Analysis Overview
Threat Level: Shows suspicious behavior
The file https://samples.vx-underground.org/Archive/Builders/Pegasus%20Lime%20HVNC%20Builder.7z was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Loads dropped DLL
Drops startup file
Adds Run key to start application
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-04 00:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-04 00:07
Reported
2024-09-04 00:09
Platform
win10v2004-20240802-en
Max time kernel
144s
Max time network
136s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.lnk | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "\"C:\\Users\\Admin\\Downloads\\Pegasus Lime HVNC Builder\\crack.exe\" .." | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://samples.vx-underground.org/Archive/Builders/Pegasus%20Lime%20HVNC%20Builder.7z
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9023646f8,0x7ff902364708,0x7ff902364718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13059448125946489780,8687715364377287625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18899:110:7zEvent26449
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\" -an -ai#7zMap27767:156:7zEvent86
C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe
"C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.blackhatrussia.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9023646f8,0x7ff902364708,0x7ff902364718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1197240597915074036,18393964520214588528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,1197240597915074036,18393964520214588528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,1197240597915074036,18393964520214588528,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1197240597915074036,18393964520214588528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1197240597915074036,18393964520214588528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe
"C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe"
C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe
"C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe"
C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe
"C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe
"C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\PEGASUS LIME HVNC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | samples.vx-underground.org | udp |
| US | 104.18.7.192:443 | samples.vx-underground.org | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blackhatrussia.com | udp |
| US | 104.21.78.120:443 | www.blackhatrussia.com | tcp |
| US | 104.21.78.120:443 | www.blackhatrussia.com | tcp |
| US | 8.8.8.8:53 | blackhatrussia.com | udp |
| US | 8.8.8.8:53 | 120.78.21.104.in-addr.arpa | udp |
| US | 104.21.78.120:443 | blackhatrussia.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.169.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_3144_KZYFEMKSUTIUOIRA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c679ef0be3abb68a52651563a8dbcfcf |
| SHA1 | e8dcbb375f3eb0a4b4a715a19152f9aba0c3d56b |
| SHA256 | 1206464b8917fce0e7437ab1ec1655247ff42ae6dcff75a2a5b96b13ee5d9bee |
| SHA512 | 85750b1995e97492fda674fcd3be30eee43ce10179eecdee6552a8697033d35bf22ec7772cc5e09d7423f9951427eab751b519df42a7f38afc8ebcbaf03e1e57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fb0f52db-4259-44a3-9dd5-4bc97344753e.tmp
| MD5 | eb2672b8018195a7e71390a42a5e5d57 |
| SHA1 | 9d95aa716c3758a7901a0b6d6ce0143dad0a61af |
| SHA256 | 0efefa6cc89b487fe0e96c18e5d181f0ee117fdfa0555013ab85f6486da57adb |
| SHA512 | 3261534bd37e816f216d56de957e723c5f7cb2e520b6b93380fc681fa0f07fd9bcee10e2cc27f4a078d54a1378c29014a8d8224c50674cf61bc5e3d1b808f971 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2409038eb58b0cad9975ef2da70b565 |
| SHA1 | a2e5a5974275274a4cda311f4bc09394bc8c326f |
| SHA256 | f680cbde072da37ed47c47ec4d3bf6ca3b133194ca363deea27df3253a93b7d7 |
| SHA512 | c06deb1fd1bb0c501e7a7e26cdc1ea697c06ad98b62ad6fbdb6dc59dadf947c6d72a221cc8d62cf2aa42b04e05494c58b6c9457de9412b86a0de7f13c0fbfb0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09aafbfbbb9ff9da26cce826bf142562 |
| SHA1 | 4baf19598a28960ad5d2a3e7e78e09429db535a8 |
| SHA256 | 382c88cea24479c03b7618e5a39350b4b0ef6fdaf4a3b0541ebd40ebf079dcc7 |
| SHA512 | c0272afb84710d52cae13ab9bdfa946ba3b08e66f1b35e122bc5554d6ebbccabf1068e4b9201930afcf90d202f18dfa84be3e37f083847c09dd239b443acebc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6cfa7e51181adced5dc0466ee2e1062 |
| SHA1 | 29bdd725f7e15c2c49d23896d922b7c1cf0e0dbd |
| SHA256 | ac40e18c65eb709b41aa814299eeb2bc37acbf69fb4852420875b33610001a6e |
| SHA512 | c92843ddd532a16c8401def12d91e57cd6efd56e88f099d3e7e36f9323a88cde6ac78481097536d150ecf0bb9e02c889d30ff1e3fe25c0ad6c38894bb08b8e97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c753a51b344f5e0b7614e6b335efce1a |
| SHA1 | ecab6c44f7f65a04b594d3c1f5ccc151e1fbbea5 |
| SHA256 | b9be628c5d1925240917e40326ded59765a86dfc8580b59d2e51f9925f3fc494 |
| SHA512 | c579bb93537ef2b84bf17b99354eaf60da7719432451d916f15084675ab7fa9c5b24c8e370108b0fec1244d2a8ff44e1ace16fca9abf18c5a12f91f8801a68c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\Downloads\Pegasus Lime HVNC Builder\crack.exe
| MD5 | b5086eebe0a0a878807a677aeb4fc4f6 |
| SHA1 | 313913645d57696233293197c9e5cff932535e6e |
| SHA256 | 69029912f948d6bd6c3084ca34885cdeef97190865f6838c9a928fad56b3f958 |
| SHA512 | 1a6e732b0cbd0b89b8b7fe4472d76df46f44d757b550526e88d9c3c01170332d3ef20304a8106cfb47923e466b6dfe6ffdc4b77350c4394ea9ebb72100e0787b |
memory/1928-163-0x0000023695280000-0x0000023695290000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 75e8ab7bab70c4ccc4cb46f200b5e556 |
| SHA1 | f6a07554c212bfe3a04c14e04def8683d7da0529 |
| SHA256 | e51f6b51975d5c52473719e5372622f137f79789515296a62afe71841f37dca1 |
| SHA512 | e6c3a27685968a69590735fffec863bec671ed8e33c334c7e67f00dff7643071bc07493cbd26a8fd1adade806339c5f8fdea80152818d6e072f7bf0a84fce3b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 8c5b4c6ae09cdf003df23a8e62ada3d3 |
| SHA1 | d7069f53a63638d89da658137c49475af9bfa6d0 |
| SHA256 | 4d8508bb3fdb5a609547bf34e188e2808306077ab4accd64d81389c5d1803fb9 |
| SHA512 | f9200af0ab98c1b698c57027ce62f536ce4d66eab68ff2635c342376c598da2d4119a3aa9cbafe8567bb7595500891477c0d8dce56ed4beff274fb015177b4a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 2be64591ca9bd45d6dd5aaf92763d66f |
| SHA1 | 4309ab620c7aff105f8dd1cc90581fb65ed87bbb |
| SHA256 | b34726463f8ce39a7552b1a42af64c0b7ec37fe2374b7645ccbccef92f15ff2a |
| SHA512 | 951c3f4e9eb14d31d42a471e2b9960b01dccec57c83f2c6d567eec26555cb873ddc8e1a95109cc441e0e2fa44dafe211133f598ae78b7be653d549aed7966bb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369882035612525
| MD5 | ebecd86ad1ac8bd549a8ff5788f11890 |
| SHA1 | db6e13fa4d4e84a093bf5e2ca0773f95a069c38b |
| SHA256 | aca71ca7fa596aa1670e4223c38add782b9fae969328348aed585a1471d9ffd8 |
| SHA512 | 5f659d16c04fd50802663356e3fda38a5e801faeeb0ab148ac48ca159aa5e6bfe390d9152250315eae854453c8f32d130a54ceaa72d428e9f92e19d78225dd49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | f6fee13cc865dabf50b4d77ae8c077c5 |
| SHA1 | f7c765bddfc93580c5625fad0e325fc8be57d713 |
| SHA256 | 28f1f2a47c62f8967b03c847cd7c16a64165f02cfb5296ecf2a4d51378783836 |
| SHA512 | da3a96f35dc16574ec942dc04e0856d37ba582a29323e31d38534921e73dedbd2a2e77a8e03df541df3c30c4429fe5cee27a43759d1042197704996deb04d142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 77893629f675314915eca336eb9cd114 |
| SHA1 | 0acb9ce1f06d6bd86173b619ba63092b3d907596 |
| SHA256 | 0bc3fc36a84395ee90999bdde15e97410e672f6cec07de4a38b80124b1ba74e2 |
| SHA512 | a887dacd7666dd273153abebe3ca0743c98ee63fc6263835e09545858e1fd5e17717396b3dabbb7d8e17996aed57b12934b89d3af80e90494b278ccd4c92f6b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 83148e3b11ddfcfd756cb26783eb042e |
| SHA1 | 1ab53b5e19ace165933e45514478b3bd191abb72 |
| SHA256 | a8cde3a5b3f72c46c845e1c8a358f145cdad348f91c1c90f129490a5e2144a5e |
| SHA512 | 3b37e0b29e631cdc3067a6145f98d3e962402e0437aa91ac90710a1c50451df04e891b61438bb69a59ae2f67f0064d00ea0aec85607006b3c7512ca3b30104b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 8056ebcbc2db6348a18d4ae01966c275 |
| SHA1 | 41e4d367ac7c2827260ad5728f2e63e3cdb63541 |
| SHA256 | f095985cc833c5fe08eb35890a5aff287de50066a1e9895f796b20a6abce6f02 |
| SHA512 | ca94458e9b2a3ad3243fef3b3a9fadb7a215a61e2cb383a38f528d61268d42a05f7ff15555dd0523928df9526361e5dda16ee4ceff5c0cc3564970aa37d712b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | c47169ff605142a6b2532fd2f86e86ad |
| SHA1 | 817816df21cb4f9fb048f1f08fa73abcf32e4c28 |
| SHA256 | d7ea91d0b8679e297714e47f34b9e629ab3722b2d9b353b25970f93e6d4a545e |
| SHA512 | c51a3b0632834229755c55dab45805bdb87827c6ee97558a486df953f034f0f6d6612656c6219d4cd92c8198f3e37115812c6fa5524fc4ea0d12dc6487a70877 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 48faebe40ec767a53ebe89a510f84f36 |
| SHA1 | 47ada68bf29297e0fe608787026fee9c0062f782 |
| SHA256 | bda1d59d1829324b02bdb9d1c0866f638c48b59110a69e5f382fef92cdb83ef6 |
| SHA512 | 23c8ad96e98e5e3bf4ef348b702f7814e729a49bbf93f936b836baac74ed5f82542cb9b553fabf353e8f3fde8b32f12586e189471dca83a9954892aaa273830e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 5f36c4b6b1dd774c45207811acc65e97 |
| SHA1 | dfa6eace8e7a1d08100001e63d690541a9437a4b |
| SHA256 | edf86f4fc3163b2930ab3eb124751fd6d8d3ea06ad1dfa04b1c26cc60c69a819 |
| SHA512 | 763941a272366cda216468141e097209e7154329f36ad97cf381e7ab0226de5671a0aa73b37c4bae980201b6cada1b5622537c713b6e704ba486442d4fb84afd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 7f573bbb01b63cd3c86f426c6a1b47be |
| SHA1 | 39cd6eefdfba7cb0ff5d023e38e682783a43864b |
| SHA256 | f85445f5abbefff75660b7258a37e943e2a5bfa8e9039f520a39e943ccc7baa4 |
| SHA512 | 58616f2f79696cc16520dc92279387ea0155170f07bfb7e3d7895fab99779c639fd8b6b15af3566647c933fd9343218cb0d3432e2e2c7b4b9424b318ecc1483b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b3dec781eaad93225e3a561ae5e4900 |
| SHA1 | 59246fc1fc6a2cd559aa4edccb2c1b9ae02eff6d |
| SHA256 | d9663866ee2f7ffaa034a3940acfd959be1dad106af7aa53765093ac6ddd1678 |
| SHA512 | 44e56896f13650a83dfe3210c60debd86a0e2a1d9e347d6d828451c303c00788b6ac874e7680baba50ce83e70880e929ee28bd8b5da67a719cfabf6324c03b29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 97b9d0934aac9ec7750c429886a3b2ec |
| SHA1 | 51982c068fdc9bafc361f6d3fa99d234753ee825 |
| SHA256 | 30e6bf8542c65c5ab600cd1791857e6c431996188a5e160acbf49c4c8cc3a51e |
| SHA512 | 6164c5f58c13df87524e070672651980e1521548a8ea23b1125139b8d18da3aea52f2f5136ec616b92f3d7d515ca1ac67d4518655223736dfe9b3062480a90b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | ededbc78f38744ad5b17550a98b73f53 |
| SHA1 | f154b3116e3fb87aa613c52140a5f1228b439559 |
| SHA256 | c47e765bd542b422b3f579d09b846405397b29a406bd54d6833891616b35e1cb |
| SHA512 | 6ed318ed0c86c1cbd06c97e466b3c5c91d055b40640d134095b8bc7be23fd68a7a7c01a07bcfb79306a8dc20a12d60d7b3a1f4aa846d8199d5ac69d90fa164f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | d0a3b9c55f4234942d087b13ba7bf4c4 |
| SHA1 | ff54c511c2042686ef5ad22557fc0b2223a4a338 |
| SHA256 | f542f8199fcb36c3f3c3494fc1ba6bf85784f70cf56477a4af212ea169009166 |
| SHA512 | cf7ca16bc6416d5b5b28aee43dc08c41444ead63a81c62ed52253e9eee002f0879fe6be5e9c8ab6772daf355e8f95445759853ae5385cb0238bbbada65cad0a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 5c6bee1d2da31697cfeb1f2e9209b4c0 |
| SHA1 | b4215facc20e3d0b7a887a4c81223c40510fee1d |
| SHA256 | d6fbe90111c6b9148c898ce33561dc27de880ae17b6a8d7b8a50fafef129e6c4 |
| SHA512 | 5a1bbd8a5f66275b1c0dd03c21d0fb1560e702cd9f586d71d80d422cfa86fdaca5c8069b4c48d05c0047a5d01b45d0065dcbe29c6e7bb08f3332cf6b51d5a848 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | c2135f9c970fdd2caf0b1b3d565414c0 |
| SHA1 | 3cd39675c7bf4bdbffb29e2d371cfab28b25c315 |
| SHA256 | 3ce50f8d3833195f3586ececc6fa9d7587a442806d3b182dc03e7a7f587b6310 |
| SHA512 | 3894a29730354808045e863e13c70bd00ec6d147e255f6e3b102afeb9c5a33daeb8f7bc7f50882ba110ac30c0e2ebd88e1514b3c650cf7f520fd362fda4f1876 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | d6b0ffd078c68c3e8fb9b520d6bbeef1 |
| SHA1 | 0ef5f5a5f04ae0a556d4ce725126f9f7a1a860be |
| SHA256 | e85b23949bbb19f7017be6216f5fcded4e0f176ecbc5dd63f1c2194e98be8c01 |
| SHA512 | cae27ea28026749c4f828b0a38f8c2550589cebf851d0f5357f766ac57d2a7c874bb99aea6ab88ca0078bcb52dceab8db5eaf8fa047847cb390039338e1a7aae |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | c817ee3e05bb890f06f0d60b0ee8967f |
| SHA1 | 02e9082bf75cec9010952bd837767ffe5ceea9a5 |
| SHA256 | cb689b9d166ba56a2f45831a652ae3e094b21c631dd280e3d48f9fba687ee045 |
| SHA512 | 84608cba39316972c072db3180986702d353bf1e80fde12e68c989c343fb35157ec467cb4387dc2041be316f4dcc4ab6a69dd0357f0b5196cfe4c169bd11d63d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | ec9ade62d6fe51f2eae48d98f86829e6 |
| SHA1 | ffec92779cc36f4f6e1b45018680b6e77e932b09 |
| SHA256 | 90a781d8ecd5b8260e2c0f945ac2fe81d68f4782a1103cac77c5c7756ddf12b6 |
| SHA512 | 289c23705c9018e1463b24f8fb04603a65873343941772668c3597125504503371af74a91fc3ce4163162fa07511194cd63988eab72c8d4faef6113021b2f045 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369882035404525
| MD5 | 4e66b99c01db2a386c2d5c3da7787df4 |
| SHA1 | 198647df4aacbf7b14119cf882a5666541cde8fb |
| SHA256 | d08e82379ec1e2c92de21e38fa9a0dc94d859a9e4b29885acfda0cb1fc597e07 |
| SHA512 | 236d94e2ec359221ec7ed51183101874c7c042449490a0d36944d647a080faef33fbfd205edea6a1e511040b44868ffc593ebb631fd07df5955e3e5d0d63a707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fcc05ef150af47f00a45bcb2403f119b |
| SHA1 | 84a639137d74cd896b97f993d1f7b40fd5e239d6 |
| SHA256 | 08e05d18312aef51f745605d3eea00fe5f707e367072e990cbb15c685556ca9d |
| SHA512 | 5416c685aa8e8ef9d12bf3e41d6eeee633d93fa5cf873cec4c82bf0a72aedb3586c9c01737c040d394c9b3868001d7992f4efffc2cf3f2d82f40ef1602d18aec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b546863aa343a618912ffeca83b3574e |
| SHA1 | 7e7d15602ac333c54d42a299d2f6c0a3380da173 |
| SHA256 | 04be3dadafe64a05b00a5d9dfda37507c9946361fffb9ff2afab4a284124417b |
| SHA512 | af0fd034c9072558f84512c956ad806fd5ed1aec614e4fd2c69a91195eaa982cbbf54e51f0d074420636a067a10415f9d1ceabc61972b57374ddec0b6d010ee1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3b060cf10efc49aa9e5c0c26c146e02b |
| SHA1 | b6faa8fa44b27e295106959fee08b196a3e0e529 |
| SHA256 | 147b8fd5f3632fddc059bc32fcb54fed7b62b1a0e7c5616322fade8eabedd107 |
| SHA512 | be6415c2c4f8baaf84b823964ee34312caacc4313ca4e0418dc325e3dbc0c83e8ccaa0864f6ba08fb307925e0c75b2045f1ee95ba34e6195c5bd9d3ed0e38a18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 49c175fefc2273d39f59b5267fe007c5 |
| SHA1 | 479d2637da58a004fc7a65a8e78a2cd6ef154c97 |
| SHA256 | 7d69e5eda347300d7381d24a8df88d64ea289240599da71365156d27555c88d3 |
| SHA512 | 220ca37809636747b6981b54df61550429ea371be1ad0b22fe463dc6a33c63ceecce0d9ac2d18756492c1bdd39342627f836d867ee929583479d177fe5de14ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 60bb6268824fc5b71e33c0090f65726c |
| SHA1 | ea47f392afb796d5328d41562a26a8df9dba8a1a |
| SHA256 | 0d98daf3244d6d2c2a56530bf86da3b30c8d807b25de2579178620bee43ab6c7 |
| SHA512 | 989cc59335b070b9cb8920c78738feb063258ef4034c97a4c58bd719f43851cde6a14de0c152fb148920e0feeefc1674606993641a60f7300c2d7ce6ccc5b8d8 |
memory/3384-384-0x0000000000790000-0x0000000005902000-memory.dmp
memory/3384-385-0x000000000A760000-0x000000000AD04000-memory.dmp
memory/3384-386-0x0000000009F80000-0x000000000A012000-memory.dmp
memory/3384-387-0x0000000009F00000-0x0000000009F0A000-memory.dmp
memory/3384-388-0x000000000BB50000-0x000000000BD8E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cfc2779c-9fe3-4191-82c0-a58f8bfc5000\rabu.dll
| MD5 | 14ff402962ad21b78ae0b4c43cd1f194 |
| SHA1 | f8a510eb26666e875a5bdd1cadad40602763ad72 |
| SHA256 | fb9646cb956945bdc503e69645f6b5316d3826b780d3c36738d6b944e884d15b |
| SHA512 | daa7a08bf3709119a944bce28f6ebdd24e54a22b18cd9f86a87873e958df121a3881dcdd5e162f6b4e543238c7aef20f657c9830df01d4c79290f7c9a4fcc54b |
memory/3384-396-0x00000000733C0000-0x0000000073449000-memory.dmp
memory/3384-422-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-428-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-442-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-452-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-460-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-458-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-456-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-454-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-450-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-448-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-446-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-444-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-440-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-438-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-436-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-434-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-430-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-432-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-426-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-424-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-420-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-418-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-416-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-414-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-412-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-410-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-408-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-406-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-404-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-402-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-400-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-398-0x000000000BB50000-0x000000000BD8A000-memory.dmp
memory/3384-397-0x000000000BB50000-0x000000000BD8A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PEGASUS LIME HVNC.exe.log
| MD5 | 7ebe314bf617dc3e48b995a6c352740c |
| SHA1 | 538f643b7b30f9231a3035c448607f767527a870 |
| SHA256 | 48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8 |
| SHA512 | 0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.lnk
| MD5 | ea2cb56d80dc044f06509855af87518f |
| SHA1 | ff0ecb164dee25c5da81ba1b991f8a49ba66fcb2 |
| SHA256 | 761e12b5bf8888d753fda86935cdb251fb46239776f738ca3ac942e200b910bb |
| SHA512 | b2b775270a283879d1784be36dfd39c171ba7d50100dc683013bee6224d5c1fc82d79ff6b15738936c14f1c7208dd60c10f1f9db2e5ddc4f08b13bf4ebc5f14a |
memory/3384-14437-0x0000000000700000-0x000000000070C000-memory.dmp
memory/3384-14439-0x000000000CE70000-0x000000000CFE4000-memory.dmp
memory/3384-14440-0x000000000C510000-0x000000000C626000-memory.dmp
memory/3384-14441-0x000000000B300000-0x000000000B330000-memory.dmp
memory/1180-14443-0x0000000000790000-0x0000000005902000-memory.dmp