Malware Analysis Report

2025-08-05 16:06

Sample ID 240608-k22hysaf4v
Target https://shinolocker.com
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://shinolocker.com was found to be: Likely malicious.

Malicious Activity Summary


Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Enumerates physical storage devices

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-08 09:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 09:06

Reported

2024-06-08 09:09

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shinolocker.com

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\ShinoLocker.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvV38rZo.exe \"%l\" " C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\DefaultIcon C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvV38rZo.exe, 0" C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell\open C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.shino C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shino\ = "ShinoLockerEncryptedFile" C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\ C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell\open\command C:\Users\Admin\Downloads\ShinoLocker.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 552337.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\cvV38rZo.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\ShinoLocker.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ShinoLocker.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 552 wrote to memory of 1636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 1636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shinolocker.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 /prefetch:8

C:\Users\Admin\Downloads\ShinoLocker.exe

"C:\Users\Admin\Downloads\ShinoLocker.exe"

C:\Windows\System32\vssadmin.exe

"C:\Windows\System32\vssadmin.exe" localhost

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\AppData\Local\Temp\htGzxe.txt"

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\ResizeSend.mp4"

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\SkipUnregister.pptx"

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\UnblockPing.pptm"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shinolocker.com/?h=20442&t=DgcIzFCu3c06wMM9XSWcIA%3D%3D#key

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\AppData\Local\Temp\htGzxe.txt.shino"

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\ResizeSend.mp4.shino"

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\SkipUnregister.pptx.shino"

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\UnblockPing.pptm.shino"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del C:\Users\Admin\Downloads\ShinoLocker.exe

C:\Windows\system32\choice.exe

choice /C Y /N /D Y /T 3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4000 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 shinolocker.com udp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 163.237.166.188.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 shinosec.com udp
FR 216.58.213.78:443 www.youtube.com tcp
SG 128.199.83.111:443 shinosec.com tcp
SG 128.199.83.111:443 shinosec.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 216.58.213.78:443 www.youtube.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
US 8.8.8.8:53 ra.revolvermaps.com udp
DE 185.44.104.99:443 ra.revolvermaps.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.74.226:443 googleads.g.doubleclick.net tcp
DE 185.44.104.99:443 ra.revolvermaps.com tcp
US 8.8.8.8:53 78.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 111.83.199.128.in-addr.arpa udp
US 8.8.8.8:53 118.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.104.44.185.in-addr.arpa udp
DE 185.44.104.99:443 ra.revolvermaps.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.74.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 226.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
DE 185.44.104.99:443 ra.revolvermaps.com tcp
DE 185.44.104.99:443 ra.revolvermaps.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
SG 128.199.83.111:443 shinosec.com tcp
SG 128.199.83.111:443 shinosec.com tcp
US 8.8.8.8:53 shinolocker.com udp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
FR 216.58.213.78:443 www.youtube.com udp
SG 128.199.83.111:443 shinosec.com tcp
FR 142.250.179.118:443 i.ytimg.com udp
DE 185.44.104.99:443 ra.revolvermaps.com tcp
SG 128.199.83.111:443 shinosec.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.178.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
FR 172.217.20.174:443 play.google.com udp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_552_IRQXSALAOVTCDABX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e0f51e619ffa6cbddf749964816fcc0
SHA1 c1020cbab28ad4a016598a9ae0ef205fa8f98f86
SHA256 f4987faa495eb5f3edee265b936c90f2d4a58e0e23def430a842b97d98425228
SHA512 6e7cf33f1d57c276b2152fbedd9eab644327477e1c27005b875ea83b3b6889fcf9b9528b0d0335006c413aca6152c2acff17555ed40175fb93360de833e1fa08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9c9c99e9297098182651894555008423
SHA1 98a4ea9736790ac0bc9f54ffda520aef55e2cd87
SHA256 8b3a9fef072fd7e0f37065a3886221fcaafa9b9a50519ac5244e7f5062964b58
SHA512 b3596718764470129754ffa073dfa14c3074126e71c4ee46c7ea1443ba8df9cb17feabf60dcff9173c1541535eab31f8f42cac0bb457f5db639f084b5122ba56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e9613be91af496eecb0e2668c9494da
SHA1 cd23f5dc41e11c3d0f266156e03cbdd92b260688
SHA256 ac3e78d736c437d31c1ff96cdf91ede2ebc000890af6861d32beaf0fcd3b955c
SHA512 0131273c5d2d66ceed219e2c2dafc980bbd5962b063aea7d75ba53170de995b652322b7967405d3db36f988e6f295ff17f7a313e992c3801fcca04478fe3e9f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e0e3e30d9c9fe09144ffe59eaa78fbf
SHA1 614aa6d35e08f7bfa8b97c1a2e53f34fd11534ed
SHA256 fe6e85281ef0c1bf2c787233f805af81382631b47706700c2d461daafc4d7900
SHA512 12351cf09b808b2b132570f561fcb522f1be5e09c9d4db8dd94ffefa6b9ab5e654373aa69b9e2d7fcfc0f76ad80ab7d6e93ff7f5d4085192c25ae78e6b05ea91

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1dd862413c5766cf89bb925c5958d58b
SHA1 67d33c6d0c9f8a4bc6cb2c8c78aad119511297c8
SHA256 63cfb36f7956c65883f992dbd5081433d1c8ad9287149fba97111d191255ff30
SHA512 b5965cc3b50ed651cd98d8df40cf34fa22812e4270ae0c86b1a07f8accfec603546aff75b9f06e2f5c4249488767e5bc294a4d54cf0e09efdc871f0a7678de54

C:\Users\Admin\Downloads\Unconfirmed 552337.crdownload

MD5 fbabb0c7b53cb434275b2cdd9f5280ac
SHA1 343cded71ddd5f26724380ef8d87c704c0384aad
SHA256 7ac91cb05faf612b6b9243f8358a113840e7b4d985f8ef455b3836446a538c53
SHA512 4ac82e0f7da639dd12594c332a54e91bbbbd47b57d81a53fddd30d314a4b4823f8a0274c59910f187af07e626311dce8ec65b2a717455a0a1016603693bf4a14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19cc39b2a8e7cda5b834e87c43918685
SHA1 a174a1ac253d7d741d51c7b9f5eb4941802edeba
SHA256 50f1959fdf418f982923e22914133e105907df5a33369bc8de8620aa09e2fce9
SHA512 1c0898ef57bd456346fb89db6f24b3a06412ff1762cd490d6b654656aeb68886a2819c38a0d38f218f0e29020507cdaeb1bf03ef41d4c97be7f91ba58c9e78e6

memory/3860-206-0x000000001BE80000-0x000000001BF26000-memory.dmp

memory/3860-207-0x000000001C400000-0x000000001C8CE000-memory.dmp

memory/3860-208-0x000000001CA00000-0x000000001CA9C000-memory.dmp

memory/3860-209-0x00000000018B0000-0x00000000018B8000-memory.dmp

memory/3860-210-0x000000001CCB0000-0x000000001CCFC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe

MD5 c139b1b02df2bb767206a8aef33f20dd
SHA1 f577d8bd839161bf5101afb4bc553d1cdfeee7c3
SHA256 6aef2a20079a06566bb57277e587ff6de38a92f7c7feda0fb341cfaf3aa13834
SHA512 3d1b824467b21261cef637982a101f4bfa4a12d540744373d7a18cc489069e9945bffacb663934e04f30bec9ff638bb686f894e797ea02517892bf83b2ba0d4f

C:\Users\Admin\AppData\Local\Temp\gknT3m.lst

MD5 045e48fcab07a40e2661e7c2224e46e6
SHA1 2ec92ddd366c05dcc6a7cb2c165b02ce3c3a3e28
SHA256 988106b5a8392f2b556a859921a6204e3cfb082702e1c2f0ae1bd4a5c35ef435
SHA512 ab1d85568e615148c74e625d78fd7ed21bb5c5bd9c72aa8e301d9b06b738ab1ba1461177d390ce22cf9b770ccb74b01102113216185f3d0e9bbd03ed30d2088b

C:\Users\Admin\AppData\Local\Temp\gknT3m.lst

MD5 913f047771d397d7ee25857b9c77e15a
SHA1 fac1ccffcb3a616d7040d71605b6f1f1faa83623
SHA256 2926efedc413ac8b1b7f60c11c8988c3844aeb57d4aaf2c528a8cca61f271a57
SHA512 c75017d47640e6f06b9564b4dfbbddb383fc2c01019b426cdfcbd8881542385a1783e6f51784fc4edf462909f3f40fc6eb494ac6aa5f69722b143027ee8e769a

C:\Users\Admin\AppData\Local\Temp\gknT3m.lst

MD5 262008c69297e259c7beb3fc31c4f97d
SHA1 f1ea2152ef82b5df2a42bcaf1e0795da15d864ce
SHA256 ad6d1dd86da0ac33b15e23e9cb4a0d9fd3255d656e42c72adf5c976ca317b9fd
SHA512 85e91198eff309a906a65514af4be49c5d7c10d65b310f7fc56e8d75762e6c0b2bea851d9919d9954abed7e1570a0547788b1b7fe7ca6da918fc08e419a67ced

C:\Users\Admin\AppData\Local\Temp\htGzxe.txt

MD5 ff64d3a5a3379b6f114a7bd7c10bbd99
SHA1 696b0b4e95bac7735af6bf05f8fc365c67619d21
SHA256 d8a14b6e02da29b0413769c2a85c46a5540caad68b4717105acec3acfaa75866
SHA512 5de3aa12491963c91e248ecc24efeec749534b9502f3f274ac7523dd1c657d91be12a74292f60e1f07b0c6f0edda3f94895982f164d3f94add37c2b74e6bfe5f

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\NIMvdqXi.exe.log

MD5 1ec1427550351bb2214734c3a95d6c58
SHA1 c63cd3a9d621f920abdf23f81d6fc9daab1b2f4d
SHA256 ce7440ae6dbefe30761e8400ae5f6d10774ebed5d11000fb4f9437c1af4ab280
SHA512 fee49195cd32e3ffe6dfdd3356e2dafc30504d7e20fe97e548fd5508680be8a9f600cfd481058831547bf6737d9ea2087205a4c0b1cfd123abe3749b1591641e

C:\Users\Admin\Desktop\ResizeSend.mp4

MD5 9513250edf3508add0d8283f2367e8c1
SHA1 5de4d068088c3635093b735aca503cbf96b2f2d1
SHA256 1e380e013f942ef8a2ada685f3dedd5a28761e41c126232533f78424a757cdbd
SHA512 7548a46f031f0e8d5eb76eaab8941eb0d942f65e9d4a93de663e6b139a3b3b4402eaec4dafee5b2a59da8ed388fb93519873cccf4e81813732f0f01739522fa4

C:\$RECYCLE.BIN\S-1-5-21-3571316656-3665257725-2415531812-1000\$IWR9GAV.txt

MD5 0c00bafc7026685b1b972561f5323cfe
SHA1 cf1e286922828e03b5f7dc4e8ba1c9d6a140a756
SHA256 a527bf357d07d2c9575826dc589c18c2cf6f8d2173855eab26caf5c4ea83be16
SHA512 b6dcf5d463a0a53515cc550da613eb502209c4339b96abf0d8b0e7695c2a0e01eff6b8ce2a2991e8477149ab826d1c7d5205195f0444e47af775742f7c2a62cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 23ce79068414f10d32c7ed47ffafc56c
SHA1 09bc5831c0043971d0a248a3a32631140bfdc732
SHA256 9effaa9a3af9b732540aaf61ff6aa35f7ffa50dac9a57d0f84f66267976548a6
SHA512 78004cccfa40cc26b301667b7a5cde327e287df729f76f9150d61df74b26ff3ec156efb2a1ad62cdf6b4acd414c299d6552d9b1aca14718557f3419c8345730f

C:\Users\Admin\Desktop\SkipUnregister.pptx

MD5 4cd07eaf571630a26d7b5d4f9534fd15
SHA1 050651fd6a2cd42c0d14e0245a62e9e61b6bc6a2
SHA256 71595b185342447fd2ab544af7ee49a5a634db749a8967b18d3ea10a47a8adeb
SHA512 eaf7b57e8d6fec8ba6bf76f803512bac0faa46bb86ac998caf882d6a78e80b29b5a189416134f851cb984f8a03d16af97047d47a7571a924cdd77d8e90a862f5

C:\Users\Admin\Desktop\UnblockPing.pptm

MD5 326d1f73f8a971da87e0c524439576ae
SHA1 728fc76385bafc41269f23b2807ec82e9891052b
SHA256 46c15b0c70149f84943ccd2aa357839c9ad62bd16d87059414ac6fb95a9eff5b
SHA512 90ec50858af7afe72505dd5f359a9d8cac0b7463e0a25d274e2e9a3120cc102c0f3948a80b80e0144b602b097685a3e90954da4c16729b38d95c2e510f3a0490

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6907edd84a62083cec3944f4113b1e95
SHA1 cd658d74f2cc9fb46e87705743f3f9d282d14dae
SHA256 6f29fcd7de4e6eb0e960dabed241a3d1aeec8a714eaab1f82bb5e4cc451ee8ab
SHA512 4eba01a18754176355d7baa0173b14aa3e12be0ec8d7d26c331570267a536add23b57b1aaf98ce6300948995361374a23ab23d5aa2aa5881921d199886143e79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad85968754466303fe117cd7a6725d56
SHA1 1196e23b1ee33434c99e2c6ff8e74a4e80e96be9
SHA256 abd0befe2165636b101a8b1f533e67a8d06d7a3a3d993a9bf9443e656b4dea5f
SHA512 7259b11fd0f9d2a254cec7a00784a37afc40e4625b060c6673dcecd3e92fc71c13d83c3a964a27249455a77533c67e9381f8fc334623048fc5077d116e73e619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9dcb2fdab23ec16d57255fee7668db1
SHA1 24364ebd4aabe9d6d260d36c45206d9af020c7c2
SHA256 6fd87879a220b0cf17b80e0a024474bbadb707f9b9d8a27cfb8c997b46662925
SHA512 21aab4831f6ff07c3a1892b2f5327dbabfff64f971f61900bc5996b7fba1367c41a5f6395b920e60cafc1880caac0c2ddb60d84d45daa23cc83f15bb4ec2abce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589b9f.TMP

MD5 7c288f8ee9e671a4b944210dc5aebb8a
SHA1 2a7899f5c5457e0eadaacc16e2ae7fb15dc5c5dd
SHA256 52c02457d85f2d6d192cbb7650f4a9500b1b6921b5abe45be931847f84725302
SHA512 115a8501bf2e93d396e969f564f654a952cac32a82519284c34aff15d36999cec69f3ae54b7b0cc0b6641014975f336c40ec906a1d97170fc51eef78143bd805

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f4a1693ebaca4258e36c6e03811846d
SHA1 309945fe63935d0ff7c0853de7849e0923fccea6
SHA256 05ab30264e2b4e93a640e850e285d0a75125d8d803a061e3b32888525bcf247c
SHA512 dade978c9763908dea3bad5fbbffa9e22c72b6c5a6609beb3701d09dc6b28b05a230f68ae4f9d2b09a48b44bcc3fede44ed503656b7a1c439cbf312cac413b37

C:\Users\Admin\AppData\Local\Temp\htGzxe.txt.shino

MD5 27db5ac5ea2b4045386ed82be3a0ee31
SHA1 21adfd18965261cd6c333b2c08797c0d7799228a
SHA256 f895fa4fe2bc0903fd6696261e076d0898b2728f3526060d5c09eaf88b252115
SHA512 01b91008a1faaad1ddda4a7851fc2f387d84749cda44d8dae3d307b80fba85432d89b27b64a130076ca68aa14511dadd8cfcad14f4dd4ec39eea2cd7f74f227f

C:\$RECYCLE.BIN\S-1-5-21-3571316656-3665257725-2415531812-1000\$IBRBO9T.pptm

MD5 95fb2055ba1c3ae0f8801fdadc1c90a0
SHA1 1e6b28bbb81a3c454e4da350569a808e39fffbc7
SHA256 5efaf851112ec73d6b3ad36f445b8b628d315d5941f5477231e4aca86f6ed28a
SHA512 45c1a3f25d0e95b9e97374abe592ca4929514860020acbd70f2150cf94e53b0d402fd154d800c4483a054a2e019a72bb043305851905aa02797f28a6b19c8e26

C:\Users\Admin\Desktop\ResizeSend.mp4.shino

MD5 9512b9ca93365aac2c4914a1495f374b
SHA1 7f18e6de6837daae60fdd4ff68a91770751552a4
SHA256 5f9544e035a13e57e089b66c667ff244d35dd4f2397fa9bce47e5f27997c22e3
SHA512 a7104ee1ccd628aff92626d4017643cb3e565ed7659bf2cf00d4fe772adcaa994f7266ac44548f47a2e41e215d872da44326cf6fc229fe1fda903e9dcf43536c

C:\Users\Admin\Desktop\SkipUnregister.pptx.shino

MD5 2d3dbb1063aad304ce2eac3bb5735575
SHA1 729709d4d8860ced19be53ef2d1882d0c375b7d6
SHA256 d23085e20e88d18c9e2ad67daca8c4ce7b7932f20248912115d3ea9f6c7791d0
SHA512 5cb82b8a5830b184e1301a411b0dd7da86699f461261b13f88b32a0089d67f87179643eb18b48248402d8f1d02fff458efcccc0c6e5452bcd9ac6a72582e5913

C:\$RECYCLE.BIN\S-1-5-21-3571316656-3665257725-2415531812-1000\$I9DIW5C.shino

MD5 dd6642cc6915562e68ace9fb088d6d7c
SHA1 8ac0eeb0d1d9736166daf683dd65466018a53b48
SHA256 346ec726e0beb6a9b1beedc9e4316036689d6fb28ce8d44895b8770374d9253c
SHA512 df023383c93dc4e2000520724d8bed425bde63929f01e06242b03c9b5eade65eb475dad0698e301bdea208f82bdcdcc9c46953f6fd50e4cafd307db78c3606ca

C:\Users\Admin\Desktop\UnblockPing.pptm.shino

MD5 2b75aa09129a90b31330cf631f171e6b
SHA1 22e1204ee20970cb880a09c7bc5d0911402c5dd0
SHA256 bd1f7cc44063de27efc25ba747ff4cc943a4266a2d20ce056cc272962670f4d9
SHA512 b4f8fa6239beabb84d68a7599eb2adaf333a7380fd0c0339dd86cf73a7b8dbfd3301e53708801deb9c17309eb9750123562dcaeb5190d4e0ce52f603a07c94c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca87b6b74f7427cca1acce017f7cb066
SHA1 d25e39c191748055d629097a950b822a50c880bd
SHA256 8f82e86569d71dfc5c6b95e45ff82cc349fc6a746125314fcce558c139ce56b4
SHA512 8c1e8d7352674e3509f74fdb6fd3eef61a10bee6bb1e0c5611d94d2c307d4c22610429fac76868e4fef8637a5041c454768fac951c7a2a0403c4a8c935ec9fcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bbd4f2be0756f137e68991c041524467
SHA1 c7443adfd3e39cd28110cefe5b01d4decd70872e
SHA256 0da9f0e7409ddac6c7adda3fe2dc8a1e313974ccaa8bd1ef98539dd9d4c3fc0f
SHA512 037bb3d3ab4512316bb9b9be8f9519718923224d17d935300ecc25c6749fbea08181821984cb6e3912eaba861e57db938ee5d6875f877a7994f8dc177392458c