Analysis Overview
Threat Level: Shows suspicious behavior
The file https://mega.nz/file/v74wXKIb#HsjwN5T7sY4i8biyUpix6giUmvZVvJWx4rxbQ00WBps was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
.NET Reactor proctector
Executes dropped EXE
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 07:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 07:33
Reported
2024-06-09 07:36
Platform
win10v2004-20240508-en
Max time kernel
122s
Max time network
148s
Command Line
Signatures
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/v74wXKIb#HsjwN5T7sY4i8biyUpix6giUmvZVvJWx4rxbQ00WBps
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc763c46f8,0x7ffc763c4708,0x7ffc763c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3724 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x498
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hackus_mail_checker2\" -spe -an -ai#7zMap28083:102:7zEvent12173
C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe
"C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6148 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 91.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 12.125.203.66.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs206n133.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n179.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n181.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n306.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs262n375.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n167.userstorage.mega.co.nz | udp |
| LU | 89.44.168.16:443 | gfs270n306.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.16:443 | gfs270n306.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.16:443 | gfs270n306.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.16:443 | gfs270n306.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.77:443 | gfs214n167.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.77:443 | gfs214n167.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.77:443 | gfs214n167.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.77:443 | gfs214n167.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.43:443 | gfs206n133.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.43:443 | gfs206n133.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.43:443 | gfs206n133.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.43:443 | gfs206n133.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.132:443 | gfs204n179.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.91:443 | gfs208n181.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.91:443 | gfs208n181.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.91:443 | gfs208n181.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.91:443 | gfs208n181.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 132.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.37.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.26.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.36.24.94.in-addr.arpa | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 11.125.203.66.in-addr.arpa | udp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 16.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3988_YAVYEHXCLDJXDFGZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93b9ce1d60bab63a6d17dd0bec159cac |
| SHA1 | 886813dea72a585e328dff37957434e5a0eb8cb8 |
| SHA256 | d3d14c08075272bdc3f2ece82aeb265675d7372bc283e42aa78d514445c2ed3c |
| SHA512 | e7470c8c4cbf3d17bebef58232d4070a227cbb252398df141760269c4462209ac2dd84ca7e0ef150f4f08a1c57ea89b14dfb285d88d3686adf2ef6f511bebb0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 963f52ced293b74037aa61ec6735ee28 |
| SHA1 | 847965916852ac80046a7630494eaf0cb6a164f3 |
| SHA256 | 015bbf48e1e2cecc480688215a8bc22f6815e625abb3068535b7d6b603bd3ffd |
| SHA512 | 3f29a710143c986c2bf2f75814b89e49c345c67f2444331f4288deef661fe80274377fe692e285381f68d80ac9b4a162f2b18a6f55612c373cab4b58098a7582 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd7acadef7d20eb83254c4ae7c997c44 |
| SHA1 | cba6f8739eeec83732a3e36134e1f62440a040fa |
| SHA256 | fe975e47a37eab9d4a9ab8cf95bf925be7ac28da4947568104580f155cb51f11 |
| SHA512 | 50041d4bddadc61bfdae3d695b13e1cac2cfaf52da2bc7c90fd21c503d37019b187caa731005dc17503c9d6b82ab0cbfa7953722119e82a75a050fe12f0b3255 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fe3e4463458cf9e83b260ff4d64a8eb7 |
| SHA1 | 9dca0c3885b7e5b2c0acb135aa3dc538fdb32d16 |
| SHA256 | b47828bce70dfdfb77ddb2f130ec11070576c8f84524c1148cd403928ed8146b |
| SHA512 | 5afdf158800ca081e46d69f8f509e025763e9a27e4ab00021fa770fab89a21a5c18a8ca20287372e75f852245c2de0bc549705f1a877fa04c6c5799c99f4177e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e4e24d7b278a85445e21f218eaec7af |
| SHA1 | a594223d7888eaff1194daa181fdf6534cd498b5 |
| SHA256 | b58d4b442500c8ba95307bfeedb9f0911a249afa3bed5325c50193c778f158ba |
| SHA512 | dc4f7b7afefc7062bca437f016c22bc2ec27eb0e74335c4ee580f399eda1a4fb82611350fe125441f46aaf41f2403bbd6915da37bac4e7571333b898853a1337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb1364ad3fdd8cc245f5170f20e3afc6 |
| SHA1 | 7d7ceec1d79554b3d3bd1d64822c4dfc2731b5bf |
| SHA256 | 4d89b1d1681e3552ada16cd9e11244bb998a3c3881f298369267ce0ab2d6b842 |
| SHA512 | 37e1365c5890eef804b82bbbbf4de4bef169f2e237b33cd1f8ac75a72e2f7b82ced55d8582f595d270b034a30d913b619fed05754fbb8ea35c94081f842e43d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000
| MD5 | 9e6f9a0e5b03cc7c281d94264632784b |
| SHA1 | c84fd36daf4f68c95d5eb8e63053de28a5d89256 |
| SHA256 | 61125cdbac4e93256ff9da67e5046d0e3187c14d4bda7668151c0e70e3084f01 |
| SHA512 | 907333b185feaf80c3403a3e4f94d08bb2d6342c57eb14e84e18efad2ede294123cd01dc88ecca20edd45d8ebe3147b771f3c2db4e040cc18f0f25af61d1d4da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72b17db0534045e90ed43d6e8bee6584 |
| SHA1 | 1734f114a2cbe7654f0cb1d0b3794cc675664f65 |
| SHA256 | 1dce85404a3f6075b66b806d51583e77f305a7b08f43818aad853ecbd7ad46b0 |
| SHA512 | d2eb13d90bd904dcdc1b13205842b341b1d11da8cb25c88d671063fc773602eccf5bee8f47794d6be3885b583833c45723d75907da884ff1d14c3f8ade8707a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583062.TMP
| MD5 | f10c6942006187e04d5701b76031113d |
| SHA1 | db024da893258a77f30d2d8feb58a5c3a59dbf81 |
| SHA256 | a0ffef71a8c39e405a7a98f387d0a887310b69388bf7d63fb4181e25b76e718e |
| SHA512 | 32385a361e768ad56cac758c6d451b135aaa13ba17a52777e703be29e799173c2e6e13ad3a2d48338713ca29e1b3b36e038e77333564ffd4469dbeeda9869cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 845f300c58e4eb08241369974735dfcd |
| SHA1 | 9c81f54520055cdbcf0944380f8e1e0fdaca4bc8 |
| SHA256 | c2c60313bf5a3bf78d0863c5c72688ffc0a8fe40dc3e0c1549b6cb888398d943 |
| SHA512 | 3cde2af31c4a0875bc9f925b2c1c31bfdffe692f96bfe0f2add40f7fbf27f483d363d0a387e489041c758d72cf6d2dfc4f673a4d53d7765505ac1c9bcf29e6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
| MD5 | 8b8c42f692c272b4b183e98663bfc21b |
| SHA1 | 77be2fb74b76f6091fe634c1b5a644a49d0aa91f |
| SHA256 | 1d948835eb5bcc69ff60a87bb96de2f8c0034de5808126f32afef048987c69db |
| SHA512 | 99a5ff82e6ad0518c92e2032f07370f5fb9a5354c955f1db49c05c55542632356f45def025f0da720166bf8bcf43ede95521dee81cefa5772d1e2eb1bd6975d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe584958.TMP
| MD5 | 6940eca62df990154ca6b24de411e2a6 |
| SHA1 | 1521dc9ab0eec151d0b783e765a4744c07e9a39a |
| SHA256 | f8f384d046c797ec420137cdfe21f6e094a557abed283acf65383441c7382c34 |
| SHA512 | d92918842b4923298308c502808ad147a259e4c5007102a91ef4b58c92c7833e6c3f3967205c5c61283e54db5472667f07c896b5794c10718526989bd1b12977 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4562faf70b913f7cb8182a7284bb2f2e |
| SHA1 | 5574416434b93436b47be8a4eeccb79d69a1bd23 |
| SHA256 | 6d036137ff7d59d21e451f1b547d446549c8b9d8e266caa83ee7b0106b995a3e |
| SHA512 | 82d37d176fc9d1dbf23cc493abc95d2d793a6be5c0e7e749dc34bc033f4eec0e46d72a4291ea1c52cbfb62c45c8876f913b36792ce5058ff30da288a1df0a040 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6ffea94597e635626c5abfe6cbd61820 |
| SHA1 | 3c4c8e119ba935504a286f79cb4a341ee32d314d |
| SHA256 | 244d5345d52a5de3f7a6d1ea7eb1b1f47c4dbc1dfe0b4ddec6b7671106ef3d26 |
| SHA512 | 97317cb85c2a6ff9f6f8f8295ebe6d6f5c1dbc2f64a108c2bcd66084b972553ecf790bc9738a3bd9fcb927b88a73b9833c2bc4e32622635119aff713780ea89f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585d2e.TMP
| MD5 | 67ce3c245b2b6e4db19c5ef1e973b870 |
| SHA1 | b82676b6b21b59120ad5ce566eb9dce84d7d535a |
| SHA256 | 68c73d28fc52e4b8f30a832958274871bfe05992cee035d637ca1956a49bcc54 |
| SHA512 | 0cfea7d4473ec935814f2a88cf76088e3e0e080122dc563f6a8513c51de9afbaa6cbe3040bcf45f11b71fc66c6f370642fbd726742c149fb3b416cdc7060521c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
| MD5 | 5f3027f432f2d1b42e93cada72b1e27e |
| SHA1 | 497bdd974df2191d3a56b7bb75967e13771f53c0 |
| SHA256 | 1d05559f88801e9c167b1064acd6e3e582b83c08f883bdb0c7fec4a30ae035ec |
| SHA512 | 8ebd75bf1b8200c4086163ec52d358b192d06d37934ba4ff4f733ada6daffa424f4503b7bd8e689439832d36ba2d6693606024fd956a35c20b7e9fcaddb7430b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log
| MD5 | 8132058a2a88647268a8831bad19ae08 |
| SHA1 | b7de4abdda95eb79e178699e613c952b20486e54 |
| SHA256 | 7777679011b9efc15cba7789b81e948d1beacb0d25dca6e688794cdd44848b3c |
| SHA512 | 8d7856a5e9df5ac7f3b4ed588d8fa47c5f1910ec2d87079ccfd6daafbd84d1d2fd1eac83d5d1115ce7e0700058c983218824be6d0a6fcb9d011b98604b8dc5c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
| MD5 | 74f58445d147e4de3b65bc930e58ca73 |
| SHA1 | 6c03dd0c76378a9a8a624e69cd4031545e71bbce |
| SHA256 | dc47b30cedb9cf371a7be6650a8211245fc91467a2a0ba4e460829979fcca050 |
| SHA512 | 9f262c48cd9c6b63cfbf74c02ba2654fb6e687980e42364bb39e721bc3ecd39f729a90da8b568d24e1c7fefc278f3986fded3ce15424f3a7b08f06913cb6d66b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 23c32d5ed524486fdaebc5693571cd8d |
| SHA1 | b1ebd805f23b0a8e778de3ad71517de79e0db2d6 |
| SHA256 | 3f8667734ea83fcc83310a3b22e222ad76cb2d6fcd2a866a5cfc843810dab7f6 |
| SHA512 | 176481ae86e206926d5890d71b3b38e672a05109c70a8c95e6997aab1b9474a527454dab8f5a34fc471ce530796466dec3c6ebb72c2ce545fa856126e4907c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | daa53ca451bdba10d9fe699660008120 |
| SHA1 | c8f58d0898a8f51c261259dce9c1f23709586df3 |
| SHA256 | 695cfbe864b5de050213ed552633ce6e196ec253b77b448349b23dad19dda802 |
| SHA512 | b43d7144ad8294e54cbd02c1f94dc2399c0929e4960bbfeb354221205a2f0822843646d1a1091cdd1c80967bcebde238a7a3395a9e81712808ce4dcbe9dfa7dc |
C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe
| MD5 | b98582a96f3d102a3d45e7ed1111268b |
| SHA1 | b1f4886d90acf2ab70477a043dea8b668a7494bc |
| SHA256 | fb5518b93f5a75c4ddb033a5a1e8189d2e8177c863c8b86c0adbb2de90a928a3 |
| SHA512 | 51530cbd2a90a0687203132ea5e8a40c7dd0ff3275e1183020ebd60707a360f66106eaf1856716f64d24ff06b0fd2ad1e29f12019e7d68bf00dc9cbe3a7afc1b |
memory/3944-496-0x0000028CAD0F0000-0x0000028CAD394000-memory.dmp
C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\HandyControl.dll
| MD5 | 1ffa7237d695541158de09ef6a3fe74f |
| SHA1 | d46c42d47302bec68b0f42969f7b1bb4a9504d2f |
| SHA256 | 9569eda5c0af677733b29fd3247d48651a5604f21e8aa03ad0fe3508d9609ba0 |
| SHA512 | 176bd9478ec75cbe4f26ecfbc0717bdaa69148c5b38a8b14b9ea8477505ec56b982350c07acebe0aae9235dc313b0b64391737d9442ee397546eb3aceeeeb305 |
memory/3944-498-0x0000028CC7AB0000-0x0000028CC7C6C000-memory.dmp
memory/3944-499-0x0000028CAD750000-0x0000028CAD756000-memory.dmp
memory/3944-502-0x0000028CC9C10000-0x0000028CC9DD2000-memory.dmp
memory/3944-503-0x0000028CC9E90000-0x0000028CC9F4A000-memory.dmp
C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\.hackus\Settings.cfg
| MD5 | 60b29236031906ed6b96a746208eb5fb |
| SHA1 | 98cbdf6073197a99f182baa23b942f4867610a3f |
| SHA256 | fdd43dca26ad9afdf0248cc286ed60ceb21bebf2778647be67bdaa69db12a46d |
| SHA512 | ee02953f771c89fe4665370384272c1a289b83c5ad55fafcb8e00ae28bcf0a195451cf2c052e40da48c97ae153a4ab79890a88ae56013ea01053f158c5946204 |
memory/3944-509-0x0000028CC9E00000-0x0000028CC9E22000-memory.dmp
memory/3944-507-0x0000028CC9F50000-0x0000028CCA000000-memory.dmp
C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Newtonsoft.Json.dll
| MD5 | 99f75ea1a4a5a0206d4be30827ca87bc |
| SHA1 | 73e6aba5d4a8be5eb82eca5b5faa2594fbae3bde |
| SHA256 | 99592e8b144529d5e0acc40028758643ae475bcacdeb5288c1a1a3c0502e0453 |
| SHA512 | c3e64c3556f58b171ac6528a448fe44f22946177580cf29b01115783e7cba0037517b40e4a32c948da623cb447038eb713f9cd0617f27f7a5873488b297b4fe3 |
memory/3944-505-0x0000028CCA110000-0x0000028CCA2C6000-memory.dmp
C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\MailBee.NET.dll
| MD5 | 6dde77d756621d00016945736760f717 |
| SHA1 | 7094f0dea1b4c4bfd7f840b63b704dfc9bdd079f |
| SHA256 | 81632ee251474cb656dce412181e9f68f426ba20f3a0c4120c868a0cf05cd6d0 |
| SHA512 | e3389201e9d198be6304b79559d9d5d457cb33c74b441afb7ecafe4aaafb3cb0d583cd4ab8a5eb6045cd934d2c2a4007f6d1474beb5584585fcaae0060f4b813 |
C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\x64\GoSrp.dll
| MD5 | 8f5f6ee061242d609bd05b48479d887a |
| SHA1 | 0005089c13ba90f2d150a6e117bf463a6e28af54 |
| SHA256 | 6b7778f1c17b1a2d48970bdec81f1f1436066c662222ffa8200dee7c3fe610c2 |
| SHA512 | f4eda39b2bf9fe358cabb31e5f839e12704598505c16d6dd26550a5d1fa05775d34bc0ce6f631f4e3db95072630b60968cbe59d146055f87d197c9153dcdb1aa |
memory/3944-512-0x0000028CF16C0000-0x0000028CF16C8000-memory.dmp
memory/3944-514-0x0000028CF17A0000-0x0000028CF17AE000-memory.dmp
memory/3944-513-0x0000028CF1FF0000-0x0000028CF2028000-memory.dmp
memory/3944-515-0x0000028CF2A50000-0x0000028CF2A58000-memory.dmp
memory/3944-516-0x0000000071F20000-0x0000000072215000-memory.dmp