Malware Analysis Report

2024-09-23 01:09

Sample ID 240514-bt52qseb89
Target https://mega.nz/file/4e00lTDK#DLnRIDs-Frjiz0j9ODsnSYqYi7OcGZQTjmrVQNUkPEM
Tags
asyncrat stealerium stormkitty xworm zgrat default persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/4e00lTDK#DLnRIDs-Frjiz0j9ODsnSYqYi7OcGZQTjmrVQNUkPEM was found to be: Known bad.

Malicious Activity Summary

asyncrat stealerium stormkitty xworm zgrat default persistence rat stealer trojan

Stealerium

StormKitty

Xworm

ZGRat

Detect Xworm Payload

Detect ZGRat V1

StormKitty payload

AsyncRat

Async RAT payload

.NET Reactor proctector

Drops startup file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Drops desktop.ini file(s)

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Creates scheduled task(s)

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-14 01:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-14 01:27

Reported

2024-05-14 01:32

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

300s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/4e00lTDK#DLnRIDs-Frjiz0j9ODsnSYqYi7OcGZQTjmrVQNUkPEM

Signatures

AsyncRat

rat asyncrat

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Stealerium

stealer stealerium

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

ZGRat

rat zgrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Loader.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INCCHECK.lnk C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INCCHECK.lnk C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\INCCHECK = "C:\\Users\\Admin\\AppData\\Local\\Temp\\INCCHECK.exe" C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification \??\c:\users\admin\desktop\desktop.ini C:\Users\Admin\AppData\Roaming\jvcvcvb.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 7800310000000000a8582d611100557365727300640009000400efbe874f7748ae586a0b2e000000c70500000000010000000000000000003a00000000001b3d6b0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0 = 7200310000000000ae58890b1000414e415243487e3100005a0009000400efbeae58770bae588a0b2e0000008c340200000009000000000000000000000000000000a41c120041006e00610072006300680079002000500061006e0065006c0020004c00650061006b0065006400000018000000 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\NodeSlot = "5" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0 = 5000310000000000a858056c100041646d696e003c0009000400efbea8582d61ae586a0b2e0000006ee101000000010000000000000000000000000000003e777f00410064006d0069006e00000014000000 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0 = 8400310000000000ae58770b1100444f574e4c4f7e3100006c0009000400efbea8582d61ae58770b2e00000076e10100000001000000000000000000420000000000be6a750044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000 C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\jvcvcvb.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1288 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/4e00lTDK#DLnRIDs-Frjiz0j9ODsnSYqYi7OcGZQTjmrVQNUkPEM

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ace946f8,0x7ff8ace94708,0x7ff8ace94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4836 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x294 0x4e8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9623:102:7zEvent19981

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Loader.exe

"C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Loader.exe"

C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe

"C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe"

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe

"C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe

"C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "jvcvcvb" /tr '"C:\Users\Admin\AppData\Roaming\jvcvcvb.exe"' & exit

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpE1A1.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "jvcvcvb" /tr '"C:\Users\Admin\AppData\Roaming\jvcvcvb.exe"'

C:\Users\Admin\AppData\Roaming\jvcvcvb.exe

"C:\Users\Admin\AppData\Roaming\jvcvcvb.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6524 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5261196462555143249,5282976090594325208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 16.125.203.66.in-addr.arpa udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 gfs214n147.userstorage.mega.co.nz udp
ES 185.206.27.57:443 gfs214n147.userstorage.mega.co.nz tcp
ES 185.206.27.57:443 gfs214n147.userstorage.mega.co.nz tcp
ES 185.206.27.57:443 gfs214n147.userstorage.mega.co.nz tcp
ES 185.206.27.57:443 gfs214n147.userstorage.mega.co.nz tcp
ES 185.206.27.57:443 gfs214n147.userstorage.mega.co.nz tcp
ES 185.206.27.57:443 gfs214n147.userstorage.mega.co.nz tcp
US 8.8.8.8:53 57.27.206.185.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
PL 209.25.141.181:31533 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
PL 209.25.141.181:31533 tcp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
PL 209.25.141.181:31533 tcp
N/A 127.0.0.1:3232 tcp
PL 209.25.141.181:31533 tcp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp
PL 209.25.141.181:31533 tcp
N/A 127.0.0.1:3232 tcp
PL 209.25.141.181:31533 tcp
PL 209.25.141.181:31533 tcp
N/A 127.0.0.1:3232 tcp
PL 209.25.141.181:31533 tcp
N/A 127.0.0.1:3232 tcp
PL 209.25.141.181:31533 tcp
PL 209.25.141.181:31533 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1288_PAIZLQVMCSWANCGP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95e72c2e401d84b43bd5c97fa3df372e
SHA1 d287239b57ee61b779503c703a03b3688c3ce661
SHA256 5de2fa1d027da53ce1d956d54f184d0b39f562e598019c660df62831c304b510
SHA512 78e73c1d3edd55e8bddeb2e901b7c0ebedcf55d360dfe5947736a56c6d6873ad8806bcfd6a567f8ccb491fe0883244bd87597f7804d14e5cfad769f70d641681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5303af1acae4fc7eb38f50593e9726f
SHA1 3af2924990f6f7d8bec8084377078189aa316914
SHA256 77211dc2a2a31da2ba0e319106aac6d7c43118475b7cc9c064249f7ccc127ac1
SHA512 7da3a56f75d92bdfc78149c0caa9f40e6c51fa985c608ab34e5ad5837f5e1aa8fd9cc190901d755a686d037dc67e1efcf726fa71e7f0c94bfa21a25764584f9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe6b82f6a397889c95b4db8f1211b0ca
SHA1 bd6c638b36753c613e6b24d6c5588765400a9f75
SHA256 55812d1563e061f05aee27e8916d988410229e787bd73631b3afb0569104e9f2
SHA512 96e497d64d8a47da555e9cdfe19d93df007d43c7b355763364bd0dc4da612c54e6d80d9fa78a0fcad5faecd7bbf79d04793189a822dab28aa35bfe6fa25a45d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96e255791a0ac7260ffdd3cad29230c9
SHA1 7392e589e1b8d17f4146a5610d47be25e4c48f77
SHA256 8b1919367900b0b1a54054c7ba1855a6d803ae73f2a6fc040070089d9d0514e6
SHA512 eb6e0d1afa1d0a9d1af6efcacfb98e7a02793611db1576f6d9f49d7b42d0b62f16fd322cf1fc4777dad4c55c5ea75fa301ed4b8adb2f6724346fee5ab4e8feaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 07c5c284583518db56e268404f7df0d8
SHA1 f335995787a1b98f7e7d6643f997eb13910e063d
SHA256 d8b23bd33b82c8b38feb9a57ce96f0af01bc23cfba46e8091d4fc7cf9d5021b2
SHA512 40cdb19ca935302107235dbbd8c46fe333868296e6df17e9d15c231259e5327d8e40842b3a0c629f867f7eccd2149cab2c6376dc4cebf344bfcbe21ea22f39d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579de6.TMP

MD5 15ea9cef6bb35116d7e748dd5f7a072a
SHA1 ab0ff2ae3f9bc5b35d23a4a071b0013ecc10eebf
SHA256 495df149439011fd89a3ca0eec90bed7c0ae9a7a9ef42a97074a0385bf3f25ee
SHA512 a14c63d5378e15ab6a3173f289df03ae29105145009d8a3082ae6a5af0394c3f3caad6587573ab974443cdc923be5699d20b944397190b326a7b5684c8cef491

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9130c96d5ab0cce8548413daa94e7e7
SHA1 55ccc1eee6e753c9db1823fff9cf1f6dd62f55d9
SHA256 45148a49e906927e164f197eee58ec03a4e465b4069d5f5faae1c55f96e264ac
SHA512 03ffea86ee08dae61dd727b6002f88e898c88ba774c9344b3541a5bcb074c7d1aed89a0594f281b92124264f5be14a6807578c268c051bd7e4e26fa6f3b8c73e

memory/3240-257-0x0000000000BA0000-0x0000000004264000-memory.dmp

C:\Users\Admin\Downloads\Anarchy Panel Leaked\AnarchyInstall.exe

MD5 57fdae25873ed915da75aa33c9eb6d66
SHA1 5f835c20c97fc83b976fbea8345b01d96e5f1546
SHA256 c9074dc3e9e6e06260f4e40980ef2fbfd8b50cf449e20f250d277cadbd7909c0
SHA512 1191005e24a64b215ea866c8472411e13b22908ae98d42c758bb317bd6182cd671321d7c501db4d779e2234106d7cf8a118eea9f9dd698f578dc25b0098088f6

memory/4572-269-0x0000000000870000-0x000000000088E000-memory.dmp

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Anarchy Panel.exe.config

MD5 3d441f780367944d267e359e4786facd
SHA1 d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5
SHA256 49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9
SHA512 5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90

memory/2724-280-0x0000000000B60000-0x00000000041FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll

MD5 56a504a34d2cfbfc7eaa2b68e34af8ad
SHA1 426b48b0f3b691e3bb29f465aed9b936f29fc8cc
SHA256 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
SHA512 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7

memory/2724-299-0x00000000063D0000-0x00000000063E2000-memory.dmp

memory/2724-300-0x000000001F480000-0x000000001FA68000-memory.dmp

memory/2724-301-0x000000001FA70000-0x000000001FE30000-memory.dmp

memory/2724-304-0x0000000020BC0000-0x0000000020E12000-memory.dmp

memory/2724-305-0x0000000023D90000-0x0000000023EDE000-memory.dmp

memory/2724-306-0x0000000024030000-0x0000000024044000-memory.dmp

memory/2724-307-0x0000000023CC0000-0x0000000023CD2000-memory.dmp

memory/2724-308-0x0000000024040000-0x00000000242B8000-memory.dmp

memory/2724-314-0x000000001F390000-0x000000001F39A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 008114e1a1a614b35e8a7515da0f3783
SHA1 3c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA256 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512 a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

memory/2724-352-0x0000000028440000-0x000000002855E000-memory.dmp

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Usrs.p12

MD5 f24044a4ea6377d71009f8bee1efe87c
SHA1 e5af604e872c8cb648f96b59f7691afbc602d14e
SHA256 327da4eb5d0c1bf37337c3bbc1f21f8e527fa04554d84c718fd14204167027a9
SHA512 0534f5c9b65e766c77194905bdcc4342995755d5af1539d14178d5cb2cc69db7cb77c38e3352e4ac1782e50ba8758d526bde161d08a40a77a69aa8b98c265b95

C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_3rsr3tvos2id5wqjaevtphajaamj0fzp\4.7.0.0\zvmj3gpf.newcfg

MD5 712a8adc7e3796c3e89b18065bb8d64d
SHA1 d59cc27c6483285ad6fd1424922abf2ab4f636a5
SHA256 78f5fa573c3eb135abf7224bbd2da0eab9e691810524405bf664c2e7baa3fee2
SHA512 3f1b09e3e56c0ff92afbadb7be9c5019c4c586bec55ccb971e1443489f58bb603875c5ca4b5c4a95e3bbb2e5d025f6257ba87f3961104e6d366725b258379b29

C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_3rsr3tvos2id5wqjaevtphajaamj0fzp\4.7.0.0\user.config

MD5 4b01719ab493b81d429c574dbaca15ef
SHA1 719ef1e4e6616a3d8afce09de7f89ddcf186a3a3
SHA256 33ce546b728989bc9ff5dd4c487a87723e5eb7b3953b7cb56e747747411b6c54
SHA512 4d5293d8b58c793bbbe6dedc061cb4fd3e7302771ee91789240ecf80f2f79d08dffc36d148f755107a3d12de6037ab18c57cb42494de80a40d90b64bb04ef234

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Infected.exe

MD5 a4af83731a37f072566b525637fc8122
SHA1 71fed99e08056530564fea04896e0f318551c07d
SHA256 eed55167ffc278512430388b5969ae7c1e16f524d6e77ba3ffc26aad26117471
SHA512 139803d7696ef4c491488bd1e8d189c5df5bc1709007c157ad74134ac5b97aab185e1a1b1e08b8d1d1482627882268fe82851ac78f8272271203b7f56d459ee5

memory/4260-390-0x0000000000FA0000-0x0000000000FB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpE1A1.tmp.bat

MD5 27592d1fdb5b6bc5e8a4345248477187
SHA1 a0d515466a607cca08c010c0398f141fe773cf11
SHA256 7b8052cc049b410b2f291ab842a3802b7f78e4e888360beee965765258617068
SHA512 dd8d0f028d59a448f6d4a822a232f881c3667a59e337d8aaac7536fa3f188e9ee6424a491ad486591a9c0284eb3ac9985377adee3b4e68221543c73d3fa0e70c

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\RssCnLKcGRxj.dll

MD5 f6808c4fbbe0275db03b2cc5b4c2bc0d
SHA1 e40b61c64c68f72fc5144f5057d54229babdecf8
SHA256 e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248
SHA512 f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\59Zp7paEHDF7luJ.dll

MD5 15e3d44d37439f3ac8574ac1c9789ec2
SHA1 bb3ef30e9f4496198f412738579966210ade36e0
SHA256 5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5
SHA512 ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\0guo3zbo66fqoG.dll

MD5 e4ebcf76ff80ef398d3ab77d577f4c08
SHA1 cb9e6b30a63d50ae87610f6855b64abfb25691d2
SHA256 9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5
SHA512 8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\CjETR6GpGXqM.dll

MD5 b0fc0ba80f8ec9586ff397412c512d9f
SHA1 0f6051b71b715a47be1fa16683201413905629a3
SHA256 13db80a0211ba9bf59a1e43bdb2fffa91de5c7f38bd469c4824b5e06245a0234
SHA512 222a365ae567c6c773ca2b99b82795916839cc5c9ba8eb019bf6713108720c2793303ef6612b64488f4584602cec84c0b48a02fe709db0250bf377d07e002d7d

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\eMTYbTz0gueNs4.dll

MD5 5dfbcfbbf9e2ae7db23e252808699ffb
SHA1 a1d429292fe73aeb5abab10304e1ae8c1262b26d
SHA256 929e5f15e9ceca03c80b2d174283cb25bf47adfe4693f5c01f622416c9f6d03c
SHA512 9ee63080781577e0d818a27d026024f96161bb7b132dc0c130fabbe2d6c3b7758868fff5a4ad68efeb4d08f964e2f69417022751880a443f7f920aa4f40f5c09

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\EVa7gBMKoaHmLC.dll

MD5 64a3d908b8a5feff2bccfc67f3a67dbd
SHA1 a17d7e5fa57c99a067cac459cb507b625dac254e
SHA256 6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1
SHA512 66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\FBSyChwp.dll

MD5 0d41ccfaa8e7ef96248b8270d1a44d08
SHA1 6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326
SHA256 0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3
SHA512 a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\oYsKwDG.dll

MD5 a718955297276f2349b7644447736e08
SHA1 377388d115b77aff357dcaf92b6aeb6286b1460d
SHA256 54ec206c8fe8ff27b3fb02ef892b8e6bc4b6abfff2fe08f5f57175c64f1d3220
SHA512 a3c2ded0cdc4e62adac92a569d6cd4db0c3647e663700f019a9de27e738eb2672e5cccec19af15633a3cd25a882452ff5ce39c17f67dc3ed6653b9e0ad063641

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\mML6WKMqdxjDGA.dll

MD5 e03b206eec8a7efbd1a47909071226e5
SHA1 21163989ea524920e874bc7932adfcd5e94f854e
SHA256 778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965
SHA512 831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\mGWHaG2Jn.dll

MD5 8f98206f577160f950d456d1190c8d32
SHA1 defced38fce00775c4616b420fa674d77f946eff
SHA256 2bde0293c982fb6266c683ecaa2c90372d26d9a2786726874a2cfb89dcc68324
SHA512 432c2b6759701754616273633c966332e718dbb10a9a7eab0d7c57ffdc9be95b5e1b16b6e291301ac7aa6d1de48a46d30f08729e45d6634b1849f41c78e92d91

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\KNTmoSnG.dll

MD5 738c096a9bc38e21a9aa59ebc356c80d
SHA1 139756ad201a537461a6bb8524a4b89a63b1b1b9
SHA256 300a5551f7be89c5f03c0b70fa7dafb7f84c6394dac68bee95169e985e7786f0
SHA512 294c34f0716861fa67ba571bf7a8614613a1746e9f2935ba0c86eb1897dff858ea1f7fb44f1b6ec87cc709f4933a912dcd3eadd5d0b208c72985aa47e1f214f2

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\G3nl0mDcABnDuZ.dll

MD5 97b8bec4c47286e333cc2bedacf7338e
SHA1 764bbd0307924b71ca89538b42996208d10c9b91
SHA256 060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de
SHA512 a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\fzAgyDYa.dll

MD5 a5770798b7a6465f5b5a8c19d7d707ee
SHA1 ca67e9591d2f757cbbfacb55f27aec6485b10ee6
SHA256 f855353a618af8a53504b5188c05d3a09fb1ff85763e0cd15c53dee82d7c6119
SHA512 64da7687e83c6ff4d1c1cdc644ffff53333f745e82f169beb529d55ec5be6f21658d27c6e01744147c00f834978260e86ea627a5f2981f27305afb69a7b467dc

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\PK0TcnqTGFagQTS.dll

MD5 fa90a2aee0d172000257c4faca31237c
SHA1 b317281b4acaaf1d7b7255c5e92887322abae892
SHA256 991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49
SHA512 b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\rNXXgmX25s.dll

MD5 050f07b46987eaf152aab521c0112fc4
SHA1 2d2c0943ce9c10ba09b0d5cca54c2a88a1e61e95
SHA256 b93374fdfd9af786ff20597ae0e242b81373984ba5718194f9e57feb231c52cf
SHA512 a27c370e40ec126b6b9f3ab7d603378c2b629ec752aa8fc57a10e3ef58c0b701a5d1b4903a17ba180c4e73e76b54304f0868c474eb60e671562d0deed83a18c8

memory/4712-428-0x000000001C110000-0x000000001C186000-memory.dmp

memory/4712-429-0x0000000002620000-0x0000000002654000-memory.dmp

memory/4712-430-0x0000000002670000-0x000000000268E000-memory.dmp

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\zVvPGvK64uLS.dll

MD5 a267a675b7243d9152c7b8e3e261d64c
SHA1 9a0277095646e2a773e8a04a7913ce6a56cf05b5
SHA256 9e82bf869638f8118f47f3870b1382401e42912cefcc6a9890489af5bb805c7e
SHA512 0dae32c0c0fbf6918779a5e9699cbef27572458a5cdc7119298abddb6a597a0017fe33af06c02abe0c66f3cd490f6955bd7c65470ed3e31338d28575306c04bb

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\sJ88z8tsg5XzK.dll

MD5 b3fa2c3d50057ddd2c9579dc0aef1590
SHA1 88a1f57b9177c95a2e095866574639b09d5f310a
SHA256 6eaf5744b8ec91312e1c6be83d852627e5204b3b64a1932e60e47438d73fb6bf
SHA512 0d1b8288cbc1c206029fe2f9b7366b2f8b49158e4c9643e453111ceb90fd77af903533c64f6ede351755414c9e7daa926704cda6f1953be79e1adc7aff515508

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\yL9x34D8X3oO2P.dll

MD5 38502e61cc1d39095a12c1883551ad9f
SHA1 135c9cad9e6d54bf66a1cee5c99ba510102623b0
SHA256 0e9733277eac197c4eaf40fb0eada0907388222ef21843488a8e591149768301
SHA512 cd67a63ea954a4db8c8dfadceb2822b447d98c2c43a8f9c6901d0fce3230605a0416395b92caea6ac08348d5f6b0e1cb052b24cf90829602b0a5b0652b8a2600

C:\Users\Admin\Downloads\Anarchy Panel Leaked\Plugins\WkUP83aP9CABpi.dll

MD5 8dbfb67c059aa59f7c53e20ef6740363
SHA1 3de96e7f48ee7647f5a7c2efb68cbd914bc78364
SHA256 a74b74f463d567c1f0505bddcd49ed23700f9ab7dcf4b7f46435723258c5a7e2
SHA512 70aed01375416e2be63d676bbdba58c12ba5f50d406d1fe252e7a66b901d32e0705007dbf465193de51663174c1b53bdb980890d8b2e6ce641dd16a200e3440d

memory/4712-437-0x000000001B1A0000-0x000000001B1C4000-memory.dmp

memory/2724-439-0x00000000047F0000-0x00000000047FA000-memory.dmp

memory/4712-440-0x000000001B2D0000-0x000000001B302000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fcf185a010d93dd2023d10e9575d6870
SHA1 3b9fa1715c62df5293249de214b8a8028e59447a
SHA256 50f2f28492e35c14ad281a90318940388f751719cc371395a598a8a916bc682f
SHA512 4543409ed60dc85ad4f56b15e36f5da64d43cdb7f8fd8edce1931be7efc75f0b23a3959c4b383449ef1282d88ae17ac7fd1373832eceacae66a826b5483a4445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 30985682ad9f277a69ddec6eb284a4db
SHA1 5e7f36ccbed2509af60612b34715cba165ad6b57
SHA256 702c50882ad260d1757b7a59690a8a5c4404b2ccf2fbc3b26efb7012c78ce3a9
SHA512 4dbe9644905bcef4a3057d925a178a685e1d58abd9c02e380cadfa78a616d5b3421b85a29e2007b6c1463e9a043d6cc1bfb6c08d48f7af96dd23c188bf6255fc