Analysis Overview
SHA256
c0fb1c29e216e6ede0976d74218c4565ee5a525765995883e3d6c39d50e7c5a0
Threat Level: Known bad
The file Nurik Crack.exe was found to be: Known bad.
Malicious Activity Summary
DcRat
Xworm
Detect Xworm Payload
DCRat payload
Command and Scripting Interpreter: PowerShell
.NET Reactor proctector
Checks computer location settings
Executes dropped EXE
Drops startup file
Looks up external IP address via web service
Adds Run key to start application
Suspicious use of SetThreadContext
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-15 20:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-15 20:44
Reported
2024-05-15 22:32
Platform
win10v2004-20240508-en
Max time kernel
1198s
Max time network
1188s
Command Line
Signatures
DcRat
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\Nurik2.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NurikCracked.lnk | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk | C:\Users\Admin\AppData\Roaming\Nursultan2.exe | N/A |
Executes dropped EXE
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NurikCracked = "C:\\ProgramData\\NurikCracked" | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 60 set thread context of 3424 | N/A | C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe | C:\Windows\SysWOW64\schtasks.exe |
| PID 3380 set thread context of 4792 | N/A | C:\Users\Admin\AppData\Roaming\Nurik2.exe | C:\Windows\SysWOW64\schtasks.exe |
| PID 2316 set thread context of 1904 | N/A | C:\Users\Admin\AppData\Roaming\Nursultan2.exe | C:\Windows\SysWOW64\schtasks.exe |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Nursultan2.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Nursultan\Crack.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Nursultan\Crack.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\NurikCracked | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Nursultan.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Nurik Crack.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe"
C:\Users\Admin\AppData\Roaming\Nursultan2.exe
"C:\Users\Admin\AppData\Roaming\Nursultan2.exe"
C:\Users\Admin\AppData\Roaming\Nurik2.exe
"C:\Users\Admin\AppData\Roaming\Nurik2.exe"
C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe
"C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe"
C:\Users\Admin\AppData\Roaming\Nursultan.exe
"C:\Users\Admin\AppData\Roaming\Nursultan.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"
C:\Users\Admin\AppData\Roaming\Nursultan.exe
"C:\Users\Admin\AppData\Roaming\Nursultan.exe"
C:\Users\Admin\AppData\Roaming\Nurik.exe
"C:\Users\Admin\AppData\Roaming\Nurik.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe"
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
"C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe"
C:\Users\Admin\AppData\Roaming\Nurik.exe
"C:\Users\Admin\AppData\Roaming\Nurik.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Nursultan\bc09q.bat" "
C:\Nursultan\Crack.exe
"C:\Nursultan\Crack.exe"
C:\Nursultan\Crack.exe
"C:\Nursultan\Crack.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nursultan.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nursultan.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\NurikCracked'
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f3a46f8,0x7ff80f3a4708,0x7ff80f3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'NurikCracked'
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "NurikCracked" /tr "C:\ProgramData\NurikCracked"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f3a46f8,0x7ff80f3a4708,0x7ff80f3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0x104,0xd8,0x108,0x7ff80f3a46f8,0x7ff80f3a4708,0x7ff80f3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f3a46f8,0x7ff80f3a4708,0x7ff80f3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff80f3a46f8,0x7ff80f3a4708,0x7ff80f3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f3a46f8,0x7ff80f3a4708,0x7ff80f3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5964969173153907337,17110666673659315890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6104 /prefetch:2
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
C:\ProgramData\NurikCracked
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 2.21.18.87:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | mscom.demdex.net | udp |
| IE | 52.18.219.127:443 | mscom.demdex.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.18.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | mdec.nelreports.net | udp |
| NL | 2.18.121.21:443 | mdec.nelreports.net | tcp |
| US | 8.8.8.8:53 | 127.219.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 52.182.141.63:443 | browser.events.data.microsoft.com | tcp |
| US | 52.182.141.63:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 192.168.2.133:1337 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| DE | 104.28.229.13:1337 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| DE | 104.28.229.13:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp | |
| N/A | 192.168.2.133:1337 | tcp |
Files
memory/2124-0-0x00007FF815843000-0x00007FF815845000-memory.dmp
memory/2124-1-0x00000000000C0000-0x00000000011EA000-memory.dmp
C:\Users\Admin\AppData\Roaming\NursultanNotCracked2.exe
| MD5 | 78a2304f3a08a66a5f90757dfb397f2b |
| SHA1 | d6e327d3a056a2c6a2b1af1f72aa03293d191df7 |
| SHA256 | f3510f0c072e4c056ba514a8579f8eabcd2a4a18756e1da3d56ab17bc42ff358 |
| SHA512 | a2d204d6492585d35af689673f806cd85d1030123e929e311fe06e84eb437084386f61614a9ec3b4fa135785a0b1752bac24991294b28c2ebc6f4770ef8b8e41 |
C:\Users\Admin\AppData\Roaming\Nursultan2.exe
| MD5 | bdfdfa323d578c1f668a4f97db9b8d10 |
| SHA1 | 66e7fa0ba48988483c1601a9c2301d318639c5d4 |
| SHA256 | 4bdfa89047bfe08d94cac51bde472f37e3a002e673e6218fa5a5c3c0cd33117d |
| SHA512 | fe4470f25ff65df557884d131bfbb450e651b3a9151008772d903dac251e3e04bcf1aac370f1b172d3e06145bdafe8b3c5ab95a6bc565e7fbc88add8deb7df38 |
memory/60-24-0x000000007503E000-0x000000007503F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Nurik2.exe
| MD5 | b8b51df76b3f00ade7d55cd4c7f0d6f4 |
| SHA1 | 2f7f9ddfab8cad5cef96cb0e9991efb89e642d9c |
| SHA256 | 1babeacafc7be55b72451ef9fdc0cb756c74f0cb9f8d6cc5959e731738ae3a91 |
| SHA512 | dcce8cac094346deac8f9453e0d3b428b7a1a443e865b3fe6a7e45951607ef017f104f7e48cfaf9c26d1816256a7d62a8c6347cf694dfeab837810cdc5cbf91f |
memory/2316-37-0x0000000000460000-0x0000000000698000-memory.dmp
memory/60-39-0x0000000000870000-0x0000000000AA8000-memory.dmp
memory/3380-38-0x0000000000FC0000-0x0000000001272000-memory.dmp
memory/2316-28-0x0000000075030000-0x00000000757E0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Nursultan Cracked.exe
| MD5 | fd3fb20e423d639029be8a7a9b8f591d |
| SHA1 | 7e1c144b4028548742b1d324305f6c8a4bd66bf3 |
| SHA256 | 9877905b046182b385cc16a102e05b0a08495d966f7dadbaea8b39871755eb33 |
| SHA512 | e25a7f851cb0a76e33de0ac37de4303b36532a30e983c71136b28b6b494affdbfe3cb4a2eacca4993bdedc6e33c1ba9784c26c303024d5c05b09d7d1e83550dd |
C:\Users\Admin\AppData\Roaming\Nursultan.exe
| MD5 | 51da89019cd04b7e3c032638bcdbb44d |
| SHA1 | 5c24aa8307f624bcfc8af66e62e59314cad357f0 |
| SHA256 | af8a4ba4e90778e99e4dc65b5c15f674a93572f10b562dad9428e7d50ef51c63 |
| SHA512 | ffe682c4e98929448d427133e2e3094e0f98e9788cc2bfb3ad226b90e1ee4e2afe4e1d982f4d48269a7b310b20da6b6e879765fdf58bbf601206b4621a2b4fc4 |
memory/1084-69-0x0000000000890000-0x00000000008EC000-memory.dmp
memory/2592-68-0x0000000000D00000-0x0000000001212000-memory.dmp
C:\Users\Admin\AppData\Roaming\NursultanNotCracked.exe
| MD5 | 7c1116ef335e3d57298a17a0dc63da3b |
| SHA1 | 4c82030db099dd24e6be5cfeada9234bcda47e92 |
| SHA256 | a7a8fb604ff5d7eff7dba47b08254be021a7f4490af6de409a7475da98af98e1 |
| SHA512 | caf030dce4eb52e9ccfd3d0f8746fa83429e64f8061a73c435781b5b390e98aa868f5fb08f839ce706a352fcaabce0d89b7e698955d1f6c14ff38d5bcd7ef557 |
memory/2628-91-0x0000000000BF0000-0x0000000000CC6000-memory.dmp
memory/3424-93-0x0000000000400000-0x000000000045C000-memory.dmp
memory/4792-101-0x0000000000400000-0x00000000004D6000-memory.dmp
C:\Nursultan\AYpmKnAj6qwuogelHipomroLpcHPND.vbe
| MD5 | 071179a85937fdcdd1e7853647b3295b |
| SHA1 | 86cf73d4385e9fb7798ef111fb2216575a4f89d9 |
| SHA256 | 1b65d87e4f452e62e0365924b15814b10a5fd685bfe1b780396684f76961fdd6 |
| SHA512 | dca54bf366c81c512430fc49eb6c882b0c71da95cbf9b75a8c8a061a9b537a00033572900aaea0f5546f0274348f462284c1e344d5f3bc53410e0a308fb9f6fb |
C:\Users\Admin\AppData\Roaming\Nurik.exe
| MD5 | 229ca4222f782cf9a4de319a507595bb |
| SHA1 | 31b9891f4f519bf535b5ca06093fa61c12178db0 |
| SHA256 | f827c4f3ead68d8f15ba9447ca69c3119d1eddd917ef36d73494d4844e888dc9 |
| SHA512 | 8a572cf52f0134f417e18df92d49376b444843a8485b7ac33e0ec963c30ad55a71f363643c7da2a7ce52c3eb5eb4ef1dedf050e91d07b06686f34badc0891186 |
memory/2316-107-0x0000000075030000-0x00000000757E0000-memory.dmp
memory/60-87-0x0000000005CD0000-0x0000000005D86000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk
| MD5 | adeb2f92adac4731fcb98b7ff5ef9264 |
| SHA1 | f9ce13b06886730948da5aed599e1c7395b9a07e |
| SHA256 | ce8bef46910cdf6584227b6f5d202ba70e87f08e972b228719042fbe8573603c |
| SHA512 | 6ee7028fcc6a1e4651bdf1014e6ad735f2952b65d8b6b713987e9234c55971771558c943190c6d5a4c23c26b8ee9af480bdc5a1560652f4e21f4bbe14cb2244f |
memory/2316-74-0x0000000005D30000-0x00000000062D4000-memory.dmp
memory/2316-61-0x0000000005030000-0x00000000050CC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nurik.exe.log
| MD5 | 386677f585908a33791517dfc2317f88 |
| SHA1 | 2e6853b4560a9ac8a74cdd5c3124a777bc0d874e |
| SHA256 | 7caf8779608c167ab6fa570df00c973aff6dee850bb63439770889a68c7cdae0 |
| SHA512 | 876d2269e25a4b2754bdf2c7e3c410050f885d7e6bd8abce41c5fc74ae1f8c549b2266dd1588c750f614063f36c8a8e5008cea610505897d04e4ef5c3adc52d9 |
C:\Nursultan\bc09q.bat
| MD5 | e97fad1a36c0fa03ea46e8a8a6e5da1a |
| SHA1 | 1febf8469161b6d435c8e08b28b599502a207ab7 |
| SHA256 | b8b17538cb450d83232dcad0019c28ea7b5ab3d6a9b16dbe30c449329fbcd593 |
| SHA512 | 6c1b8b00f3755d309b562126226687da9f10220c1504479d2a5525dbdd8864c9a37e9d3392e47adde3ae8121fdf5e787ea3e581be3e89b3f3245094da85f49ff |
C:\Nursultan\Crack.exe
| MD5 | f00e2a0e9f7ec6e13e960670d7bca9cb |
| SHA1 | 5e27881f87bb77136b21229a6fb67e076d06db40 |
| SHA256 | 8dc2e1698909f50c91cc2199a13ce29931f80856854845e27541840e3722df81 |
| SHA512 | 85850eba79e82d11f1b258ece3f6e4894dda54e1ff63f45890d9ffacc7b6b171ab9cf5b1c7400fb7419599a3f44657346adb8cfb36924106f0f48794f3109aba |
memory/2540-120-0x0000000000E40000-0x0000000001160000-memory.dmp
memory/2540-121-0x0000000001810000-0x000000000181E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3zwhg3iq.jwm.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2540-124-0x0000000001820000-0x000000000182E000-memory.dmp
memory/696-122-0x00000206F74D0000-0x00000206F74F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6d42b6da621e8df5674e26b799c8e2aa |
| SHA1 | ab3ce1327ea1eeedb987ec823d5e0cb146bafa48 |
| SHA256 | 5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c |
| SHA512 | 53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | da185fddf7e751e39023edde12930f37 |
| SHA1 | 657fcb7fda401b69d3bb97e7b6abf126ac36d4b2 |
| SHA256 | 8928226805a92acd76d21e1a276176d9af3ca1ec31f14e45a2b4b88f4722cad5 |
| SHA512 | db7bc02a1bd86d587840a56334dee9cb80aa0a8635cd2eb1c490bc5466659350de4d625f320731e34fac235016515d0dddc05a6081149dc6c2e82c262be6b975 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1036_ALVESDOBTXRJKOZN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f3f82726781b726be45dc168c7e8d0b |
| SHA1 | cd6b1aef925ee04cf1c1ba4f99f4b2ea2e3823d4 |
| SHA256 | 167618a3ee9d9a43ccd09c0432efd1b217b888bc492616a95ef20a1e578f3535 |
| SHA512 | 67595bc7a75a810b48b1b92238e480d8b7180f7ee243e5b7a18e8fa964b6bcad7874d621104eb864c05ac866868ff237f0a548bbf1a1cb555decb200c23959cb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9c740b7699e2363ac4ecdf496520ca35 |
| SHA1 | aa8691a8c56500d82c5fc8c35209bc6fe50ab1d9 |
| SHA256 | be96c91b62ba9ba7072ab89e66543328c9e4395150f9dbe8067332d94a3ecc61 |
| SHA512 | 8885683f96353582eb871209e766e7eba1a72a2837ce27ea298b7b5b169621d1fa3fce25346b6bfd258b52642644234da9559d4e765a2023a5a5fc1f544cc7af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Crack.exe.log
| MD5 | 5cb90c90e96a3b36461ed44d339d02e5 |
| SHA1 | 5508281a22cca7757bc4fbdb0a8e885c9f596a04 |
| SHA256 | 34c15d8e79fef4bddec7e34f3426df3b68f8fc6deac29ea12d110f6c529fe3bb |
| SHA512 | 63735938c841c28824e3482559df18839930acc5ea8600b1074439b70a2f600a92f41593568e49991f25f079e7f7361b4f1678feadbf004f6e9e4d51d36598d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eee9f0b927fb957d9b2abd158b7e3569 |
| SHA1 | 78e4405c55040770c00269783ce0ffc1263f0c30 |
| SHA256 | 1f23a0de458631a0c63070ac1526e529eb6df31e4b25d471f89c40eabf26f37c |
| SHA512 | 65637617e61188aa7ef9977726e89bc4d06a32cdfb4f66e35c645f3573ac3cd57521eb35279340e54f0105aaf5758f11ceaa0585d67de36136456711d0bb3dd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 688b9c2e653644666466361dfb2d3167 |
| SHA1 | 255128bc5fa0c92457a29f74d1ac674574d26489 |
| SHA256 | 3f84b2c599fbd7c2d97ad2213ee9ec39a1f04b34fa1967525604b8d3eaacfc62 |
| SHA512 | a35c5ed273bfb69f9f9f0318ae1d1f41b03b29fb5c51dfd2c8826c4af99f753be8d8a096eacc4b294980cf05ad21085251af3b0bc579fefde5bab4690e302912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe7346424240eb126b05e62cf3945d0e |
| SHA1 | 6fb6d206b06efd53d87edfdfc3158a4e47aa7666 |
| SHA256 | 3593b7f33e484127d57e4f1480b5b7b32c5aadb629838128b6f4ceb4524ec657 |
| SHA512 | 04eab351b8a6022a7d0b13d5b284e2a7db6d287a285c7893184039922a7ee72f334c69ee42316e8b956c6c5bc32b4922bc89ef335d8e45a6d5fb9d3e0acde00a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d665ee9be76ceba2c784c98b46163eb |
| SHA1 | ed8f9eddc4947f277f1ecdfd40ec3cbc3d4aaa42 |
| SHA256 | 4de128394e96e8442cf560eefe81389e29fcbefd21ef2b3c88435f46fb7e4663 |
| SHA512 | e036bfd8c56267f416b81f87422ae8ef54841cfe8951905bbb4098ad6d4f35ccf3548988a7eb9d5cf6e73b84dd6b57e25df5bde373a72bdff4e72cd0c7ad7499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a487f1a4ad1473828417705fb8f9adf |
| SHA1 | 572eb213ddaa178742c97a5b82a7f8f7185a4b3a |
| SHA256 | 68d0e56b749585f8a9db2bcbc188d87912eba01b6311ddd58c32abce79792406 |
| SHA512 | 5c500a4e158613c426cdd27e78881767b1f792eb62805c7e91eea7d65d7c1240e785567671302017ef615d59df4556afd73f4fd7527de8317192101111102c67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b805.TMP
| MD5 | 0d36c98d3f33f530276a7064a0d0a4a1 |
| SHA1 | bf853e2b77f41b1d0169a780b6e7a4a43c65c212 |
| SHA256 | 822cd09b60250e35376e78dc135c7bd652af9c8a53ed8c31e40bbab09936ac3b |
| SHA512 | 1e1ce372b74be9a15d52db1caa1fd2764b1191d4e4648163b5fd988dcd99d2bf1cbd4593884a673c3fc2926f696e4633de50d7949c638be274a16eda9123c9d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 1478de9c94a368d7ed03d50bb6005cdf |
| SHA1 | afdcefbe26aa59c0e4ae668cf422adcf589461a8 |
| SHA256 | 81cf44a40792ce2cc46ea896bbf06a91687ca4c25faee4e67e470a7d61a77914 |
| SHA512 | dc980bc3355ddd8096f8751c9bb51f1e296322eaa5d4a9f20588690c3e799eb9aaec823fdccb098c53f4be978614e7980c419bb9ce7cf6b66c3db9515d9bf80c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 49a7e6bd6e5a1d261b082ce64de784bd |
| SHA1 | d9e2855293dfaec6110b63e39b0bea3ce6a1dae2 |
| SHA256 | 63c4baa96e0e4324a3b8c3fb260df92dcdc485165083bb53dc51403e5615c1ef |
| SHA512 | a677c369a60d26039983b7cf76a1e27aa10fd002d3872d06699254634bc4a6d8660393078aad0d539f86748acb8f79abd249ea8ad701b077203613039474ef3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 2e0ba435ee3284e38dd103398e7b4627 |
| SHA1 | de331d9f52e91afc5564a10fe7be0ae101b57ba4 |
| SHA256 | d389f7aaffdac965a6efdf54512cb0614e50e6249e5be6e139b1fd7ff3f34744 |
| SHA512 | c3c4b0c3f4704de52f9329828773b8c407783853caaa2de7a55882b7ff7a3c3900b995a5f6b86637c2493259abe2bd868fab1ea821646eaa36bc25884e720a13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 5a4dc0b77291cc0d22f48a8e1cbe9ad9 |
| SHA1 | e9cd681d30efefb4f1aa073c86b927574924be35 |
| SHA256 | 3157953dfa184e060c069d6378f588d028d4c5121bbc9d01e8ef7a0ee1681ff2 |
| SHA512 | a69d9cd41d32e35e23c41961ea4c8911cedd70095e37a8070e2fa86258eaac32225ab46c745c67e2d1b5bc290666ea6d883f4c2ad190e5b96d45b94b718ea62a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 34504ed4414852e907ecc19528c2a9f0 |
| SHA1 | 0694ca8841b146adcaf21c84dedc1b14e0a70646 |
| SHA256 | c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810 |
| SHA512 | 173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 522037f008e03c9448ae0aaaf09e93cb |
| SHA1 | 8a32997eab79246beed5a37db0c92fbfb006bef2 |
| SHA256 | 983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7 |
| SHA512 | 643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 240c4cc15d9fd65405bb642ab81be615 |
| SHA1 | 5a66783fe5dd932082f40811ae0769526874bfd3 |
| SHA256 | 030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07 |
| SHA512 | 267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 870b357c3bae1178740236d64790e444 |
| SHA1 | 5fa06435d0ecf28cbd005773f8c335c44d7df522 |
| SHA256 | 0227bd6a0408946e9b4df6f1a340e3713759a42a7677bdb8cb34698e4edf541e |
| SHA512 | 7fc902e787b1f51b86d967354c0f2987ea9fd582fef2959831ea6dbc5e7bf998a8f24ba906f0ee99ae8493aeb0c53af06bee106d60b448ac50b827c63b1ed169 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 049412f03408193f0103637411b42627 |
| SHA1 | 540da51436d5a9e305bb113fd522b91448348813 |
| SHA256 | ba778d4f93dbb62ed50333a967dbc34bb1fd5c9b45ed90b7366d72bd6a2955db |
| SHA512 | 90f11094e997cbfa3593fe6a365b0d942ee03eaa9512ab73c0b6d7cae409f7e0b2b15118944fb4dc113169f2ba900ebbce9bec8ee34c3832c5579f217b784aed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83b126b1870fbc597ca46cc07da4e97a |
| SHA1 | 5c00c17bc47f3c9e987402891c79fa2f53e5d7b1 |
| SHA256 | 8e045f756721426f276133be8c8d5605b549e03bd2104237848d7bb57ccf32ef |
| SHA512 | 9482813663bc1a44380f5b387a494c4e3af91ae72ed88240eec2884470e1214fe852fed2c9470e1baf7ee5048c7b65d142e5f935ae2bfa76deb4abfa9886b886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 444d5556e454a9bfa043bfb299c201b2 |
| SHA1 | 77fd5a4cd457d366b4e8a8d9d5825d8d21d12470 |
| SHA256 | 2e328e9b7bea84f75a835a413285d52dcde57876814f224b0008ebeeb05c32bb |
| SHA512 | b2552539796f42160ad366a5f63cc9586ff7edd01eec5c41e10c503bca4e82cc7d7323489d382eb02b0157428d21baad74bc3da2996029462c5ad8c84006bb55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da15e4cc95edb09187d4fef7e8d724c5 |
| SHA1 | b027b5903a972eedaf80d18b6ee4dd449d56e668 |
| SHA256 | f0df087152c69edfc86f901538f5cc8215ff7f22394386d054829b8b6233821d |
| SHA512 | b454aadb7363976c4da61bf8068af601642eb2c8b835922f2022a2f1de29bcd406932652b7e59a3b7bb0ac116aaf115a8dfb935562bb88e58c420e51473bc38e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fabd05b0e31f0fa79f37f4a427daf215 |
| SHA1 | fdec5130b2afab3912a305ea5eb2d708003c150e |
| SHA256 | 66239112b8add8cad0346c742a89b818b03e3d56479b23c280eb7cd142ff54d6 |
| SHA512 | 470c248dd0634d2cd1bea9a6d645de9dad4df7687932bb1377bd64f3587b9411cef7ee73547b2dd31c160d15d442cc2038bf7c1c8d12caa7761a0d70ab1e6aa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e68a6f4f66ae8102_0
| MD5 | b87e067ebc4e4765e2e2c16d770b3e33 |
| SHA1 | 3a29d5a819bb4a8194cc6ab84e585cdc31700b7f |
| SHA256 | 4c75374e16b5587717cb2bcbce047eec40a276f806b52ff2af7d1795aaaa2f0a |
| SHA512 | 86a3572008966510ce8735d0b3ec40ebe83b03fc55a4419aa335d9c022d6949b6761aa15247367676545e9046ae893239a983896c6b5e1262bac5c72288b0507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e003e8d3cded39b_0
| MD5 | 1c7494e7b1512430ed74f8874675affd |
| SHA1 | 514d6e8b64de5e6fcdc958213ce6e44bb451bc88 |
| SHA256 | 2841ed5d26a930db97a2547684a42c216c02210ef844d923b52f6f1e3300ae33 |
| SHA512 | e603a8a2ee59088e1ce8e45907f163b074d41e6659a10d795e749ed5724eaa82c575b5507c230731974b1cd0167f2fa689e634bc359d789e52566372639d8849 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\60b6695653fc0e21_0
| MD5 | 2ffc6ffe038a6e833442b17e5916c3f1 |
| SHA1 | 61cd608d3fa48fd648bd0d4fbe50bf891a892ad3 |
| SHA256 | 6b5c05dd55e39bf4d749dc33603adfbf4e735c0b5d5c565b0cc2f211cdd46129 |
| SHA512 | dd3d72739324f6bf3665223682ded391f3c6928f96d20d0f5825114c8571e7266be7b7ec30da67507977eb13d2ca04b558bb8cb77165dc5ced32cd4a648a8f99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daffaa069977dcc2_0
| MD5 | 050e6c77f2fd79ccac21e55424e1705f |
| SHA1 | 73d09d13206e05726707ee274814466dfc3c3346 |
| SHA256 | cdfca66139daa5a521d677f32b49c527a228104d1c8b07b50742b6b0a6c8548c |
| SHA512 | 5664d2db0485637cebea5359d028b9c318c21c5558fd34ea709c99cff1fb0edd1e571bbcf43fd959cdc9d75a741f3f3555e040b0b48dd0caf65bb5dd87b65c3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59a0dffc442ad043_0
| MD5 | adc211ac0db8a94d983ea2a15c7c594f |
| SHA1 | b123cd0f8245a6190a1d802ada9f59999ad9b158 |
| SHA256 | 409dc934a8bb4d1b9990bff9ab6133b0e7c1ea50638eb72127925cdfa6747124 |
| SHA512 | b3045d5587a38437d7b4ab3fdceef8c966652f3063ca61155e365fec64239a03328634508e2c2b2f08d6e4dcdc4f97775cf3b4492e75dfb7a562dca701a00fcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aeead706c5a0d00_0
| MD5 | ac977e8924183ae467131b0f67c38b2c |
| SHA1 | 6bf4d920a3a58becb0f8478b5a609c02f052554e |
| SHA256 | 58a8810b82b8746970970d965dee536448000da160fd99fa1d1d59d5ec9c5e58 |
| SHA512 | e2f9765fbdede0a7cbcfd9d58e6d6e1c23c02d7c20c6c91fcc3ddbc6e510a822443f0f9a56ddfae735bd9ec4d7541f782142f3dc72913222d49655f9cd81d826 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f3c2e2c260a7099_0
| MD5 | 349f7ec32b21489df9c549211b6d749a |
| SHA1 | a4f9de28c549936cb17774cfc08e9a0c0c024755 |
| SHA256 | 325aaeb17f436a394347469812f3b6692a9110268736579a85ba1804e6791e2e |
| SHA512 | 1010b11d790a2c1fc3c13a3969b1ef6d2be7bc5e733190dc37a6d7f80300316dd914e19e7971c3b4f406a51400ca41ea8cf22168eabb60487ddfe2232990f4ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e69b22e49eb9beab_0
| MD5 | b19e065e441a4808a90b1b58c3695fd4 |
| SHA1 | 5ca529d2e4e22b98a27619c308dd6f69c5ca8c35 |
| SHA256 | 1d9b6b270566f0db8153fe660b08a50ca1de201ef41fb7cb74772164552f3761 |
| SHA512 | d112a69a86fa2ae9578001c57e45e3b5020763fc5f2e425100e981db0a8b98ecd94291759740fa886bf0e26b439f7010cdfca8062e8a911211317d5f0f18dd63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c1e175bdb6cd9ef_0
| MD5 | 70fa2e8d32dee6530a9fd01bf34c15c7 |
| SHA1 | bad4b64c8c04c44c49ba31f9b7916dad117c8c56 |
| SHA256 | 22dc7ba78fd30271dbec5360fc4833868c7b9783d59fb29636d3a9daf3b3e48d |
| SHA512 | efa46ba36589178eb413d559593757659c085f447f805abd59b375d48553d99836ea1098520ac1356065e283262389d80323486a9595481c9c829bbfb94d2ea6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 963f3e091aaca5d9cbc598ee573e8ca9 |
| SHA1 | 500d5c83625467d7d51e2461d4a5f918c7fb4437 |
| SHA256 | 763d957f676f35386d9a41e07775f749b0fa8c6c8f4ec80031733702c85484b9 |
| SHA512 | 5d2b1962ceac3e40d47dac55e811cf5a5a8465fefd36cde758f1907679c7ba0a08ab0697275fc90f76797cb6997634601169a99623023de008fe7fd42f3b6eec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72ce22cf639f5543fc326a5da0ac0d24 |
| SHA1 | 467e3e4d9a26fa41782de8eb8cc0b8446ab8aeaa |
| SHA256 | 9addd64dbbdc4aa78e3314434c367a0062e8d9290d67709a1f25936df3152fb6 |
| SHA512 | 996c7f6f105accacfea0eeea2bab40e4f5fef885ba13466a1fe22d2a849b53442c687556520218f18e1e77006518f3ca78e99a61a814ed5496dee1b732a9f1b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c96a9807a581d2dab75c1411c1a28021 |
| SHA1 | 7721cbc631995a4fe7900772f302082afc22229b |
| SHA256 | 14f0c57aff56873d25d7411af610975f33057eb9dbb4f970cd86e37e8bc8e173 |
| SHA512 | 430dd0bf54af801fb83f4effef2746dfd38962970a48c2c700b15290374ffa07452f40d3588ed8b781dc8c6f688e798edb289f2346099a2a00fe5ac67b6bf089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f9975d867b9f99ea1c15fea1a6ed0e4 |
| SHA1 | 30710d142216b5d9ac9bfe486c78cce366c0179c |
| SHA256 | 4ff5f2432464b31fb59c07dc6a7e97bbc86ab73db8c52bd6b3810ddc8682a2f7 |
| SHA512 | 70c6a1c8018a61f3da073692cfa36567ea2608d0ca89416b565522bd91ebfc13c7f05d8391c10f4174d645ba666b1a3e34f7ab05ac9ba40cd6fe98ec32ff07a9 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NurikCracked.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |