Analysis Overview
Threat Level: Shows suspicious behavior
The file https://www.mediafire.com/file/qcbrqjlwrn5adjj/xerin.zip/file was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-19 01:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-19 01:49
Reported
2024-09-19 01:54
Platform
win10v2004-20240802-en
Max time kernel
286s
Max time network
281s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711843225342219" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "3" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 50003100000000003359880e1000786572696e003c0009000400efbe33593d0e3359880e2e0000005d3602000000110000000000000000000000000000001c6c220178006500720069006e00000014000000 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{4C282039-ACA6-4073-8080-6ABE408A4D5D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscator.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/qcbrqjlwrn5adjj/xerin.zip/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4248,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=4028,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=1688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5368,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5396,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5880,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=6000,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5968,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6356,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6492,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6748,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6832,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=7120,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=7396,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=7428,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7916,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=708,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=8076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=7312,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=8124,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=8152 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\xerin\XerinFuscator.exe
"C:\Users\Admin\Desktop\xerin\XerinFuscator.exe"
C:\Users\Admin\Desktop\xerin\XerinFuscator.exe
"C:\Users\Admin\Desktop\xerin\XerinFuscator.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5580,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\xerin\40585F64.dll" /A:H
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\xerin\40585F64.dll" /A:H
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\Desktop\xerin\XerinFuscator.exe
"C:\Users\Admin\Desktop\xerin\XerinFuscator.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/nvuT8WtAFU
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=5780,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=4288,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=7184,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7476,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=6636,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x498
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=6352,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=5704,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=8100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=8208,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=8004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6504,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=5684,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=8264,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=8380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=7600,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=4636,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffe8db5d198,0x7ffe8db5d1a4,0x7ffe8db5d1b0
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3180,i,3812191113978254755,167799345199818331,262144 --variations-seed-version --mojo-platform-channel-handle=3176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1864,i,3812191113978254755,167799345199818331,262144 --variations-seed-version --mojo-platform-channel-handle=3176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2136,i,3812191113978254755,167799345199818331,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:8
C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe
"C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5036 -ip 5036
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 896
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\xerin\40585F64.dll" /A:H
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe
"C:\Users\Admin\Desktop\xerin\XerinFuscatorFucker.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=564,i,3812191113978254755,167799345199818331,262144 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4684,i,3812191113978254755,167799345199818331,262144 --variations-seed-version --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2540,i,3812191113978254755,167799345199818331,262144 --variations-seed-version --mojo-platform-channel-handle=2472 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1708,i,3812191113978254755,167799345199818331,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.150.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 18.154.84.84:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 52.25.67.71:443 | api.amplitude.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 2.16.153.224:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| GB | 172.217.16.234:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| IE | 52.18.102.4:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.18.102.4:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.67.25.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.102.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| GB | 18.245.252.28:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.252.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| FR | 163.5.194.30:443 | prebid.a-mo.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| IE | 54.194.65.61:443 | ap.lijit.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| IE | 34.248.143.224:443 | ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | download948.mediafire.com | udp |
| US | 8.8.8.8:53 | download948.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 205.196.121.143:443 | download948.mediafire.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | download948.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 104.16.53.110:443 | otnolatrnup.com | udp |
| US | 205.196.121.143:443 | download948.mediafire.com | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 51c947a5a1e88ac8ba6f16bd2c3ad128.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 51c947a5a1e88ac8ba6f16bd2c3ad128.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 51c947a5a1e88ac8ba6f16bd2c3ad128.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 216.58.201.97:443 | 51c947a5a1e88ac8ba6f16bd2c3ad128.safeframe.googlesyndication.com | tcp |
| GB | 216.58.201.97:443 | 51c947a5a1e88ac8ba6f16bd2c3ad128.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.65.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.143.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.121.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.129:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.96:443 | ag.gbc.criteo.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.80:443 | woreppercomming.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 129.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| GB | 18.164.68.6:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 6.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 104.26.1.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | 5.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 104.26.1.5:443 | keyauth.win | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 104.26.1.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.130.234:443 | discord.gg | tcp |
| US | 162.159.130.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| US | 8.8.8.8:53 | nleditor.osi.office.net | udp |
| US | 8.8.8.8:53 | nleditor.osi.office.net | udp |
| FR | 52.111.231.25:443 | nleditor.osi.office.net | tcp |
| N/A | 127.0.0.1:6467 | tcp | |
| US | 8.8.8.8:53 | 25.231.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.229.21:443 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| N/A | 127.0.0.1:6471 | tcp | |
| US | 104.19.229.21:443 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 104.19.229.21:443 | imgs3.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 162.159.138.232:443 | status.discord.com | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | uce55dc9cb9285b7f75873a51ddf.dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | uce55dc9cb9285b7f75873a51ddf.dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | uce55dc9cb9285b7f75873a51ddf.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uce55dc9cb9285b7f75873a51ddf.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| GB | 2.16.153.224:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 8.8.8.8:53 | uc7f94a0b5986a73b9330f1f70d7.dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | uc7f94a0b5986a73b9330f1f70d7.dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | uc7f94a0b5986a73b9330f1f70d7.dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | images-ext-1.discordapp.net | udp |
| US | 8.8.8.8:53 | images-ext-1.discordapp.net | udp |
| US | 162.159.128.232:443 | images-ext-1.discordapp.net | udp |
| US | 8.8.8.8:53 | 232.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 216.58.201.99:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
Files
memory/2068-0-0x0000000074A7E000-0x0000000074A7F000-memory.dmp
memory/2068-1-0x0000000000050000-0x000000000051E000-memory.dmp
memory/2068-2-0x0000000005580000-0x0000000005B24000-memory.dmp
memory/2068-3-0x0000000004E80000-0x0000000004F12000-memory.dmp
memory/2068-4-0x0000000004F20000-0x0000000004F9A000-memory.dmp
memory/2068-5-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/2068-6-0x0000000006A30000-0x0000000006A3A000-memory.dmp
memory/2068-7-0x0000000006CD0000-0x0000000006EE4000-memory.dmp
memory/2068-8-0x0000000007E60000-0x000000000801C000-memory.dmp
memory/2068-9-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/2068-10-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/4424-11-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/4424-12-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/2068-13-0x0000000074A7E000-0x0000000074A7F000-memory.dmp
memory/4424-14-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/2068-15-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/4424-17-0x0000000008FA0000-0x0000000008FBA000-memory.dmp
memory/4424-16-0x000000000ACF0000-0x000000000AD7E000-memory.dmp
C:\Users\Admin\Desktop\xerin\40585F64.dll
| MD5 | e8fc38352862ee9f26ea98310ca6228b |
| SHA1 | d61ca1128339024007be84f2c3a30e30c597b61f |
| SHA256 | 6486fd7ba81fc1f22d2bea279e1655dea5a12539256fbba4f8975abda117172b |
| SHA512 | f0663851da02c62f0c36d2246d8186d12c60da98732f0bd4894011c25f00129bc556f6d7f7b229eb940c43d12c1a46a627141191ce5214e9dbc399515ee1214a |
memory/4424-23-0x000000000B0D0000-0x000000000B212000-memory.dmp
memory/4424-25-0x0000000003660000-0x0000000003661000-memory.dmp
memory/4424-28-0x0000000003690000-0x0000000003696000-memory.dmp
memory/4424-29-0x000000000B080000-0x000000000B0B0000-memory.dmp
memory/4424-30-0x000000000ACC0000-0x000000000ACD2000-memory.dmp
memory/4424-31-0x0000000008860000-0x000000000889C000-memory.dmp
memory/4424-33-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/4424-34-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/4424-35-0x0000000074A70000-0x0000000075220000-memory.dmp
memory/2068-49-0x0000000074A70000-0x0000000075220000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XerinFuscator.exe.log
| MD5 | acf0c4b2468198e8ed4047aed322c375 |
| SHA1 | 89267327d126259b43a0d2b8b3d2b224e10b1ff9 |
| SHA256 | 03681467cdeaf18c2f382bc3b8beb62c901d23ae1e3e40e5acfa1821749359d6 |
| SHA512 | cd9d01bca14aaae13157fbd5271f4541c7dd7f11e163f1c5582fd58e6ec4b27158f800c875d86cf547927ce41ee34b6730c6d72a9d970017c86606d956adf13b |
memory/4424-51-0x0000000074A70000-0x0000000075220000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 00fbfb8e9b9180239fc59deac3d98b15 |
| SHA1 | 9a68c9b988a970b8b1e5976c3412f0483e45ef99 |
| SHA256 | 4fece6e4b6f9eecd6d2577dcf75ab8880c02a13557eb31911f5f885913feea90 |
| SHA512 | efad3dc39579241619851844c50bf93d5080680dfe7cd3db77c331dafeed1ac39136c77e1807de47281336b52edc80301b02924b1ba0c11d0a506d14d41b95a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f62876147b17e06a7cc8e289803407fc |
| SHA1 | 7f72f66049795d773c2e340d549fd56495a9ef8e |
| SHA256 | 3226cb157bd167199cf07ed5a6c03f02b56a3fda972801a5e79e98dd4f3f7f24 |
| SHA512 | bcc7cf813badce63ae602a732c2811deeaff43b2ba0b2729ffb0bb0bc9f8d4a17f0a7a5b020065c01741d3d3363b8f399d241874d076272b1e98a67b718d0c4e |
\??\pipe\crashpad_3320_NEKAYQHCGNYUNCBM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/5036-126-0x00000000000C0000-0x0000000000166000-memory.dmp
memory/5036-127-0x0000000004AA0000-0x0000000004BFE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f75c9fb9a4bbfe054cc1042ab2ec9411 |
| SHA1 | 144f8c5e5b63b402056100051bcbc1652e2e5f0d |
| SHA256 | f100d2a1083f05ff262b62924109a110aee82bb4ee2214021d0427953618b235 |
| SHA512 | 3ac4b65e47673101a36eb9c08555eafad87b2eafe7a7c0516843e3c3afa7b747e12669c8fdddfc4050f5b6791814c7cf65f330012f6da0ec8015520fece7f72f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | df785e4e9a412c2e0fb47553885fde82 |
| SHA1 | 6dc6f68a1768436e2593994cfe800f5f55ac6e94 |
| SHA256 | 6800eeaa8e964f8e55801f50c2213707d85832d1aa71c27cf0ccf5ff47481abd |
| SHA512 | e858f8f07899b89b19025fb01e04afd3f217ea449849124469d48f696c100c1c8c7fdf5656b3b8b29f519c232999b815565a3e9e5b017a773b6bd448c53ad4b1 |
memory/5664-164-0x000000000D950000-0x000000000DA76000-memory.dmp
memory/5664-168-0x0000000004DB0000-0x0000000004E12000-memory.dmp
memory/5664-187-0x0000000004D40000-0x0000000004D64000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | d735433e5f5273598d2f6049c45e7db3 |
| SHA1 | 830a77ef43f48efbb33a24282fe5bd5e1baa543a |
| SHA256 | 1ee1978767c5fd3f71cd2aecab9a479ff4757336becf6f223ebc2ed036a6698f |
| SHA512 | 8aafab7a078ec69560f7b4dea7efdc831c6d167a7b1d975344c8967244eb059fbd84c14bfcec31163fdc88c10664ad605c4c8697176b4333c7903b66e60d5b4d |
memory/5664-212-0x0000000000C20000-0x0000000000C4A000-memory.dmp
memory/5664-213-0x0000000004E30000-0x0000000004E3C000-memory.dmp
memory/5664-214-0x000000000AE60000-0x000000000AEE0000-memory.dmp
C:\Users\Admin\Desktop\New Text Document.txt
| MD5 | 45dd9abbacf37b2049c446fc6186e27d |
| SHA1 | db98a36691994e8ee6fd75adf5ba0ec38d4c3fc0 |
| SHA256 | 9890093a8f8ed4da0b24375ffa7d40239784deef65044a8b70bcaa0e3862fece |
| SHA512 | ee5da57e033e2e311aedff98e9b3ec050d67432a70e9f5c4ecdc0f22ce8eba05ba262287d8cca73b88558f61de64eb5d300781c4d6f88ec29b375951c8e0705c |