp\IXP038.TMP\x9359883.exe
| MD5 | 8f7db7f8e0cf00797facef0f0bfdf1cd |
| SHA1 | f451bce9b4d7731c46a34e746448fff0dc21ae11 |
| SHA256 | d211b0a63efd1e2f06e53705dbf60586255c9c6d30fc7fd6a33588720c4d64dd |
| SHA512 | b0e3d8481900ff9a849d44abc8b3bc78ebb5c204a68bfadcbf496513a966c9200c3ade442ddf1dee97e59b7a6a8c9196c9946c1800ff5d0ce0fdc570368f4b0a |
C:\Users\Admin\AppData\Local\Temp\IXP039.TMP\f7670901.exe
| MD5 | cc00bc38e5b879a9e8e6deafcfeb0b4c |
| SHA1 | 7c48d43e05fc45c346942262dc3ba51f40d56730 |
| SHA256 | b96d778f0878f7e31a9c3a8aec174ec2d32425ada7492a7a0288d6b4a0f6cfa2 |
| SHA512 | 3a6c18a4b08f96121871f9fb0fddef0a326c187a528357d3800a1de7c5308024cd15b00229f04d147b909e3c702d71a1e5e20aca9cd0e2b192cb130ff769027d |
C:\Users\Admin\AppData\Local\Temp\IXP012.TMP\e7393157.exe
| MD5 | 35a15fad3767597b01a20d75c3c6889a |
| SHA1 | eef19e2757667578f73c4b5720cf94c2ab6e60c8 |
| SHA256 | 90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc |
| SHA512 | c1ea2659e28130f00869391a33dfdc2a763a710a56de2acaa6c71caa9c1eb5809e7ca1dfa1620ac5c3174052d3e277b832853a137a4663483855295fdab23577 |
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build2.exe
| MD5 | 08819e55df0897a6dded1e5e6bf83601 |
| SHA1 | 22d39992c6245b86ee8b14e0cc820e46a9094c45 |
| SHA256 | 3dae32e22775721f2f9de5fec79dbcd8d62adaeb057b47c4524e02d130a43b25 |
| SHA512 | 36ed6a07776139fbc4e1f4a90745633466ce40db8a374417cafc5846e3bd7277c56673dc98ef9b2379f286d3f0bacdce62e67f6b01fe177ed1dafa1065036b8b |
C:\Users\Admin\AppData\Local\81dbf022-7548-48ad-b2bb-c71fcc531e75\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | d867eabb1be5b45bc77bb06814e23640 |
| SHA1 | 3139a51ce7e8462c31070363b9532c13cc52c82d |
| SHA256 | 38c69e3f9f3927f8178d55cde9774a2b170c057b349b73932b87b76499d03349 |
| SHA512 | afc40d5fa7bcd41b8445f597990d150d57e3621ddef9400af742471aa0d14c2e66cfecc34482dadbaeb6f20912fda8ab786e584bf7fd1ad5fa23d3b95425fd59 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | dc587d08b8ca3cd62e5dc057d41a966b |
| SHA1 | 0ba6a88377c74a0c53b956d405ad17dd5f8c4164 |
| SHA256 | 7d8f216ba04419aae32d5902449a0c5271ed577c722e582fb42e7d43b3b08426 |
| SHA512 | 7300ecc40bfa1129d907a9b074e8406fa01b5ff893c7c281e4441f8cc6a546bcb5e099d6635b2f9714ec1f0453dc41de19f2fca3475f36f62babc425892699a9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | af5b5bbd755f77d4ccd0ce4bc0b9f096 |
| SHA1 | 13b90af5458cc98100b714f66b70c17a40c5a79c |
| SHA256 | 20bb6235becce8020d08f49f7e3cbd4a1ce7b0ae007bfe9f46f9a5e18a55907e |
| SHA512 | bb39a3d84c1e68e3648897153d2a5ee63ca6ea578089ba956f745de176f4d24f72efbe600ea7c1774855b3842872c932ab1455357055d9be9fbc7c03b5f7e32c |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\17572011987269260775432751
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\ProgramData\17572011987269260775432751
| MD5 | fe9ae946c704bc4c03416f0f64efeab0 |
| SHA1 | 43eaf9b3e00b355c34a0f9d7b6999692a6c80764 |
| SHA256 | a28ef03ea60ced703666a867c6db6ba7ca0c4a4d9d7906fd20275e8fbc248c84 |
| SHA512 | 2553fe4ef4ac438d79e49b46aead466bbab7ae0597961c34c2ac7dfff7735e67307680b226fd2bbb49cc6e9a55e0a7b04fb755a1ed4071027767cc115cf0f7ef |
C:\ProgramData\67806901258220739745318230
| MD5 | b9a6b4efa64f7da936f9486fe37db49d |
| SHA1 | 4bc391523e5e3b11d70b5a6e5ee88f52a17d2359 |
| SHA256 | 36b27674a2aa6b9d45b2d8aa420eb079d0ccccedfed99a8d31b31012d79f37ca |
| SHA512 | 5a52747d8a86bcfd7840d049682e732609d24c301cc671c18179195ca3461977c8ea0f6daae9f85536f3a83578c53e8588f90792fc667e7bd785bae2df6d2a33 |
C:\ProgramData\30453862105801076518527219
| MD5 | 018e704b8c3d92a43838942127ecea75 |
| SHA1 | c05754a3c1dc8c923a5877372f924cfac30a87e2 |
| SHA256 | 65e0d542f162dda914b9323448e21285be85079061daf5b3ec283cd27a0bafb5 |
| SHA512 | cd8bb1700972c5dae396c9e3d3831f13350d9678dcfe1ff6bdcb6e423a5b15ad08dc550778181795d6d915f134b1b169a9a3d2cc856da64d52a6cb90f0dd62a6 |
C:\Users\Admin\AppData\Roaming\UpdatwinSupp4354\client32.exe
| MD5 | c4f1b50e3111d29774f7525039ff7086 |
| SHA1 | 57539c95cba0986ec8df0fcdea433e7c71b724c6 |
| SHA256 | 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d |
| SHA512 | 005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5 |
C:\Users\Admin\AppData\Local\Temp\Server.exe
| MD5 | 4fa8add6fc5821676245de5c3a3ff2b5 |
| SHA1 | d676e4d65f74724d2f7a6c6385ed36a2d0efac77 |
| SHA256 | 40951afa1869484ca354dba200154bcf0719113c29a90662ff1867392480b3de |
| SHA512 | e22efd4d9f8b04490e582dcb057cec4cc032da30c7c2d272094735cbcda4d236f548606a9fa95c7f9a5caa0b4ff08c80a40caec5d59f3da3ab4076708e0e2adf |
C:\Users\Admin\AppData\Roaming\server.exe
| MD5 | acdcd0e846c7f1458c8e24336ed33bd0 |
| SHA1 | 4133703ca1409916ce76731b66447d5b46dffaed |
| SHA256 | 129c4c144e93fbc74c73e70d260ea088c238e2a6c6de24afd5da5c7cf693994e |
| SHA512 | 82422acb85365dc2323688448ff812dc1d47f0dd260d1502971744bfcf2c5b2a5cffd045c777c602d66d091b48326b02ff6d983fec32aefd8f450c50c3c558e2 |
C:\Users\Admin\AppData\Roaming\KSBPoqJvKv.exe
| MD5 | a9015ad39ce66cd0649c00491c81587b |
| SHA1 | bc4d7fdbd600d2214543e3fe0dfaeb95e2523abf |
| SHA256 | a5ccd3bdbd42202c5ffa0c8da8dcddd38064607b84b356e7015d22c06c865514 |
| SHA512 | 2269410f147a8a9857ca92f833a2c12993c6b3f32889d7433483c898aef4f4ce40a650630ab8ae357fe0573803285154982e4b18113590ed50dabcc7770cea46 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5i5nvwxy.1l0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1722984668-1829624581-3022101259-1000\0f5007522459c86e95ffcc62f32308f1_a0bc95ba-226b-43bc-9413-1a52b12558b5
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1722984668-1829624581-3022101259-1000\0f5007522459c86e95ffcc62f32308f1_a0bc95ba-226b-43bc-9413-1a52b12558b5
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a187b807b436c8c56ef474876f8d323a |
| SHA1 | 7128c5e4a88a664afcc2fd0c024a7ce046a6df3c |
| SHA256 | 1a0b310010c07985f534e3403dbe66c16099688e2119e7d72090e6266057950c |
| SHA512 | 77ccbd9bf04335bc7bf349c1e98ec0bbe6e1046f3a1d0dbd4c007fddefc5a8929f218ccb6dabdf038d9af1452070adef5f8764a02a29d3a67035f65969087deb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | abe090cd17173ba5242d8c640deaf8f0 |
| SHA1 | 1bd4f20f68ec212f4203fbe883d762d7c66454bf |
| SHA256 | 64cab75096dc7d93c9f2bad9906d4ff0d7043ee54dbe34809db6d2d45ce8fbf8 |
| SHA512 | 0490632d4138c9f73613e0a323a034cfcb7be4a6920e6b510cd3fb8abf3730e4fbb5ef4b889f48d053b3ece4fdbc974dfe1253dab6ce625dacb843d3dd025474 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89d3d69a9f1f4e928f034f4cb15b53a1 |
| SHA1 | d9898e9d82e77c8eb8a8650f447be6d4146f572a |
| SHA256 | e0e46fac9839d38d8aee08f2be1d0f7aedfc85311e333485851993597704bdc9 |
| SHA512 | 383dcd4d3be5e2a5d82bb74978bdeb7ce67de317405af683bc55fa2ba32085ee134b3e5151727d7a84f5183c258f32c3669627e0692ce1f09604130e0a0029c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 38e966ed5335617393804190ee917908 |
| SHA1 | 5fdfe54c1cfd9eceda71fefcb20f97cf0aa6ab55 |
| SHA256 | 7feb6f2867811589bf1d5d91ef8fb97c3660d0bfe71ac4cfc57a331d8555b0e5 |
| SHA512 | 76a01645a610048dc9b42e2c875b5dc5813e044cef1fb269becf1c8a3dd6ff0ebd337cb73d8bcd3254f0d510578d4e154300e8ad8e520db9e1bf4f71a02ad694 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | f1f77be1e9dfb31e4691cb8cdef0b794 |
| SHA1 | ffe91cfb81aaee76ed5c4776cf7c618865c10c1a |
| SHA256 | 6e87d9f029079418ef0e011d22468e4f8e9ef12288a2936011874c102b351c10 |
| SHA512 | e2108a4e88ef110d2ad8d39e640c8a62e494f0b7644ad704e9cb8b072f6cee9febd794ea64903cf2287f9429a4bc3f32e1154543084f68549e135b681e79469b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1af925206c8d1b608003f0fb2ee2a44 |
| SHA1 | a116d973c21efcc3362f3edc7db9bc5b1b97cc58 |
| SHA256 | ce609f065e31eeaa56d57f777d2ff2d06415a867e16bc12e73994d18ba483b18 |
| SHA512 | 05e8bfb6434cf4eb7b160c0f33ff20b922721349ac05d6fb3e5389f51c495364f7c266c4f3fc8fd42e4d30266bec9e9e0b60cdbd2c9079e4c7a37f20a707549e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 990749990a8050d72c19dc59794e2e58 |
| SHA1 | cfdfd2b08d3679fd93dcb6df61c87ba269507246 |
| SHA256 | 1074d73e338aeaabd7760e1ce250678d115a8bcc8b72577ef9b1d59a2c95e802 |
| SHA512 | 0290af1e9eb002a7fc8b48fc124fe688449c6631e75e17b2e28d3a10347c78bdc2fffce42c8c7dfb7ec6194c34c439e06cd093690d06bff59dd03cf3cb0eedf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 374779943a2f53635b25c9b45f3bb042 |
| SHA1 | 722c30d0ebc135ddbb8886bc0405c2e5baeed53f |
| SHA256 | 9fc1f5b5bd441984c7c4e183915a83301c8d27aba3fbaa4ae3b0317e985b1886 |
| SHA512 | 9c42e07f589abd340918f2824a081376daee5d0c51b0256770716854d7920bb8fa4c8f97138315287fbe47848a7c98f208696ebdf1f8118798ad70c2022e1834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cbb9581f2effc987916810634b45817e |
| SHA1 | a6499d3aa55949ea5848cb7750f579aab320ded4 |
| SHA256 | 57e4f998e0bf410310142c6b57f7df3fce9a8e0ad7d9931582275cfc05c9a3b8 |
| SHA512 | e84aad479b55bac599e70574aa7113f2bbb1e0b8d1963bce620e76b769a75cb7de2dec6bd81e5ce16dac7b3e7199d1784f08efd615b6d549eed6c34c9791439f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c78673f01f08ab54b99bf72987cd7b40 |
| SHA1 | de59a5d50d90bf7253938688891f912868a23bd1 |
| SHA256 | d524eaf7d5e2b070dd3b30c55ab275690b6a67f3fe306a7917f273b2d667ed2c |
| SHA512 | 4d3cc856b7f7972728e24f4af877dc839d9bb4c4eb03102d7abf55893018ae978ac2b9196a8a30f1ef929f3335ac9bf0bc0a558b3864a01a1d0b269d7ed7a72b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f611f61a8570fe7f942e850b8a1dda4f |
| SHA1 | 1f3a8dafe8d3b426bb15d51009b2865bb12907ad |
| SHA256 | 3713c5d76d8ed6a1024a4deb81509224d6736018acf471583b7a56780f58300d |
| SHA512 | 7c76de071658cfbb658866aab52d6b304709253b5a5bafb403a81dcefeeda7c56cd8f47689b504d48f463d0369945f097f5e5deea151fcdf0e6624124e862103 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a84841b75d6e22b535f58712479168b8 |
| SHA1 | a2bfa05ffb914b233695d6df325ddbb4e208d3e7 |
| SHA256 | 5297818e3159895fdc06b9322c46b77cc77ea0580627a5da727355b8cb2611c2 |
| SHA512 | 74d6c22a9ef8b860ac32a6d789a731faf7aed3955d06c3579c99efa116a6c08ce765139c8da9295f71b719ec85f4e0f3a00f148657bf7c5ba03de8b2f4946211 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 91f5991d248856c613a23a0659b32d30 |
| SHA1 | 94714c58ba19891e4b6c8a80cda86891039400ea |
| SHA256 | 57f2fca069b86fa8062b7eb8582dff566030552d3e71a798f29e453e99a0a2c7 |
| SHA512 | ce695a1756e9709fe27c38e7db3a96888ca168d4d338ca11af478733a2ded33c16636446edf17dc78674ad83658c49548c44f9f1c33c2b2e0d322f9034ace51c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5258cd36f7f1cb699ee7a5669902d32e |
| SHA1 | 97a1ef534a7fe495df9e2f3e524767977408de62 |
| SHA256 | 6f62c52d35e9e14ddcd065b55415a88bdad696c561beb4916cabfb9be92a1131 |
| SHA512 | 734b1088093bb95c5fa1cda80955623bc6fae080a0bf482539cd6bfc39102f97f24031ad7a3ae98d299f2c73a8a6da6bf63e150382f304a9213830ae06c65ba2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a7a7322203a81afba1bf360b103d8821 |
| SHA1 | 546d8c5c87fa6b553b0f90913c35b676e293e5a6 |
| SHA256 | 29d99546b4470078613641e800420df3514866f716409c8964d38246b2ea1d7a |
| SHA512 | d9c9e46b600d3854e555a767b2d4c073d8f597ba5c5e4a957b43c5d09af759ae9ec6de1ae0675d1da1ce63515f4d891873da484af2c52f952073ad521103750d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | f0d11cde238eb54a334858a3b0432a3f |
| SHA1 | 7c764fe6f00cab8058caeba38eb7482088a378f4 |
| SHA256 | 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96 |
| SHA512 | b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | a90d7c369b2a589d9034e9a201efe567 |
| SHA1 | 7afe40e9e4002a2254885901d66451e2ab0994c0 |
| SHA256 | 7cc054981e642ae7bcbdbc78152eccb11b31a6d922ea1dfe61e749f8985e498d |
| SHA512 | befddc83828674c9993b8912ea83486dcb04389e0d7b45a4e6c19b6bb5e6e0ed2b16d9247c2e633870658697131c094864d3cdd9a2a4c0fb17bb503ad2915b21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 0243d388e8b9f0f12f7d2b67e719cf73 |
| SHA1 | 39bd292a8a602c774ce189103b51cbdbee85c14e |
| SHA256 | f7a8bf314a7a54ef1a2ce6d2ed661c6ed9c41dcf756783254739cf72416c0c73 |
| SHA512 | c5dbfb863e46ecb046727f23444f1748b24085618e423d00a936ce6870a00a670c9fad389d5b95a1527713c987a73432b43973a30439c59b4f137388b544acde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 20b4214373f69aa87de9275e453f6b2d |
| SHA1 | 05d5a9980b96319015843eee1bd58c5e6673e0c2 |
| SHA256 | aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820 |
| SHA512 | c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | b126af8614b44fea32935941c142fbc7 |
| SHA1 | 197ebdc1df63ef7c101edeeb37bda94f944be2a9 |
| SHA256 | 208c1d88dc9b29334d7fbfed5b583929364805ee6893ec58bcc860060c1cc2b3 |
| SHA512 | b38caa4872085495aa422a7f918c5ffcdbb6d6a0fbbcc819a7ee9a814989406d6118e6367a8fc7522a386f7b0368a675a9bcd8eda0711ab32a3a2f2757e79f6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3f605340a0e7a2702ae2f4e10e47795 |
| SHA1 | 11c82cec73df143c33a7cb2e54511600c5f59362 |
| SHA256 | db746203a95110e5bb3608e659ff5789c0c0585b6ac677f9210bc49f2974b674 |
| SHA512 | 8278b99b9cd945d8f8d10b9ec1c642af3cb5550af5a86efe59fba7f9712c2100876fa34c931ecd42706372413408ee7a6994bc6051d09e0a3ecb8af3b24f10be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 254290a5bf66a2801cfe31f1f11bc49e |
| SHA1 | 6b4723aa8b36e3ddf67308c65eec9d76bb27d7a3 |
| SHA256 | 95eb1085582ed2349b9f4f0fd6271e63ece8905a9ff30cd438e813e75fb42181 |
| SHA512 | b836a7e06e49921aad42e5626e5bb4323cfd11d03255b03f407eebd5479951c3d4fdae06e193e265aee7a55580525434d1c01e16f62cac8890dd0bf258742080 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29365571af07ec0700899224b904edb3 |
| SHA1 | dab4e1f80ba47f2c8ffd0abda65e69ae82a2a1a5 |
| SHA256 | 5a22d3144343d2f5bd6c1514f50e635684c52d5beb329934c6728b4169f3e507 |
| SHA512 | 848c007ce58f6794f2eac7d738eb9906960b52a7a1eaeddb15b1e490dc30bc3d92e04e6f47bf6391afc91963a5820fd8912255e40dde8cc732c060f464a7dda8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b5385f8da540d88039925dd262041721 |
| SHA1 | 1e7ff0021a921913f84cd6886355c2e2446ba666 |
| SHA256 | 31e3c91d3f7cc584980ec70c8825bdeafdf1169c32ac491d3379f64a264cc807 |
| SHA512 | 49a3a72c96aa3198e9002e805fa563039c819ca10a702008a384e3598c695a2e2a227b4c3840cd7762d7918b1dd308200544d81299d59d5e3a36b0d0976c8353 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 122f7a8628d611682797eb01b187677d |
| SHA1 | 1e79110ffcb784d02423d377f8fb0e734bddc75e |
| SHA256 | c91fc784a4202606f075fe3cfb7aa5f1d0122aea15f0d955e5e35fc7b0c43185 |
| SHA512 | 5af9042868e5b6ee5fd2af9013e255f89f023de31dbd5b709672eabeac6816ca0da83fa602039388920e287d69aa030ed0ab04270241f3a44463bad5f0aa335e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec7dc4335db17b80becc2757beb63fbd |
| SHA1 | 7f218c3b41d28355ce9d5092cd3a60de48009d25 |
| SHA256 | c2741082c96f768e3e616d8d343dd2c595a367c0c097c6d251c29e914373580e |
| SHA512 | 793a620f4af07187aa249bc7dc53f8878b64cabd5c24eb36c53394b6605d117a7b616e8335fc838a40ee63a5ef2aff6d66b0bd199295beb28338ed9b0c14185e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4522af04767d3bfec6ce1149fddb60d3 |
| SHA1 | d09da12c42d1f2019982dc4764bd5f9a752c503a |
| SHA256 | 6cb360cdba25a21554484b314d2a83bcdf98b7cd4331912eaff2b9d6b9d80233 |
| SHA512 | fe99ae70768ac4bdc8dae047b8884625d53e2b1086e93f05e30c94127d6ddbc620bfeeeeb9a84b3d19efe511aca065177e1d8dec6aff55af969a7805f20a67ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a08db72047e0c17587666d6e32b8afc0 |
| SHA1 | bd78cc346946303fafa3f93055891c709e8660b5 |
| SHA256 | a0efbbc5211a0577a6138839aec0ac597c11312e15a85638f74181d36ffdf4d8 |
| SHA512 | ae7eed5f7e1657fc3ddc2f3e1a5ea2754cb42ce482ccf6474ed3f49a543836750499e634d599839b129470da0e3018be22cf651b0cf125615c9f7d50ea1e255f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60188ccf6963cbfd550b99b26767cb32 |
| SHA1 | b009056eb1546c3b2af49169ad76692ac082de1f |
| SHA256 | f1c6ef8f89b9d4a9541f016a2ef0e75304c4c77ac4c9c367bf18a735c99c29a1 |
| SHA512 | b13d2d06c3582aae85392825c83c781d3608d336cd496423ce33da2c6246ecc6860e7f5e909c3c22d3eb0ebe9e09b5081a0a53e7422dcecd14f3c9d04423069d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059
| MD5 | 92f0bb21de86c6c660bb835f40365184 |
| SHA1 | ee7dfcc9328ad0560e1d9fd6a035b8efdae3d7be |
| SHA256 | 3eaea657e2d8557cc8e98102697e4fb358abfe10b4d95f8dd5cafd1585a2df82 |
| SHA512 | f52731ff5972853ab4cf84edb84e18373656f77a3ca1054de48ffffbf452f77e930e5d15e1c6ed0268ffc6bc5651a5c754d237c86f73e40e4848b0f57c91d1c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aaab27c6191fb8d3ea5a082e07838f55 |
| SHA1 | 66b3a89c63d538d580d55b7b13b02b1a4cdcf458 |
| SHA256 | 3728062b0c863441eea0fdd2813cec7af9e699fb06fed38903f881fbfc143227 |
| SHA512 | cba2ed913e9e4ce0298882138568615d2e94139b9a9de10482976a23161c1d26ed1ee3815061135ba22db6dc0938c8c6b041132a92721e9d480ac80b80a736dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5a2618c8600e03027003699ab60d97f |
| SHA1 | 0a81b4a4a81da951ccb5c1f42ce149fe9461cf60 |
| SHA256 | 793791fc782366ce6f78f7f2dc40daff25e4ca66e5d2d733661beddbb84ab3bf |
| SHA512 | 20c009639aa7400122676681daffa746b1f98eeecb6047a276f6f9c5da1c216984def6bcfb14d8631dbb31997214339ad2e7c4169cf845152b20afc17f4e9b26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e0ab47cdefd17933a6703261c6daf61 |
| SHA1 | 340b5e2d9dfead8aa1ce935052e5efa4d7653cae |
| SHA256 | 39b71684d01f4e85b7eab52c450f47eec50f36642b41f95fffb44a47b189aa55 |
| SHA512 | 2f266938751ede5d2cfb62e5f6a1c43c05d7ce733f252b126fd23bf8c742ecc3a77de57bed34d91ec4c7d2d174d426e7fcdde6befd840c0161d52e729c1c3712 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b7d33aa284d9f0f5543a1ceb6cfd79e1 |
| SHA1 | c74201e394cc7730b5622f5acd6673e35d2eb087 |
| SHA256 | ff8900ed56944e63958eb7fd844145ff21109bbaf06c8fd48712cabd25f8eba7 |
| SHA512 | 634615999a485b451d05a6cc89303fe6515bd74044436e324287190c40b147b841893c9b4a0a95551b0e4543ee8754181bf003524bd81c8d82cdc8e53f41a0da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9934d9131d5e9f0422a81c7a62e31b60 |
| SHA1 | 663b3640e1c667bfa5a5cf660433eff0f53ee23c |
| SHA256 | bc96da0ba81c9ae7ed0ddc5271f6d03db93fe83e24fd9bd9c3fb6b86c17f573a |
| SHA512 | be9fe53ae02f9b25cea656463e15f585bee757a6961aa0c6eef42a4b1deb2331e16c040460a157cd8124ecb6328c2b4c5d0d21168dbb9b666bc468ca9ebad9d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ec0289ce9124d5755aa08c8b453a27d |
| SHA1 | 13603d2ccbb40ca4047b8771fd1957700909f5d2 |
| SHA256 | b82aad1edb2a90b37e3c54f5ca84a3064822c56b1b7258324ef5147e7337f09e |
| SHA512 | c3e6388cd67f37057e18541fa16308e64d6422d68d11762ff080f1481156f4c535a3265247116f2a06eed40be23c0a08e820b67f7068f137e2668db9491db52c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 1eb2e17236578ed1c53a229cb725cc34 |
| SHA1 | 3f99131f2bac76cfa9e1f37f409c80176153544a |
| SHA256 | c1bd26f8242ded1dce0fe204c83615308e36abdbb2f15c44b273e3bea1460e4f |
| SHA512 | 84a4b9b2622f0818cf65a06049c58f01e83c8e9524d7fa0900a4ab2e50ecd6c47d5b39862904462a6fcfab14cf5786c6e3c38aef521968627771366d24a10a44 |