Analysis Overview
SHA256
49a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc
Threat Level: Likely malicious
The file AutoHotkey_1.1.37.02_setup.exe was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Executes dropped EXE
UPX packed file
ASPack v2.12-2.42
Checks computer location settings
Checks whether UAC is enabled
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Unsigned PE
Enumerates physical storage devices
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Scheduled Task/Job: Scheduled Task
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Modifies registry key
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 19:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 19:10
Reported
2024-06-22 19:29
Platform
win10v2004-20240611-en
Max time kernel
1139s
Max time network
1143s
Command Line
Signatures
Disables Task Manager via registry modification
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A544.tmp\melter.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A544.tmp\screenscrew.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A544.tmp\lines.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A544.tmp\INV.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Local\\Temp\\A544.tmp\\MBRPayload.exe" | C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "111" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133635570316236641" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe
"C:\Users\Admin\AppData\Local\Temp\AutoHotkey_1.1.37.02_setup.exe"
C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe
C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef96ab58,0x7ffeef96ab68,0x7ffeef96ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3588 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff681d7ae48,0x7ff681d7ae58,0x7ff681d7ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4868 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4972 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3104 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Documents\PanKozaDestructive\PanKozaDestructive.exe
"C:\Users\Admin\Documents\PanKozaDestructive\PanKozaDestructive.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A544.tmp\PanKoza.bat" "
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe
MBRPayload.exe
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\A544.tmp\note.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 3 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\A544.tmp\sites.vbs"
C:\Users\Admin\AppData\Local\Temp\A544.tmp\melter.exe
melter.exe
C:\Windows\SysWOW64\timeout.exe
timeout 6 /nobreak
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCTmub7HjR9Kc8Uh-Vy3eLaw
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef3b46f8,0x7ffeef3b4708,0x7ffeef3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im melter.exe
C:\Windows\SysWOW64\timeout.exe
timeout 3 /nobreak
C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe
Craze.exe
C:\Windows\SysWOW64\timeout.exe
timeout 4 /nobreak
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im craze.exe
C:\Windows\SysWOW64\timeout.exe
timeout 1
C:\Users\Admin\AppData\Local\Temp\A544.tmp\screenscrew.exe
screenscrew.exe
C:\Windows\SysWOW64\timeout.exe
timeout 3 /nobreak
C:\Users\Admin\AppData\Local\Temp\A544.tmp\lines.exe
lines.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\A544.tmp\INV.exe
INV.exe
C:\Windows\SysWOW64\timeout.exe
timeout 6 /nobreak
C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe
craze.exe
C:\Windows\SysWOW64\timeout.exe
timeout 8 /nobreak
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1904,i,131196636269189097,10239117075753373067,131072 /prefetch:2
C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 1000 /c "It's Your final 1000 seconds to use Windows"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://memz.download/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef3b46f8,0x7ffeef3b4708,0x7ffeef3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2
C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex64.exe
"C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex64.exe"
C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe
"C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe"
C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex86.exe
"C:\Users\Admin\Downloads\malware-main\malware-main\Monoxidex86.exe"
C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe
"C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://malwat.ch/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef3b46f8,0x7ffeef3b4708,0x7ffeef3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38f1855 /state1:0x41c64e6d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15849517184786087919,8173834015720140858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 37.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.212.206:443 | consent.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | memz.download | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | memz.download | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | malwat.ch | udp |
| US | 70.32.1.32:80 | malwat.ch | tcp |
| US | 70.32.1.32:80 | malwat.ch | tcp |
| US | 70.32.1.32:80 | malwat.ch | tcp |
| US | 8.8.8.8:53 | ww25.malwat.ch | udp |
| US | 199.59.243.226:80 | ww25.malwat.ch | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 32.1.32.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7z77681EE4\setup.exe
| MD5 | b98ee9e00b5546763f9c6e65e436f6e6 |
| SHA1 | a28e2b0ba6cc748d166b2eb6d0c8acb0bd3b9f3b |
| SHA256 | 6d876c526b5cbc5dc5341c1011b1c91639597f46677a1d42426f4a52dfea6756 |
| SHA512 | 556e632fe39231622398c5afccc51d01f25bc430705a126737877ed9f354c7076b5bf3cbac27f8a1c4db4d326b6a8848fae4b8d6046f816597c370d06e824591 |
memory/640-47-0x00000000009A0000-0x0000000000AA0000-memory.dmp
\??\pipe\crashpad_4152_GPEREIJGWASBVECZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 954c9923a3860589d890318fd5007972 |
| SHA1 | ccf783e87c5a5f926efd1fe78ac3866892c68a57 |
| SHA256 | 0ecc455aa30f93cb233ebe9b343f2b9e93b79f32e215f3e15c8c8ccbc38ec6df |
| SHA512 | 1c610d6c0ee54c38289f71e414c0662ad8f512f815cc7293aaed93f12cf9cc9c1526d70a6f046f0cc9adf5a0ed71ad6d136dc6444efb35d84ba991ab2fcf1689 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2c2822160d0065aedd488dcf3c42222d |
| SHA1 | c8277d2f5d01e27ea46ce31e53551682184bd9e5 |
| SHA256 | 59be968e0655812837a12438544e1ea792ac8d0db191e02454133f46a31f5e18 |
| SHA512 | b011bdfae9f5fb474f5bb0bfa70e8aec0411d78e1ec2e7c8c5a173bade2a5518808af2ee9981bb38067fdbd671b257bb72548b6bc864c43c728423a031f0981f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b871b89a56b5566351814eb6522e73e6 |
| SHA1 | 3fffe37f2d29c20a67c7e1c37a00965c29e1e0ea |
| SHA256 | a43b040f4a430eb28ad90fbba97729a562306195c550c217712da8958545a2d1 |
| SHA512 | be1447adcc6a087b33e171f5a4923dcb60cd7e68d69ed5ca9fd9117c35c1ec583d628593beaf576f42c7d5b5c31d96ccc8962c44e931e73e6bd081852e51c3ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4d10aa42f20e4f2bc5109bde2214fef3 |
| SHA1 | 789968e7ee69c4b6f994e51445a767d24a82414c |
| SHA256 | 93f4191e0dcf399d602d355bbb88b822da4001caec8f2918acb3163e43b549a0 |
| SHA512 | 31e79a62be53338c975b3495882277b9e90fdd57a2d8d4375d1366a490afe1edae97dcaacf6e0ffe1e0ef6135299b8d05f9c82571d6a9e3da4fe2af5e6cb74fc |
memory/640-133-0x00000000009A0000-0x0000000000AA0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\31a5e82c-f702-44f0-9fc7-c773e74be9b6.tmp
| MD5 | 9f7c9468439f00b5ef1122f926bf1dab |
| SHA1 | 3719b0412a7c74c02351b520f8807c2ff111a6aa |
| SHA256 | f4bf6fbfa85ed60eaff2466e1eae6ab4b8e1ce36beb1a384ba0614f1bcdf275f |
| SHA512 | c214cdde74916c77ff1e6fb9a24d3ab6520cf7544016cb4b845fd0890daca95b1601a162c64d8dc7c9d9aa435aec6699078cee1512ec3fbf3789f3f79ca9ba7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5495bd5f-11b6-446f-91f5-c9cc0dfb8003.tmp
| MD5 | b98a0bbb3956f140e2cdc7b49721f5fb |
| SHA1 | 94424e4b2ce11da7235746d8a84d4ab3b51bc628 |
| SHA256 | dcc5df3c84fac5320d2fb73b1ea2ff04e010d465594db7fd82c04b2c59869955 |
| SHA512 | 27a1267adb3ae51c01296be9fe5f0edb0d518bf5e390fc46f57f09f1d1a061caea2f64dfbfe766fd071855345a6c2b5611ea13f7362b79e9af6856ccdeac5518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f49d1cdcd538ee3a8dd9f1223bbf5fcb |
| SHA1 | c574876d7e828e33a54f7748538bd27d09167e0f |
| SHA256 | b35f370a8a5b865e3de991eb999711b73738f939ffc44f2128b5515784136a08 |
| SHA512 | 1a7151347fdebc59097024dda456281f1e82a88fbdad0083955234b52ad41d48a0dcbdf22a17b41d80b15ad041dbfe228db1d6b884772efa50c6f40cd923e05c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e7eacdb2a2f27de66a6bc3d78a545411 |
| SHA1 | 38c4411b958adad9e8cce56029f626a86ff08723 |
| SHA256 | 056f81667f8a85eb85b3ded4c511bc30a34099564b65ea9851eb2e781ea5979b |
| SHA512 | 3426ebd15bb3660a46d107aa083134a0f7ab55f8ebd4ed056d3fb45b9a788e53bb9e181dd468a2ea60c0bc5d46325efaf29006735a4c37b99d56524ef2201132 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dfb1.TMP
| MD5 | 9d03f313e1cc2e3759f77e81e16ca09c |
| SHA1 | cc5ee40b123fe8df51f990734f17c775e8946206 |
| SHA256 | a3729cf14d16deebf8a217f8c8c245dd1f5d70efc0c909fb7bb3324118eac5b9 |
| SHA512 | d43a500965ab7b091654ad5ccf0bd82629b910d8c3867e28db259a5f43c21de82c940d777137625245c2d377b3db2311b91f67f7084542d372ceb721075c4541 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f3a814bc015f0a26b9cc436a4e6f5e8a |
| SHA1 | 354dfc7e86826c4d6319348d1b3faa55003bfc12 |
| SHA256 | 9fd60645c049a32165afe4074a584ad5af212e8f0d7ab965b089e147527e9123 |
| SHA512 | e00fe7673decc86ab9cc0216e78c37f9c3c34f243289b1c381c4adda7f6cc89e8fb0b22df050a39b7723608b62a0c1ce3712bea2c35673e09f005e656fee1ebc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\68c72d24-c46a-4ff1-aabf-316d2d08dfe8.tmp
| MD5 | 28e779c62b55777b883ac9b7928ffac1 |
| SHA1 | d7875fd4e1a85642e5db289b208c856edc19046c |
| SHA256 | ae514f08201bd2036aa192770a325fa9bfe8c3822d826361034733ae4656984c |
| SHA512 | a4ca200336cdf1ecdafcf88a8cbb3559afcc231f1326217fd240d6af21258ceeab0c8eea8fd820574cb4e2002f98d76c488391ed4160e80e6d82e0071899b7b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 28c00446972acd684d30a9ccec77ded2 |
| SHA1 | a655e1aa0f5c93c95a13e921f3dfb35abbdb0ade |
| SHA256 | 02f41a1bde9842d92860725994fbdd88a3f762114da7b6ccda35aac393d1abec |
| SHA512 | 2d1edf1fb6e75d1388afb37296a9227e4e9026e8b2692215621bd195b47dad1c09e5b75eef4059f163dbbc55e821729750819420ed5872a8544bbfa11e976f29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 57658ebde7c078c05c3286b1e092713e |
| SHA1 | 0239b3c5f0cb1af06c40fc46d9113e467eb143de |
| SHA256 | d31306e29456bd75f286b93f5364aa78b41ffce6d54ce3bca168ebf1d03003e8 |
| SHA512 | 65f861d633557c80d3e9b08e8b0d334c832b10fce2f7bd45077b1ff84f1fbc7592d654e87951b8fb28000eefc1f4b6beec2c80c675db4f7fc9589a4123301981 |
memory/2432-363-0x0000000000400000-0x00000000004F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A544.tmp\PanKoza.bat
| MD5 | 24f0349bbf490fea5eb3acbf54bd1ba8 |
| SHA1 | e3ca3514fe098b27dac66dfaa93e035fe6ef25f0 |
| SHA256 | 78c3005b4d5f500de7d540822cf2c334fc585a6a0d45da8c4af47f1500239899 |
| SHA512 | 4aac8a6652c1ff52c797344299f5f21746ff1769425bcdbbe4b04fa9363619e320811a8bf8ef0c18e7d0758f38d6a33249c14c9af4a3773da61bb2d7910fa26b |
C:\Users\Admin\AppData\Local\Temp\A544.tmp\MBRPayload.exe
| MD5 | 3aa620597abcae5c26b71e21e15b9acf |
| SHA1 | ed797bc834050bc108a31f1511102608943391c5 |
| SHA256 | 91f9327997754b0238caeff5cffced7eed3e13d5ac39dec87b329678bee8a145 |
| SHA512 | 562de36b77f6cf5a369c8b434fb5605ee4169fa50c6a4df4d22c1a64dfec39d779b1fc285407ab851ef27b33061159cb1bb548079fa0d0a3d2e10517f8ee0b12 |
memory/4892-387-0x0000000000400000-0x0000000000423000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A544.tmp\note.vbs
| MD5 | b41b06859fca8e157db46e6609e4a51d |
| SHA1 | 8daa0836735347c030e641abdc277bbd66662c33 |
| SHA256 | f613aec542d7967cae9d01794b7061bce5083d68c825821a5b702e97f32039c4 |
| SHA512 | 4290d132c7c1ad154a3ade465e810e9fe4db5a8e0604a35d53e82a6482cd22fdd8ba74e97c0bc2e146e2bcf2ecc9afcc4e4e358e98b353168b67a71b71ced75c |
C:\Users\Admin\AppData\Local\Temp\A544.tmp\sites.vbs
| MD5 | 5c5324b059b0abf1824a5223832b8479 |
| SHA1 | 145c596bd6bfc1bfbd1a5a2aa8e5f4b3cef4ef57 |
| SHA256 | 9fd517699e352ffb9fd73319eb1ec58e7e771457f6e7c1d715e0f57e1d37d733 |
| SHA512 | b8219eba1d34c83cc193b5ba2da8aa9dce4f8b221c9aac3a52256e6c2855b77be4270a629dec7e36c92652f9b5e4c1dbc84b91a3bcdca663cc3d728eada6c3e3 |
C:\Users\Admin\AppData\Local\Temp\A544.tmp\melter.exe
| MD5 | d9baac374cc96e41c9f86c669e53f61c |
| SHA1 | b0ba67bfac3d23e718b3bfdfe120e5446d0229e8 |
| SHA256 | a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412 |
| SHA512 | 4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ecd1e785cf5508e15582240cbdda6f0 |
| SHA1 | 9332d32b491e204582151884edfcca4e6384d6f5 |
| SHA256 | 308f4cd65ef466bd1cd0d304f5c805605c42064a34e69bd34a3069aacd29fddc |
| SHA512 | 39c7176196a2493581368f84a841f8004792e296deae052081cadd97ae342f0fd3388b73dd346fffbf88189f25e8ac53addb9b319c4161255bd10c6938597122 |
memory/2432-437-0x0000000000400000-0x00000000004F8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Temp\A544.tmp\Craze.exe
| MD5 | ad27143d078706b7cadcbb3f63212384 |
| SHA1 | 71e532c89954881636f8fe973b9ea035a9e2de6d |
| SHA256 | 0b86d60e99e9f4a3bfa60cd447ac62eda52428be564f777151c883fdf547fb26 |
| SHA512 | 39d8abb4883d3db96a88e88ea76ec8cc6a11e8905eeba593789a08b7d26cf449d682b2537cda790b124e06dc94bede7a78477f941220fe47d3e7ffad3bf9868b |
memory/6096-451-0x0000000000400000-0x0000000000474000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e5416cde86f60e56484d2267a5645d6 |
| SHA1 | 547b82cd47432f574c9855de00001307db50b1c1 |
| SHA256 | 439eb364a5d3fc0e5753ea9688be86f15070f95c4f0c7077c0df14d8405beff5 |
| SHA512 | 99be3f170d20ffd4c93e9d89a9d276ac88226b4776ab86c14132e8aba3defde08741c19117394cbeb590c599c8b35393aad7c5d6ef43111a9fb04845c590160d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 602449415a09f70dbbf717a211fa3790 |
| SHA1 | ab75af386b1346690813953802c14ebeffa24a6e |
| SHA256 | fe7f0ee90423e44c09bbd18f5a6780b97bb73eb805dea873bb13caaf8c682872 |
| SHA512 | 2cef1e238959bd748dcde81491a3609f1fd9a506b86c1689820c064abb686395efa97b8edbc262de7421512e60df89d1afee0d6883ddf511d62b3e06a39372a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 127097b75f54fdbb2fa7956148a796e6 |
| SHA1 | e7e96dd02e45b64a5a400edb7e4ec06d01e6ccaa |
| SHA256 | 6e9e6853f69e50b6a49303e9f57e7893a4ad68f0bf8501885d846d8186fdf54a |
| SHA512 | e3028e58665debd31964d94ed726dd94c783d161d48901fa955113be4e4a506a3e0eeae1cf650ddfaea7e811810b3cb18050e499b761ea66724181900a9d4d0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
memory/6096-483-0x0000000000400000-0x0000000000474000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A544.tmp\screenscrew.exe
| MD5 | e87a04c270f98bb6b5677cc789d1ad1d |
| SHA1 | 8c14cb338e23d4a82f6310d13b36729e543ff0ca |
| SHA256 | e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338 |
| SHA512 | 8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13 |
C:\Users\Admin\AppData\Local\Temp\A544.tmp\lines.exe
| MD5 | 50caeee44dc92a147cf95fd82eb6e299 |
| SHA1 | a6619a150a31f4c1b4913884123f5b5334e23489 |
| SHA256 | 81b9a2e3e9ee39f05b585ad871696a946837fcf784d3d4ecd4b9caea16560a1e |
| SHA512 | e009de28d24abbecac2b20c4dcbbe4bd2de461c0d3140043d1ef6db3e4807d13723fb1916bc9bd1a636cfdc4bb3e102ecae645e783901ebdf9996e9bcdd9466b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8c00ab4c-dfd4-4b6a-8898-c97605a84df2.tmp
| MD5 | 74f4ee9a7ec91950c804c464af7a5971 |
| SHA1 | 4b530ddf22af9faa9750f39797374863bb06b047 |
| SHA256 | 0cc8492dbbca723dcf742abf3438b39ae60d1ffaae7a049cb5e8558ddf8dba76 |
| SHA512 | 05a59068aa2f0aa078153e1a414dadeb1003f6e1b171e6e3fd6df3d58c7c26cf6a1c1fb4d0adf158da223bca9815ec19d3988fbd3e57d5cb047f382dad9c519e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ed01e833175e8cf2c552984d1298041e |
| SHA1 | a663151b8f110832bfc0a40ca865960a4be66e46 |
| SHA256 | 6f00978eef08715c36c4fecb6ca90e0e4b2f58044bfad9c8098612ec2c02b6dc |
| SHA512 | 188fbfb4b0f27aed0c482af56109ef99766fa6c055c622b4d022de64a85f39a7f90c740adbb2b0277b6d0bb206c73738e825fe11b5255989f7a2e63edd9f9a6f |
C:\Users\Admin\AppData\Local\Temp\A544.tmp\INV.exe
| MD5 | e079c468c9caed494623dbf95e9ce5e8 |
| SHA1 | 4d8d1d17e9d7ff455a5c69e048d7575b5a3ea0f7 |
| SHA256 | 8e217ce5670ac1021fdb6101372f9322f7ff82481ecd9badc104ff542e46128c |
| SHA512 | d9c1a6f28c0c76b6856dec8723eb79d1b620a70b8ab3b5f028848e890a684beeb3460e310959c69f21cffb0a14751ea6cb719aacdbc2043121f057dd56f868a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ff0b8f127812201c075a429bdd4be1e6 |
| SHA1 | 900133c98554973d674f63369d4b7c60b304197c |
| SHA256 | 838b35ccb85585931ebf271f24a58431026b5b90a987afeb6fa5847e38e30b89 |
| SHA512 | 75b4a9c8319080d1238e1ee0fdb5226e4a4f101bdfd41c9e3fd0eb96a6ed2b7a690e15c47bcb1675c90b2b1becb03f6a86c0cae5ad5b8993e8351a8b729974aa |
memory/5124-518-0x0000000000400000-0x000000000044A000-memory.dmp
memory/5652-519-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5148-521-0x0000000000400000-0x0000000000474000-memory.dmp
memory/4684-528-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2432-531-0x0000000000400000-0x00000000004F8000-memory.dmp
memory/5148-533-0x0000000000400000-0x0000000000474000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ced7d3a3bbbad43ecc8d7d8501bcef37 |
| SHA1 | 1f2e869deba19a797b3b58347387581dd0ea2107 |
| SHA256 | 7e06c909dd60b01474724b6baa4b7dc68c7179c767d6c68e2b680c8e2f5d1bed |
| SHA512 | bc54bf9edbf2ecb3207bf848e50ce0b4a3f6a40d3d1eeaeef093a55dc392339ec07311510ff51eb2162f414c872d59d4d973ead691b49bfb627bc95c4709d532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 230bf8527589d6f7e99859c0fed89bfd |
| SHA1 | 81cf5a689cf64e2e1ed1515cdf77c8bf7fe69316 |
| SHA256 | 8c3a67e464201dace785e70b210704bcba47f9685e80118fa54ae97ccd8ebde4 |
| SHA512 | d87210f046d33d2aa96d3dabcb5a67f12ca25d6fa21865b0ff7a437772feb71acb493f423fe88e131f4e6af4cae5e280e4ee878af502143f8bd2f1853ca350b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 68f2832a04669b2d074932f410eb12bb |
| SHA1 | 7d7008f4d996952b3ebbe1c86c295660a0a0b35a |
| SHA256 | ac976bf665e65f1190a5ce6559e508673c33f83f417d64e58253b4bd7b236bab |
| SHA512 | 2f8c7347b1f2d057622175530dc1584b8e46570c41d38e347bd3ed9a0cb3c766cc0d991d54b640224b1adbf10afae5c95929d5f87ceda4b1ccd616a21e93bafb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ce1624e86ff14fb868915dd43665d2a |
| SHA1 | 6e70c5c178033370a4080e8e1a9e05f9c82bbf29 |
| SHA256 | f34cfe710816039b540ea35a69ad112419e4437fe684e0ef82484653a8d41e87 |
| SHA512 | 20f9045184cd336d561d3a1298172cda123e4aa2c032a65ded3ccaaf089511bb853dc248df46e1dba63ab8cd5837ff62909587564742584f54277c38869bec0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 61e180132f20097fa559c0cf65ddd429 |
| SHA1 | 33759bd506a8416e06996b0e6bb683e3441a1d4d |
| SHA256 | 0bf1cea2e9f4ee7e98de58c80a44f278d4f1ffb09455495a62b9e7a4aa305a81 |
| SHA512 | 833d88cc11f7648cc09b16f353ae6f2e60ecb513b2d1fc3f13e97d8334e5b64a1d5a9b93d7b5f6562621ef34b017cb63dc5a811682142195d4153f97775d01d0 |
C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.txt
| MD5 | c2237b49e278bfbe92d069fd0eea6a7a |
| SHA1 | be6130e55528abecb5f5ecc70f132dae2b742993 |
| SHA256 | dec2ed71dd4daa3930e7a6794ae18b19c0bd35a7abe6663881398b753e7847b3 |
| SHA512 | c4dc6fed0493507d10ed2f19cdf57e5575ad9706f1d6005f437a3386d2d06b659fd9af3b340ab31e2e505ba351e03020f86336fabee789abb4c60fd20a953364 |
C:\Users\Admin\AppData\Local\Temp\軑嘣陵搕乡鰕籕鯔貀墤榞嘕缪詳罄箺.exe
| MD5 | 692361071bbbb3e9243d09dc190fedea |
| SHA1 | 04894c41500859ea3617b0780f1cc2ba82a40daf |
| SHA256 | ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe |
| SHA512 | cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e |
C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.exe
| MD5 | 5c378b11848ac59704c2000b4e711c30 |
| SHA1 | 6a46c53fd89b1f66d3fdab7653181e8a3e56d418 |
| SHA256 | bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e |
| SHA512 | c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48 |
C:\Users\Admin\AppData\Local\Temp\塒噷韪簉祁堐篲滦鐸陱磛竾嶠錡薛陟.txt
| MD5 | 47eb981c0a69adce46ec9fcd39bdc517 |
| SHA1 | f51eb156182145384e5870c3761ec48f08adbb0e |
| SHA256 | de68d7273a4e4d7c3eebc23d0c7a5200202ec92f5f16fceb95a1a6fb0f126f43 |
| SHA512 | 1c7f0837f11a19e648080cc7e8c401ed81fe7704851bbfbbfe0ef3b74f617b9223da1f0682e607a805c1a546575932cc2d327b759ce9268b063ed31c35364fc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09d4d8bbe51a8ff54bfe17e7502e9138 |
| SHA1 | 74c8a562261c8aa7ff1643941d67a2a2fe79a891 |
| SHA256 | d6f9600759b2db5f8801d8a27475dca2e32a13dc2ef914258a4a119d0d352491 |
| SHA512 | 82c80e0fa290e3c9d71386edda3575f078cf2788bdbbef8540a6052a19a44953dc8f2e3fa305ce54524221e521ab178394d7280d0d741a156d79a3b6866af912 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f86648979262649d247442098bb0c471 |
| SHA1 | 06c871f0962c3fa9eeafe09a6d47c9d10a340a38 |
| SHA256 | 28a155656129190b3682bac2e4b2f2810068dfa8c2f581916d87200d46038afe |
| SHA512 | 3baa4a59f43dd85a15d00b55d546ee23206cb97abbcea0c30d2d38649beb0c362b06c6dce0fd23b2fe51f1160cfaeeb7c646b0d221311a2f7f0ad43c3aa79af0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e16cb831e473f004527cf2d047f9d37b |
| SHA1 | ded44f535ec74483a90cddc18b2adf0f3f95563f |
| SHA256 | df6ae89cc165991bd33df3f7bb06a91a0082a2857e7c9053e704955d457283eb |
| SHA512 | d736e93383a2f4330b3ec3e92b0dff7461d3ccfa06eb6b431156693bfd601968da3ffaabd24311960e717f610cd905e52b7f4a791a75bf6a6873730345be7f7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4c066aa3640db57dedc67a46cba0e08f |
| SHA1 | c92829bc66f22dd48ac05ace42463382b1fe40ec |
| SHA256 | b02e332569629ddf3871347a0429b9987b868e0f5ab40338bb305c3d474f6a2b |
| SHA512 | 7bc5a078e17fa0f3feefa87e573eb593e25ba4d46cd4de357fd10d3dacb081945e7d9c854eaaabd83c6d9804deca65439d565da54a6d4f80c7c7361150888f34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3c6857c5bf0921870456a494ddc52f0f |
| SHA1 | 5f0a8f02672a49593e60be3f90634fa5102478ac |
| SHA256 | 888ef2247aaadbb5223026d4b5ae3cc1c5e7d1bd796ebc885cff2e1b8a3c1166 |
| SHA512 | 69b8e9d0cf3351f11d70ab487dcb71c716301edb8f28c1113f67db028fbcbe590e012f33505ff86b615f8754a9f74d652d63f783ffc5e4f64a2cfae065214cdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ff9c1148d39f9ffc89b0e9d3c8aab663 |
| SHA1 | f2fabf1636cacfd811bf98d53d261aaebfcbdc03 |
| SHA256 | 5e8ee2014d601d1eea1fd203f39fe502d5364134b18872e0bf0e45d8105d7467 |
| SHA512 | f7c368efc7b0315c998caffdcffb62c56ece497b0051bc793425cb601e3d438d5d4d7e1d9899b7f315783c5c60423038f42ed2537c497baa25034a1ec270f7ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aff814b2fb27550f9359777cad016e22 |
| SHA1 | 24a495bb8a5fe2d6d45c67362290e5fb0d748dc1 |
| SHA256 | 34d991e9010d48e4ece66c7f272648209d5cb6c548d495a068d1c00f42ae3f4b |
| SHA512 | 2aebfbd86917654d0c8789f4366bcfddd9211a0758fb6ca658e441b21252e42b07b9abb421e4ad5ac0bda0ef3e1e2b427cd9f9dbbd202fb9043e661c47ca8232 |
memory/5148-1154-0x0000000000400000-0x0000000000474000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8ab9e389064cf03797f91e4fec6e9b6a |
| SHA1 | 49f63d29eb91b41e1d4ce8ff38613b55f9411f82 |
| SHA256 | 50f213f877645e6ae88187a41f4ab1352d0bb4271e789957710ffb34e234c3cf |
| SHA512 | 10e016ffc5c5a9575fee5f9f46f8123a2139419ab445d6889529ddf0b5e2b41881cd5ded5e67f592040f2b49fccedbf62343aaf71edac1008bae6a3d304d94fc |