Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/9vzumex9n0a7x/IHC was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Command and Scripting Interpreter: PowerShell
Modifies Windows Firewall
Uses browser remote debugging
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Hide Artifacts: Hidden Window
Drops file in Windows directory
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
NTFS ADS
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-01 00:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-01 00:49
Reported
2024-10-01 01:05
Platform
win10-20240404-en
Max time kernel
931s
Max time network
927s
Command Line
Signatures
njRAT/Bladabindi
Command and Scripting Interpreter: PowerShell
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\leakless-0c3354cd58f0813bb5b34ddf3a7c16ed\leakless.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe\" ." | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe\" ." | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
Hide Artifacts: Hidden Window
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mediafire.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mediafire.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f5cbf6ce9b13db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "43" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "773" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5ba82ee79b13db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "802" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "434508763" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "434525358" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 285a11d89b13db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "162" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 409c8ef29b13db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{29FCFC05-46B6-4551-86A5-5D9160094A = "\\\\?\\Volume{38FC7460-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\Password.txt" | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "43" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "133" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "133" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b19c8cf29b13db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "162" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\NumberOfSubdom = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex\HubPane = "3" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "73" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "73" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Password.txt.7kyrmuq.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\IHC.zip.8zteh92.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IHC\IHC\IHC .exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.mediafire.com/folder/9vzumex9n0a7x/IHC"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Password.txt
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\IHC\" -spe -an -ai#7zMap3328:68:7zEvent24051
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\IHC\Password.txt
C:\Users\Admin\Downloads\IHC\IHC\IHC.exe
"C:\Users\Admin\Downloads\IHC\IHC\IHC.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\Downloads\IHC\IHC\IHC .exe
"C:\Users\Admin\Downloads\IHC\IHC\IHC .exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Windows\system32\cmd.exe
cmd /c cls
C:\Windows\system32\cmd.exe
cmd /c cls
C:\Users\Admin\Downloads\IHC\IHC\main.exe
"C:\Users\Admin\Downloads\IHC\IHC\main.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\Downloads\IHC\IHC\main .exe
"C:\Users\Admin\Downloads\IHC\IHC\main .exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Windows\system32\cmd.exe
cmd /c cls
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
\??\c:\windows\system32\cmstp.exe
"c:\windows\system32\cmstp.exe" /au C:\Users\Admin\AppData\Local\Temp\gutrqqka.inf
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Taskmgr.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\msedge.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\SystemSettingsBroker.exe
C:\Windows\system32\taskkill.exe
taskkill /IM cmstp.exe /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\msedge.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Taskmgr.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\SystemSettingsBroker.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe"
C:\Users\Admin\Downloads\IHC\IHC\SpynxService.exe
"C:\Users\Admin\Downloads\IHC\IHC\SpynxService.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe
"C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Windows\SYSTEM32\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe" "explorer.exe" ENABLE
C:\Users\Admin\AppData\Local\Temp\leakless-0c3354cd58f0813bb5b34ddf3a7c16ed\leakless.exe
C:\Users\Admin\AppData\Local\Temp\leakless-0c3354cd58f0813bb5b34ddf3a7c16ed\leakless.exe 4a13677abc39ce876c47203ac9b4d7e3 127.0.0.1:56871 C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-features=site-per-process,TranslateUI --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --enable-automation --enable-features=NetworkService,NetworkServiceInProcess --force-color-profile=srgb --headless --metrics-recording-only --no-first-run --no-startup-window --remote-debugging-port=0 --use-mock-keychain --user-data-dir=C:\Users\Admin\AppData\Local\Temp\rod\user-data\7f21307857b2600d
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-features=site-per-process,TranslateUI --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --enable-automation --enable-features=NetworkService,NetworkServiceInProcess --force-color-profile=srgb --headless --metrics-recording-only --no-first-run --no-startup-window --remote-debugging-port=0 --use-mock-keychain --user-data-dir=C:\Users\Admin\AppData\Local\Temp\rod\user-data\7f21307857b2600d
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\rod\user-data\7f21307857b2600d /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\rod\user-data\7f21307857b2600d\Crashpad --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=114.0.5720.0-devel --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff82f73dac0,0x7ff82f73dad0,0x7ff82f73dae0
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe
"C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe" --type=gpu-process --disable-breakpad --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --mojo-platform-channel-handle=1316 --field-trial-handle=1320,i,16048440954970852967,11310676998720270292,262144 --enable-features=NetworkService,NetworkServiceInProcess --disable-features=PaintHolding,TranslateUI,site-per-process /prefetch:2
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe
"C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1564 --field-trial-handle=1320,i,16048440954970852967,11310676998720270292,262144 --enable-features=NetworkService,NetworkServiceInProcess --disable-features=PaintHolding,TranslateUI,site-per-process /prefetch:8
C:\Windows\system32\cmd.exe
cmd /c cls
C:\Windows\system32\cmd.exe
cmd /c cls
C:\Windows\system32\taskkill.exe
taskkill /t /f /pid 6340
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 117.150.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| CZ | 65.9.95.107:443 | cdn.amplitude.com | tcp |
| CZ | 65.9.95.107:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| US | 104.17.150.117:443 | static.mediafire.com | tcp |
| US | 104.17.150.117:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | translate.googleapis.com | tcp |
| GB | 142.250.187.234:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 83.94.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.89.9.65.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.rootca1.amazontrust.com | udp |
| CZ | 65.9.95.29:80 | crl.rootca1.amazontrust.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | 29.95.9.65.in-addr.arpa | udp |
| US | 35.163.4.97:443 | api.amplitude.com | tcp |
| US | 35.163.4.97:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | 97.4.163.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | privacy.ezodn.com | udp |
| US | 104.21.87.79:443 | privacy.ezodn.com | tcp |
| US | 104.21.87.79:443 | privacy.ezodn.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | download1510.mediafire.com | udp |
| US | 205.196.123.198:443 | download1510.mediafire.com | tcp |
| US | 205.196.123.198:443 | download1510.mediafire.com | tcp |
| US | 8.8.8.8:53 | 198.123.196.205.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2293.mediafire.com | udp |
| US | 199.91.155.34:443 | download2293.mediafire.com | tcp |
| US | 199.91.155.34:443 | download2293.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.133:443 | www.bing.com | tcp |
| GB | 92.123.128.133:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 104.17.150.117:443 | static.mediafire.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 35.163.4.97:443 | api.amplitude.com | tcp |
| US | 35.163.4.97:443 | api.amplitude.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 104.21.87.79:443 | bshr.ezodn.com | tcp |
| US | 205.196.123.198:443 | download1510.mediafire.com | tcp |
| US | 205.196.123.198:443 | download1510.mediafire.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | proxy-cheap.blogspot.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 172.217.16.225:443 | proxy-cheap.blogspot.com | tcp |
| GB | 172.217.16.225:443 | proxy-cheap.blogspot.com | tcp |
| US | 8.8.8.8:53 | amazonhost.thedreamsop.com | udp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | proxy-cheap.blogspot.com | tcp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 8.8.8.8:53 | 239.41.180.107.in-addr.arpa | udp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| GB | 172.217.16.225:443 | proxy-cheap.blogspot.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | playwright.azureedge.net | udp |
| US | 8.8.8.8:53 | registry.npmmirror.com | udp |
| US | 13.107.246.64:443 | playwright.azureedge.net | tcp |
| GB | 142.250.187.219:443 | storage.googleapis.com | tcp |
| GB | 79.133.176.225:443 | registry.npmmirror.com | tcp |
| US | 8.8.8.8:53 | cdn.npmmirror.com | udp |
| US | 8.8.8.8:53 | 219.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.176.133.79.in-addr.arpa | udp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 8.8.8.8:53 | 3cpanel.hackcrack.io | udp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| N/A | 127.0.0.1:56871 | tcp | |
| N/A | 127.0.0.1:56895 | tcp | |
| N/A | 127.0.0.1:56895 | tcp | |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
| US | 147.124.205.158:61448 | 3cpanel.hackcrack.io | tcp |
Files
memory/3808-0-0x000001494A620000-0x000001494A630000-memory.dmp
memory/3808-16-0x000001494A720000-0x000001494A730000-memory.dmp
memory/3808-35-0x000001494E8B0000-0x000001494E8B2000-memory.dmp
memory/760-45-0x000002209E0C0000-0x000002209E1C0000-memory.dmp
memory/760-43-0x000002209E0C0000-0x000002209E1C0000-memory.dmp
memory/2252-63-0x0000021C90CB0000-0x0000021C90CB2000-memory.dmp
memory/2252-61-0x0000021C90C90000-0x0000021C90C92000-memory.dmp
memory/2252-58-0x0000021C90C60000-0x0000021C90C62000-memory.dmp
memory/2252-124-0x0000021CA3080000-0x0000021CA30A0000-memory.dmp
memory/2252-125-0x0000021CA2600000-0x0000021CA2620000-memory.dmp
memory/2252-127-0x0000021CA2660000-0x0000021CA2680000-memory.dmp
memory/2252-128-0x0000021CA2AE0000-0x0000021CA2BE0000-memory.dmp
memory/2252-129-0x0000021CA2AE0000-0x0000021CA2BE0000-memory.dmp
memory/2252-171-0x0000021CA4000000-0x0000021CA4100000-memory.dmp
memory/2252-184-0x0000021CA2D90000-0x0000021CA2D92000-memory.dmp
memory/2252-186-0x0000021CA4300000-0x0000021CA4400000-memory.dmp
memory/2252-191-0x0000021C91200000-0x0000021C91300000-memory.dmp
memory/2252-199-0x0000021CA4CA0000-0x0000021CA4DA0000-memory.dmp
memory/2252-198-0x0000021CA4300000-0x0000021CA4400000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\blank[1].htm
| MD5 | 8d250ef060fadf30c3427f9887f31040 |
| SHA1 | 9fcb16922d947a6cd6ce33f98922a693900aa902 |
| SHA256 | 5e8a91dd3c5219e557a3f9fc662266b58cf47af71100c2ed4e6fa0c867db84f9 |
| SHA512 | 6ed276b47329bc6ee4f5899964ef01fd41e046a9d0dbf4fba4a59f009801466b798f439727e61db1dd3db22586c0eb50f09e2d70f08b2d7cbed4abd0784beee1 |
memory/2252-225-0x0000021CB5410000-0x0000021CB5510000-memory.dmp
memory/2252-226-0x0000021CB5410000-0x0000021CB5510000-memory.dmp
memory/2252-232-0x0000021CB5510000-0x0000021CB5610000-memory.dmp
memory/2252-234-0x0000021CB57A0000-0x0000021CB58A0000-memory.dmp
memory/2252-237-0x0000021CB57A0000-0x0000021CB58A0000-memory.dmp
memory/2252-241-0x0000021CB58A0000-0x0000021CB59A0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QXOU1EQF\www.mediafire[1].xml
| MD5 | 2a7a9e1d40bee800d04e1b67cf9943e5 |
| SHA1 | df92e8d1f904d2ea4839aecb00080fcb841bc854 |
| SHA256 | 4af73a3f0f6efab3cb1d0cff6eb3d93bfdfadf2f960ef6721ea07d58168da501 |
| SHA512 | 1bb3a78bca102a727a61fd13de95da3481f001d2bbb6cb92e6f95c62c2c8cc9ca18db51196afb5a27bcbb17167d911a0cfa0696120f4204706b0e6d5dbe795ee |
memory/2252-298-0x0000021CBA300000-0x0000021CBA400000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\main[1].js
| MD5 | 291947445826da801e2cf40dccf58206 |
| SHA1 | 6b7254ab38798ea86c3bb33fd488e1e63bab5274 |
| SHA256 | 05e3e86f598f5693226abeb4ac08308febfa1cfb52ca12de8bff37b19a23aa7e |
| SHA512 | 4cfab40bf36b7f8eb6ac83d8191c8b97b5242a3dfb4192133a94be4f7e079e113b266b5efab45cde6c578e3ac86b22ec561dd9a546ed58f25ccb6f777e689879 |
memory/2252-320-0x0000021CBC600000-0x0000021CBC700000-memory.dmp
memory/2252-341-0x0000021CBA500000-0x0000021CBA600000-memory.dmp
memory/2252-380-0x0000021CB9300000-0x0000021CB9400000-memory.dmp
memory/2252-407-0x0000021CBC300000-0x0000021CBC400000-memory.dmp
memory/2252-424-0x0000021C90C70000-0x0000021C90C80000-memory.dmp
memory/2252-423-0x0000021C90C70000-0x0000021C90C80000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\O0P00EOG\favicon[1].ico
| MD5 | a301c91c118c9e041739ad0c85dfe8c5 |
| SHA1 | 039962373b35960ef2bb5fbbe3856c0859306bf7 |
| SHA256 | cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f |
| SHA512 | 3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\css[1].css
| MD5 | 52904c49cfd45b14adb3c6a116484e45 |
| SHA1 | c02fcf2937b5a9ecc4d32593334bbf48e2633d38 |
| SHA256 | 7e729774588568e7148353469802f65fa7a50c2818fb6cf022c3a1cc1644f2e9 |
| SHA512 | 54b5b7ef48afe3113a12ece2c5e093acd4cab05249bc101ca22ae0a7a8e86170bacf66c6570fecab4aa7ab4cb58c076986d4fa8ce94c1dec0ceb591d2b4fac31 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\jquery.min[1].js
| MD5 | b8d64d0bc142b3f670cc0611b0aebcae |
| SHA1 | abcd2ba13348f178b17141b445bc99f1917d47af |
| SHA256 | 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4 |
| SHA512 | a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QXOU1EQF\www.mediafire[1].xml
| MD5 | 7ba4282ec4beea44aa85730f221056dc |
| SHA1 | a739fc08bf3156b8f413978b93043f90e1059cd8 |
| SHA256 | 332a0330de092c004d5c3ca6a5700cfe248689993a4f9fda9193b682e320dd69 |
| SHA512 | ff1a1423812178e7c0f1f1aa7d03a75e6d3714cf0d80475db4496c28692012924cb4df0bc008acbdcb1d32d7487cc98666ff65a56693cf2c696fc1424ec0f063 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QXOU1EQF\www.mediafire[1].xml
| MD5 | d42c403fdd1386161739292fb1ee6d63 |
| SHA1 | db27df1adfabaaec817bcc07df39b74d1922f750 |
| SHA256 | 58534945790f96e03e6875dd7fa6d18d9d6d899c2ad24bf799d59daacda4d608 |
| SHA512 | 12c5fd69500d3884bfcd04e1d03722a95204bb6c4c6c63b61ec0b533e3882048acff46f1838b6d79aa1545d0e5f6b748727088e0134b67a247cbcb71f2c16ff4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\js[1].js
| MD5 | 49d126151da12b379d9fb3c89812e0ba |
| SHA1 | b6e536e99144a5664300530692f40ea45eb5a11c |
| SHA256 | 1c33e038ef691aa9d2f6a6fb9535260eb676c65a784f8d01c15e517cdd73cb92 |
| SHA512 | 26af82744d2effa67f515ac9657396c92663faf5b347e96db436e8f4fcca90e59933d2d9dd6158d4f5afce140a64f3561aa5f414a5792843c9d187c64a1637ad |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\amplitude-8.5.0-min.gz[1].js
| MD5 | c43d9f000a09bd500ed8728606a09de3 |
| SHA1 | 36ad6b0fa2c6bcd116fb642f25789fc2d08a68e6 |
| SHA256 | 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4 |
| SHA512 | 802af189282aff84b1262a54e59463bdb9b07ec6d1dbf20fa26712b3e19a2212f1a31f2a2d4dd620d7d1313ceff43dc4272f51a7a2407296bf6d57c11e38801b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\gtm[1].js
| MD5 | e5ddb73b1fde785477b50032d845e398 |
| SHA1 | 0fc90a032affab96a50ada78840d64722538b473 |
| SHA256 | 19aae5b75e73c4af49f3e8d0f33fadf767fa12353a4d1a92b11e2b5862935701 |
| SHA512 | d2fb0af9b1f74ef7feb95d8853a550e4d5b723b98dddfeda1c80d520ff2d0ff6682a19f860fe83373a9e0fe637edd8140a61b338a3e0724fe2f08124b33c95f0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\m=el_main_css[1].css
| MD5 | ece37b7141d806ee65edeed7e1a7fa4d |
| SHA1 | 4df420e785778e5e4ea1d3708e83f9177ecaf3f7 |
| SHA256 | aedbcc46e00deb73efd45fd02fe1d4b5264d2cfbd7dcbcbf1e1411de34237ca6 |
| SHA512 | c96590c5048ad20337f16a956c94a53f6257743d0ff6658a35a524a0936833382e5614f4f386658193bb7efed727b72290da4903879dcf6b8e012a2c859932c5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\m=el_main[1].js
| MD5 | 065c4127c70a45f24f993a35a4f23ab5 |
| SHA1 | d0fd200c35020c75f2fd89b8041d8dde23570dc0 |
| SHA256 | d20734e5edefa32ea8a71145a43c9eefebb50eed5a8ef0a460646f17e02a6c1a |
| SHA512 | f72cd428e59f3ab253095f964d0b53211d11ce3f5d660980ab1db8ad6494b2c9f1d75742cf0f7ad9ca7cb38a2a7c1a6974f5544ee44d5be3b474fba13ca3a68b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QXOU1EQF\www.mediafire[1].xml
| MD5 | 236d452ed9660f47cfb6439479bdb4d3 |
| SHA1 | 679f0739aef13c3870a54b0ffe5bba914220cd07 |
| SHA256 | 98b9bd02fcfeef956c3bbde3920167636e4d2aaad983b3e84d61c363a7abfc9c |
| SHA512 | c4f568c28aee8e6be026d2b6652ddb9ea713bf3b763e45ac89e9b2b9345a2e507045a1c3bda019b675a8b18cd7e9da39e02cb7c1ea6384dddaaebd4a7befe9e0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QXOU1EQF\www.mediafire[1].xml
| MD5 | 626da22fa80c106e23e585aa3430308b |
| SHA1 | 3b7bc3bbf8017c6e4a60afd791ff894b9847dce2 |
| SHA256 | 5672abc31ba4b6b96fed61ed743f36ad7dadfb939b1b6b5efebc207d764c0b17 |
| SHA512 | ef22cb6b7cb755e6667509fcdca4ecc709799467059128f52bdca4e671bcc3bd82acbed5d4471199acf31b5e8a923ba953d49a800ca340b1b34975ea0e3d4b48 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\cmp.min[1].js
| MD5 | fbe92038aa9b8d58fc93cfe47e2987af |
| SHA1 | eef8bd2a46f667ba964cb865285ec57502b894e8 |
| SHA256 | 66f8ecd359ccf9d79ae9c4ad10312de1a65db446344b2667e54d604f25d3165b |
| SHA512 | 88ff32162819d0064d55fdf37427d7f19c26890b056284e4f9ef1ca208ed8fb36ed8e8ba1191800b01030459a8df91d007c30e603ae50f357c50ac5f0f09ff4a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\sa.min[1].js
| MD5 | c22914b24d4938d6e12a75c68fe689e1 |
| SHA1 | ced7dd7edab20fd0b3ed840f8fd11b28a3bef957 |
| SHA256 | 11585ef53647fc9cd0df942c462fac780617ca873f39203b3d05a2042dfc8d9e |
| SHA512 | f23b27bf756207d8e8ca872fd09895691350680a53545e4c53ba5d90e43078298cf23e1ad945bcdd7f19e629d89d1ae24f8806603a37755901b64196bc1bf3a2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QXOU1EQF\www.mediafire[1].xml
| MD5 | 488cd3d84fd7ef110721ca6efe3f7294 |
| SHA1 | bd1459a344e869ddb7072f11c312b5359d60a082 |
| SHA256 | 9516e89b24fb49282e87d8813903d1da6e919139155badd0948dc2de01a0a796 |
| SHA512 | 67f78ce0fa762bb720909048147a6471b333dc2461092354e0c7bb3a70652680731eef48f4fe5972bddc14c08d9196d4c38d6c84f26a76539a3af6cffd6c3515 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\tcf2_stub[1].js
| MD5 | 2077ac96432bf99cc1ea7ca15161d605 |
| SHA1 | ea356f246f2255a9ad45d96df40a6ee21dafb4f5 |
| SHA256 | 86e721bb96c71af08a282151a6246606d325447fc603947cffb628265d7509be |
| SHA512 | 03a8b201ff8c7a90c11ef2416cbbe75c5fa3a07b230c1fb04610613118aaa37da927a93814e9aee7490bc31f5cb4110b091b4aac4f18e61cbda5e8b5679a85f1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\tag[1].js
| MD5 | 39b88d874816973a0f9ffec837d7eb28 |
| SHA1 | e85163cb64f1a032d8eccaa7c9dbdb742b0077a4 |
| SHA256 | 742da234d6f3a15f4037239bef2d0c315846433aa9eefafefcf668b07b9c5f2e |
| SHA512 | 5d038744c19336860f0135ff40e4d5d0e071d61ae46b33fe0fab71531da3e4f863443c79a7914d0e10bee14e26f94224dba2a96dfb94fcbd471c433a3daa1efd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\babel-polyfill[1].js
| MD5 | 22913bb43ff413d167592e2d836d8c95 |
| SHA1 | f917e79a65c47fb7c3defcfdbb84e0862e8e42d7 |
| SHA256 | 6eae50fbcfbe88497fc0d4c5c1fde307782a41e6f4ed1cf43359cef5d7f735ce |
| SHA512 | 6160508fddfb72f8062264189473ef8109fee969b6c67aa33de7d38078e2169f21a2da3d816240256f2b1086e1bfc780e49f1c351a4dc44a678fea2f59c7f9cd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\cmp[1].js
| MD5 | d55673ad1a2e6080ba3d2124d1dc3f2b |
| SHA1 | 009fc39559c38c92f4b7141db12f4cddb1013fcc |
| SHA256 | 475d40eb6a079ff5ef3115ad68f9f31abfc6fc5af0194c4a04248342c8bb2bfc |
| SHA512 | e63727be7c8f19adeab87880745707e847faac4a70245f0a1f1d79e784a3612bd23a62340d25aa658dc84888cbcc6cc512fa3e185c1c0cc6b37922896ce8be8e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\abilene[1].js
| MD5 | 2870474b027eb72496c8fba523a6e4b7 |
| SHA1 | 5d2cc1df7ebf3b79c4eb79aaf073a8dca1c7c491 |
| SHA256 | 2ca6eb4a4a6746b991e1437d373f2fc4ea6d99ebb9c4cc9258c992cfbbacaa43 |
| SHA512 | 7b2d2ce8bea3809e57279a52fa567f90d5ffb7bd9cf3877a7ef2b9fce397ab290e55070025731a6c4aa95b9bf841282c1456812577fc430b5b5e85f9bad3df57 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\boise[1].js
| MD5 | 4ed3b89388d5eb4ff863dc8f5708bf54 |
| SHA1 | ab125ca06259b079c9c7eb3155315aaea2895365 |
| SHA256 | a4fafcd389d58bbd82e49d9a68e81e9dc8384330ff14ec3283a4d0d11812047b |
| SHA512 | f25315ca811449c271a7eb03d600306a9530fedcfbc226c9260c4b905a237161ff749e19a81ceef39fb5e71ea8badc23647fe058c0ce8d0f8c0fdfa809fa9ccb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\et[1].js
| MD5 | e3d4ee100149c09e5fd34b2290f9dd97 |
| SHA1 | 3766b1d72922bcc2561b5f7db751a69b672237aa |
| SHA256 | 0f67393986c012dbf48aa3149e2874bd84ed5f466362ad1ac31305f697f1da7b |
| SHA512 | b2b16da582591e1e7c9d82fa2bf286e681618803cd54c93e56247be4ea4a45c77389a72c9c475e4ee8810cdcf3aa135ae6a0c00bedb436d2d2eee7df2713645a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\vcd15cbe7772f49c399c6a5babf22c1241717689176015[1].js
| MD5 | ec18af6d41f6f278b6aed3bdabffa7bc |
| SHA1 | 62c9e2cab76b888829f3c5335e91c320b22329ae |
| SHA256 | 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f |
| SHA512 | 669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\reno[1].js
| MD5 | 2b89bba38b72868c38a47efd83337408 |
| SHA1 | b9755db31cd43e3208384c02741ae8ff94515cbd |
| SHA256 | f54286632324635a71b3fc1e3d9752fd68cf77ccc74a1a519be7ba8445e7b3cb |
| SHA512 | 91e4dde7b4c9f00f8ee874014794ea5e34915da5f8ebc3b3d937a81263ef1d87be6841bf021187c2e9c4128d29a6ee6c326261aff82e44a3b420ff3b7fd2334e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\wichita[1].js
| MD5 | 5400d57d3c99621a705f935a7f03be29 |
| SHA1 | b1bebf7179d6fbcf789eae5bbe363e0e25245669 |
| SHA256 | 1d7a77f24fc31abf310ccb240b2e0a49f2582823f990eef11a3abc37f286ea12 |
| SHA512 | 518ff77ff1e97290737da1b3182be21836eacd863c797138c8e1400801242d20040fd2dc92c50cb067aca0ea25a0bf1ebca557007977988743bc3859d05ae372 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\raleigh[1].js
| MD5 | f00a1ded89b7210fa37e80858e42b683 |
| SHA1 | 8de42cf7dfb40d55f16b19ae79b5e8e1d148a7f0 |
| SHA256 | 2149609073953a523eefe7112eeeeadba8cfb4de700991373a4b86d530237730 |
| SHA512 | 50a6c38e641fcc36cab972648f398382a5409f1107f46d0f0d1dc9d88dbfcebe1ec119d0ac2479247892819d1c69ac09319bc5a534bae7e400b6d3d9ca7c4f2b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\mulvane[1].js
| MD5 | e1930563c7cff93623e149d6a8c51b38 |
| SHA1 | 62a1a030b8d4c2c743a13850b0f4f1a23f8fd1ac |
| SHA256 | 465f5bf33ff51b2f15dc81dae1c95fc6ab4337fd9548459d44457155aaaefc9b |
| SHA512 | 0c535f1e1efe4389e99974828882273975ac3f57da1ffcceb52856786227b16f5b84e2fcae6484848e44a31cef6d0bb6bdce2bc5bacd9632d9532d681d06cee3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\vista[1].js
| MD5 | 78c9f2daf6e31d1a649d1bbd3fb61668 |
| SHA1 | 1cfae2a2f1d283230cd2ef76b4caed083a09ec8a |
| SHA256 | e2e2a10f2cb324627b3e07cc7789ad5c4626e4068a4089a8071f60e67168e3cd |
| SHA512 | 0532be0cd53d4cc90b99fcdfd370e11cf9874cbfd7bf8cb2d5f6a585417ddd9386400ba92df8b5e964dd8cf46bbebddf4dd69814d25eddfee141642acf28b61a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\vitals[1].js
| MD5 | 297850e4696b769e722c0b63d4956933 |
| SHA1 | 13cd50332e8d5af243589efb6ae5d3ebdf969a98 |
| SHA256 | 9b763d5b912167fe106b398398dcd84dec3c0734c7cf869e66127e1bbc353e26 |
| SHA512 | 4992c9d19d1f0d77e58145777bbded87c44e87a752f650a5fb1cbcfb19c7a740a1ed90f7edb759692a37a207db750dd04c3f764d900eb58cd9f75651020e220c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\chanute[1].js
| MD5 | 0fc342f292d686b0ef3437980b3be70b |
| SHA1 | 7704f031f065279cd8899f9cc72e8c4101aab36e |
| SHA256 | 43bfd4efdc0e50c7ddf838d314861e51615398c1240fe5059d6f742b07763190 |
| SHA512 | c1854e70497d7986e9440bd1d6215258d97a2a6962fbf1589ca169716d424200be3aef94f663f2948e0e1df1b1663c376650cba7033a5828066a816ca446da58 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\olathe[1].js
| MD5 | c4372b53e86b94460d26a82795f41968 |
| SHA1 | 496546088297c0b29cb2a6de6cf6cce53ede9004 |
| SHA256 | 99773781f27958d328d2b177d2f1bb8bf4bdf6f8df05f0a30a10e55bdbc4d999 |
| SHA512 | bd64fbd198078fcc6b059d8620442ff661cfe53f3d7bba104de6d886cba7e5b0cc6ce12f45afc9ab35dbe054c9106cc12d2b1cd5a33fca0db753c55a891b9d75 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\kenai[1].js
| MD5 | c419f95935765b0fe8c7ce40f9239754 |
| SHA1 | 80dbfbd1c4a10368be3c7d76f8c24f1e41dc76ab |
| SHA256 | 985cf6671f58bb7fb2c2d0710eaa5aea2fd61e628eb574dd8e9d9fe1f5e42f34 |
| SHA512 | c30302a23365797b8a9d58160a594114fe99f795e08db55ac7a6b304bf04df0bfbc00b58808f71699c870a3c809bc4138b581d42f709c612576b410178415a53 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\jellyfish[1].js
| MD5 | 449036d4ba260ff86710196b110c3707 |
| SHA1 | 5d7d8e935fd9248d6a2f0982f422195af532b3f8 |
| SHA256 | f1dcc1ff618d47bec644264ab4562c816f13caad8c2a184c71c9407bf8ec4ba5 |
| SHA512 | 232b529524b3e2a7200dd0e8a89b8bf976698a4929b4565655d724343ae289c9b9ef80edebcbd35aa618046711484853af16e6952e285592dd67ab954cbf875f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\f[1].txt
| MD5 | 76bee81537cce59b763e4db6d74b0b25 |
| SHA1 | e33f8da07c4a3c06c0ba8cfbaa2997f99d6e4b15 |
| SHA256 | 20a845f9eed6315959d83adcd7e7b4de436dcc3e2beb9e34754eb99db07c3672 |
| SHA512 | fbaff851b5f73c6555190ea2408fc22aa0a197380ea61e94f881ad6b0a0ee361b0317855878e357b312f75c87864ae78a12d22800385dcb04c0502170567478c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\sidebarwall[1].js
| MD5 | 556d18c44461846a33bbc1bc141b8fb0 |
| SHA1 | e0a7724791907460905d58d25328bb27d8c877ba |
| SHA256 | c46112b521d8782f9ace52b74a86041d1378ad4ce71b94a8e6870f2823cadf94 |
| SHA512 | 138990384709dfbcd40fe0475d031e868cf76ab651ab73cf61a25a607ce6dc5d6917957d7256614fff32c72acd5b20ea92e7432e1621113f97aa48ab4ebf5d8f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\anchorfix[1].js
| MD5 | 13147ea39e6adfbf7ac43bed2a0e7f30 |
| SHA1 | 64084e4ca95f5101c73b30ca6a1df5d4181c7e38 |
| SHA256 | 8ffe347dbc10cb896aae570117dd6d94fc1dda80c74bf113544efb340f106294 |
| SHA512 | 4625aad6411302910290b747dac964c65d259aa419feaa14d96ad05cfc37ba0cd9f3fd3953ded2a4cc9bba8e54bc34cc07440a51e0b58adadafea5ab5d6c6e85 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\portland[1].js
| MD5 | fe2a00b89f6ed4226e44c452c66d973e |
| SHA1 | bb5379e17a28300781dc5822c95199cc4faa1883 |
| SHA256 | e07d567b76360fb59a8332cc2246aa3c472d9ca3e7f314b2bc9b38be25b795d3 |
| SHA512 | 492cf2331f9e22999565449db8c078f1eb559934a64fb3d669fc75808316a3666686226484c94d8d2e8bea906f43a2b8d7237cd72d4a879ae5e35583054f486c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\tuscon[1].js
| MD5 | b46766fcafe62da51c1d0d3034882a73 |
| SHA1 | 1a09f359adbe89e93aefe26acfa2013050cef0ae |
| SHA256 | 50fbbe164918e6fb86e26b49d99c193d1c36ec6bbf9a51b9967ca74f2282ccde |
| SHA512 | d6bc4d8e7115b99059c19e37766640c05bb4e7755d6abd4441e594eed6a334ed7f3de49f38998f033f564d207d8b67b5a91d700c7fe00aa8d58c7f29014ce437 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\dall[1].js
| MD5 | 87c10a57ebed59a2acac6af487668870 |
| SHA1 | 291ede1c56dfd115d9b5d50a117a28f0a1f6571f |
| SHA256 | ba958c271bb9c9e47328476c338da30b8656fe907b9de4c083c04d8878c4ecd4 |
| SHA512 | 40c955287195475b4ce153f6a38c61eba7e746dd58ffded24c04e3350968dcefdc00e44e4af211bea04e56dbbc109dd838fce3b9bf9e3fe09d4deefd0dd9e72a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\f[2].txt
| MD5 | 1cad3ebe46b9fed7a6dd233df1c7de03 |
| SHA1 | fcb221a511883e5757ad441954b77fe35b325f42 |
| SHA256 | df1706706148155c8e1ed66b0d2bd86fa0b18f2cc06801763de1a58df19370d0 |
| SHA512 | 39ada80a6cfc0ce3bdd6a7eb72a87769c6674e1776dbe2be63b3175c34730d03bbe1facec48ab5e6ec92f8df2709683a44fe9676b73c731d4339d31bdf392c4c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\augusta[1].js
| MD5 | 1e0a36f5b08d252cf103664d688f3c19 |
| SHA1 | 91152f8578438514db36360842f8ae6b481882ea |
| SHA256 | d55ccaf558d88424f25a064b4684e279627086306a9f3ee2f20712c15088cd26 |
| SHA512 | 2ffc6e39b2e9495e637dfce46899e5c3611a771b31c2dc823c1fa8883170e09224a562913bcb2ad70cec34725e5b2ca0fac003b8ef1b618dfa3b62dec693cefd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\banger[1].js
| MD5 | 975b21cc35797590cbc23a82baa736c8 |
| SHA1 | 369ef192d85b6aa85c1e2c61c8734acccac68070 |
| SHA256 | 0c898d6e2401a70187fc050dd65f3a94770072e8a5fb2199df2f739c90999195 |
| SHA512 | 8f109aee5ded2ccfbaeabc98b4ec48a7da2c889665ab62384ef78622981bd1f55924dbdba8f10fac2f38466a19d3bd4548e881c554c679f34b6a477e569e01e2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\v[1].js
| MD5 | 6cf685e6886868ac07e3f50ebf350591 |
| SHA1 | 428e4f14d1f9c962e9f57f294a63e320677bfd82 |
| SHA256 | e63facc04cf29cf8e4f1f3ff6088d571d96551a572aadb13f39964ff87a46318 |
| SHA512 | 7d006a2609c238531f6330ce3c96f4083cb179946b30c9acf241db89848ac91c5c58a5623e06d308623a761e5dbbb0ef8b1e497da270ca4466a323f6b412527a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\f[1].txt
| MD5 | 5486e95f576cf8fa4252e907ddd4335f |
| SHA1 | 0600338b0626bde9ca988a26aba680662b40768f |
| SHA256 | 9a373ae6214168509dc4fe047f320b9d27bd87ed907d66806ce9b865ca55042a |
| SHA512 | f2a9f0b8cc67259fee0bd4770aaf1aa7fc28f8e30ad7d5919636f5dcf0efccbc29d7cc55fc6e0c86d4c5bc8434daac34f065595e72a9b91d17d29f489d66866d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\f[1].txt
| MD5 | d1f4b7403a562622868b3fe407b84009 |
| SHA1 | 7b86983d5d414d9448293dc7365eb581148f90b2 |
| SHA256 | 43a00255fc792ae7296f2a749e7c3197a18b8935702feeb7c7279299034aad80 |
| SHA512 | d8f78a8daca753d1b416754f0f225be63ef89e4c5421420e724a7e73edc61f2d0d3ba42994db0f12a62f609018af849c5864b1010fbf2442ddd51b8721867ee5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\nmash[1].js
| MD5 | ecfcb2bf7e3718aa188447dd671dd0ca |
| SHA1 | 8efdd786437dca8348cbf90ba0cdc645c9c0eae0 |
| SHA256 | fcc4568c1945f29d45d307b634298aa8003100e1d4edb664d9b1c3f149d34876 |
| SHA512 | 43c25ff13de990b8258821405e9b81daeef1c5cc08ba0ce45bafeebc006df7079453ffba68f257e7a236114277e414577be24968377147866ed83e67812f8228 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5WUGZOS6\ezadloadhb[1].js
| MD5 | 35b971b8a731664d42b5e2657c62726d |
| SHA1 | 94dd98edc62a02bd8fc83553b889abdb277cddd3 |
| SHA256 | 16d03643629b53a5b16087bc86657875143f2ed0ffde28e4f160eb4261152517 |
| SHA512 | 2f0209eed7ed74594d1f0550f350763f5999ddbbcbc659627c6eeb538b38d038a29c349bf8bd776c79e94c77327107e1798bd966802d6d13dc8b48a503c9b756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\IHC[1].zip
| MD5 | 94622c37483e0132201c466343173d6f |
| SHA1 | 6d120622f87f5a553e3987faf3a839be3aada6b0 |
| SHA256 | 59454eb79f650f0a176f9d9254045588133b091c475451bc3c159571f27499ef |
| SHA512 | 24f02f453711c44d375156cc6bfb20e97a51bdd9e42516e0d257c9d1d3f1e5262f8cc0141757d570550f8e6b96ae48aac642c219b9a6eaaded29be72adf641c7 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\Password[1].txt
| MD5 | 6249cddf35e31793f57589e0bac8d728 |
| SHA1 | bb9f5f9c3be32b44b47279d1a0270c5a6b9a22ad |
| SHA256 | b2c665656fa5a9baa8128db8654644529ea5acaddff9e8559c9b5f9cdae35590 |
| SHA512 | 8c1f35b5bd24ce2534b86cd7b134d8904a67f044d43c833f172ddadaa33f8b2aa101058123465eaa59570dff31f1225e74e2be949fbf4883a06ddb332e4a83e2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SYK6SA8B\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QXOU1EQF\www.mediafire[1].xml
| MD5 | a06744e4b6e182fca33db9766eba041a |
| SHA1 | 586b06758587578638e083a35f885df4034abfa4 |
| SHA256 | ae3dc24bd503d10e48892f80caa73a4af14ca73040ee56fd77172ba06c8fe5d8 |
| SHA512 | f776cbbe8a89d53b54583ef2738de97de2148461da1de5ca531772bc0b825ab8383599fa4fb0d4190fe2510b78cf96c475e3628fe6040ae4b8d15cf20bb152c8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\icons_sprite[1].svg
| MD5 | 78ba220259933f24dc696a3b1e085444 |
| SHA1 | 39c72d416a8564f5c2d9cfee8c9ddd17cea17807 |
| SHA256 | 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02 |
| SHA512 | b7622af8523d9a31ba20aa960745e2a6df4d1583b940a94c8380cf1d802abfbfb1f183927dd457280f8f9477afcf670ba17b80eb8f03884a867638f251ac2525 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QSXCE75E\ezjitscroll[1].js
| MD5 | c56f43164c1540e24943c823feac08ec |
| SHA1 | 2f60ea5bb40519a3df32161b4442422fd0933c31 |
| SHA256 | 1037a9f7f026074d3222284ba63bc3a09b06d0203ae921254586458c17858efc |
| SHA512 | 3d57c2c9de4e38ad63cb4505efe76df71dde491855acd51fbf80cd6aa1b9cbce9c6fcbadbae845c3357cf503a39891b341ec3578e3300ad7ad8057ba489f6450 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IWYI2D61\ezicsticky[1].js
| MD5 | 2bf6769de8d501585e493cc32831e0fe |
| SHA1 | c626bd99f8338a0ba701209f745e070965146d34 |
| SHA256 | 957261cea91685ef8c41787c3745e52ce140b80600cf5bd80ada18986293fda5 |
| SHA512 | cadb2a2fdf181ba4f7d1c0dd89ea9f769791a3cd0ec4b07d1f13fc28b1c40914dacd344b84144de6fbfd2f4434167c5721f2358fb88931f01341c0ff4b985a48 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\IHC[1].zip
| MD5 | e8a98872d5ac0c98526a1a23c325fe44 |
| SHA1 | bd52d5dfa1873519944889eb4e01fab75d46d3fc |
| SHA256 | 89d534630d78c41743b260d66961b289a54569b2a3d0d2e4b31c5d93b784d848 |
| SHA512 | d1fbcf87da1ca1712d4a7be98b092f5155697eb3559207b6d0a4b187268fc675dd3f7a104f1e0ef1b5df5e8b803a9ab2e5612b7d1fba02bc4d250208b09a6f4d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMHXVVT6\IHC[1].zip
| MD5 | aa4b9de06303b59d78591496f2bf9101 |
| SHA1 | 5e9139498a5479bd62d7a3b802f443bdafaa2b72 |
| SHA256 | f8d485a29d24ab003987569273f47ad9b3e6cf3bb5cfee66d8dd0309114aa3d0 |
| SHA512 | 83fbd6524249ea2c2709395cec3525a90a8f41a97e257237923c52f33419942bc1492baa93e6376a599a2089241e6548a15ebc67d5a5bb14b4c6d58dbb871c33 |
C:\Users\Admin\Downloads\IHC.zip.8zteh92.partial
| MD5 | f6fc54765b6f12d4ae7be9bd990d7e96 |
| SHA1 | b89f7230325eb786aa7c35732c983ad43f09f53f |
| SHA256 | 1337ff0d7b20ebfcc32e7fb5e88febbd9e170159352bd8e7fd7137b83c9a5dcc |
| SHA512 | 30b87bf78a9732ca34c6b5d63627df840fca17231716689656e6e0e59a32f7063c5a1a8d21616d6fa62e6396f1d371973ac216580600fe5d6d40eb5e2edec73d |
C:\Users\Admin\Downloads\IHC\IHC\IHC.exe
| MD5 | 5b6ff6dafde02e5185482865ad955146 |
| SHA1 | 5f9987e2d1c7337342ec62c9f26e556759509919 |
| SHA256 | ae4961617d9b87a741e1874504900045b41b630156870cb04455d79f100366e5 |
| SHA512 | f2a1dcb6358c3363e92ae8eb132abb8b6e3acec22d5d1826a21afdd4bdf42adde832f37dcd739688ed9e78f6f7c5817bca47b31786f9e8f5f25d741a03fb825d |
memory/4664-6375-0x0000000000A40000-0x000000000163C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | 914ec5019485543bb2ec8edcacd662a7 |
| SHA1 | 2b0e0a2513383701690a22e7aebeaba44b2343cc |
| SHA256 | 2a95104de0f1dd12579c1068d0a789721f7655de59f84ed431f006b8bbe2d2a3 |
| SHA512 | 705404fbc5bd94a61fb6ead690058da43500f14d0b56fcec4922506cbdc80aa74165d031ebc387a2ba0396b0347137e174ac6c0adef8e5b5b79ea0510646746f |
C:\Users\Admin\Downloads\IHC\IHC\IHC .exe
| MD5 | 563cbeceb23075f3889e51f995a59f12 |
| SHA1 | ae7aa3f654936cee7ebb51ec427fdb1029581d54 |
| SHA256 | 8b154e690b2b3f0e46c13e569090cd3ad4c8fa43bb6a67cd949ef5d94344ed01 |
| SHA512 | bda309ddd05a155904c4d9bbd738dde90da71332bad79b3e708bf8475041cfb541480dedbaab2abc01c219227b0e5e68f4a648f3467975602b189b1a23b14f06 |
memory/192-6391-0x00000000003E0000-0x0000000000456000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | 1242c41211464efab297bfa6c374223e |
| SHA1 | 42d15b2d2f4b436e8064cb56639269934f7e2c5c |
| SHA256 | 9cb018a17bdf9cd70f7c16f31bcb3eaa5183eb3c2a26d6c59d5c65d3438cac75 |
| SHA512 | 7730e0c4fdeaaf81af454cefb5509fd2bd28f2c889c69ec23ec47338283e32ff681ae6362e08182e52eaf0e95de641f31c8f0ca0f22419f05da58cdbcca25a18 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.zip
| MD5 | 323049c65166d62cdcf00919a1292626 |
| SHA1 | 7663b2ccf3a2d0e2911819315fb0631c9c54d92d |
| SHA256 | 9a6f6ceae5879c26631aab88b0e35407dabdfcda924ff03520acb7453845298c |
| SHA512 | 3b7694500771d8666fb759e4eda3d569db037165c274d4a7a3daf0d47403f3be71446aaec9b06302deee8455527867a1c7a9cceee5deff0f59a208fc3a07f27a |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Setup.exe.log
| MD5 | ada37846cea22757d6153e65b720a367 |
| SHA1 | d9c9e33987d095b32c364fe40dd6f054feaf7ea9 |
| SHA256 | 7daa4e8a6296b9e3df9669f6a574cbe481f2df9c751affbeb41a541173264520 |
| SHA512 | 592640e40ad0c6bcd8719f2cdbf828f2e322ad729c23ac3b44dd252a9c0b08d370a1cfcbcb9038cdffed0866ae4d2f8762c421f5e1a89c8d9273f482d9d2662f |
memory/5292-6401-0x0000000000F30000-0x0000000000F82000-memory.dmp
C:\Users\Admin\Downloads\IHC\IHC\main.exe
| MD5 | 7e6146ecccb28d5863ba8f722d8ed7ae |
| SHA1 | 5e7bcb24df5fc1319197b106d63e3913276a2c08 |
| SHA256 | 087121e959e6a0fb8f5a3e0c95ded350e84e09f3d776a98b6c9431026ba46779 |
| SHA512 | 56d8d4ddfeb206cbae6befe90c0ddea55cfd091d35847967f6515525af89df58f289ff9ed1911fd1e0ce3fed847f3d87b8abda096aa177657e801ca4040bc5d9 |
memory/5720-6409-0x0000000000F60000-0x00000000018F8000-memory.dmp
C:\Users\Admin\Downloads\IHC\IHC\main .exe
| MD5 | 83948d57a66d3c9cf66eb28998fca3a7 |
| SHA1 | 623a44c3e16ae60ef12ed95d589fe891feecf32e |
| SHA256 | 88c5d4c75280b5e900e229db7526fb93edeec79264dce739c77d70369bbb1edb |
| SHA512 | ebd2c8b1701472cb67ab2bd3170e986550f631889204157c452b046e9eb873cc0c2a86fa47a53bde3d632ee6961bfaf699d1a37696fc732903031097435081c1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
| MD5 | e497ea1ca168098308f219189d634f5f |
| SHA1 | 634efc083024034d2df19478153df518f6b10bc4 |
| SHA256 | f20c0d9d46cab72ec02952c078e2a4b259c71103e31607613f1b1ff0064bda15 |
| SHA512 | 49ac4baff98a4d5e770aab19dcc738ee9e14716b12caecbe067861013997f7e90d4783fe8a67ad50a9b30e157ff0ec46cf1e6880c37d59103e6095d66e47dafa |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.zip
| MD5 | 385448d9444afdf37f05a5d6e04fc6c0 |
| SHA1 | 5bf8e945eee94ebaccd75327d9f08f43e8d01750 |
| SHA256 | 86b90cf372b359b365dfc8252e644514f2d0ea6c237843d0aa2cdc08cf44d583 |
| SHA512 | fad42351c7293efc0fe2fb2d87b2acad2544645697452e917ede2e9db323a3b8188d1ae9a9097fc406606cd9e8d6b99a91fd0a7f7532221f248fcec19fd8aa22 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log
| MD5 | 942ec90267f7765abf2266e35a28a88a |
| SHA1 | 7e3049bae13dbcd7c3ddc17976ffa64108bb6b3e |
| SHA256 | 3a050634827aca2deaeb1614fa0441326d36cf6caa8a222a5d5a8ada41fba923 |
| SHA512 | 9c5345d109a77f3250b56303f69ad2d3e222ff06ceca066c59647181644e16b7d7f824926a38cb614bf6ca2b394432fb3fb9cd94896f652ed390fb8f504ad9bf |
memory/6272-6440-0x000000001C2C0000-0x000000001C366000-memory.dmp
memory/6272-6443-0x000000001C910000-0x000000001CDDE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gutrqqka.inf
| MD5 | 6f1420f2133f3e08fd8cdea0e1f5fe27 |
| SHA1 | 3aa41ec75adc0cf50e001ca91bbfa7f763adf70b |
| SHA256 | aed1ac2424a255f231168bcb02f16b6ea89603e0045465c2149abcde33a06242 |
| SHA512 | d5629e9835f881cd271e88d9ec2d2c27b9d5d1b25329ade5cfb9824a6358c9e98e66f1b89ac9459b4c540c02af2728129dd8523bdf007cadf28b5fa2d199a2aa |
memory/6272-6446-0x000000001BEF0000-0x000000001BF8C000-memory.dmp
memory/6272-6447-0x0000000003170000-0x0000000003178000-memory.dmp
memory/6272-6448-0x0000000003190000-0x000000000319C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
| MD5 | 15ee95bc8e2e65416f2a30cf05ef9c2e |
| SHA1 | 107ca99d3414642450dec196febcd787ac8d7596 |
| SHA256 | c55b3aaf558c1cd8768f3d22b3fcc908a0e8c33e3f4e1f051d2b1b9315223d4d |
| SHA512 | ed1cceb8894fb02cd585ec799e7c8564536976e50c04bf0c3e246a24a6eef719079455f1d6664fa09181979260db16903c60a0ef938472ca71ccaabe16ea1a98 |
memory/6908-6476-0x000002122F660000-0x000002122F682000-memory.dmp
memory/6908-6494-0x000002122F810000-0x000002122F886000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5ji3busz.uyc.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0e3e3515839d5e308fca3b733a328d32 |
| SHA1 | 51d888a5b9b06a10a859bc12bf06cd20f7430e57 |
| SHA256 | 0585cecfb0f2cc4f91cf45a3a431167c013ff085c61aa2ecbb368a842711d039 |
| SHA512 | 07e81957e7f6938c72d6d729913d48f94b9229a5303ba81c0c8c4b4c6e4ce7e8707e1d59767aa39f2c47e1da3bc3bbd87b62a8f796f6e36a30969fec8b3b55f0 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 7033adcdceef2520521477b094e52cc7 |
| SHA1 | 6dbdc3aba745a40a79f2eb659f2b427aaf5ff62e |
| SHA256 | bb10a63597ebc56a9c5e558c7b5bed8c1dde4856f7604ab987998d10eda3ac4e |
| SHA512 | af9249bd6a64e28d1b03ce962618ce2a7e5a55dc57d1dbc8efcf2e4142e74f40e58b144952981c3a86771a9fd207e73986130edf7b7dfde2495347e284e8287e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 820f8a56b8dedb3a3aa1961673bb5b3c |
| SHA1 | 62d604d931c92a07f8cc657e7650f35de42009df |
| SHA256 | ab854537a310b6e9309d05754793bfe80e628b71bf6238805f525f5afe1d2704 |
| SHA512 | 0a18958d86998a57694d0ac731892bd3a72a9be50554f7f767e971903e6c8e640b78367c37e97484a7aa4a702bb3775898ec833751111465fbc10f207a924c5c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 293c8d0f3273507d8a04c10f21535618 |
| SHA1 | 1eca730042aa19c28b8690ae514d331aebd13110 |
| SHA256 | 8a7a759340d9c905ad8cdb8df54d6ee68be646cded6788c9ee84a9dcc1d5d2d2 |
| SHA512 | 0f2ab0bf403a59cf968457288cbee9043e9739df8cfbdbe63b5f44abc136a4a7373d900f511823682072e6cc5b12f27c4070c4b0875e8489b8d60c265417ea3d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 489c83b0391a6fca9aacdb28774e1e9c |
| SHA1 | 628c358328377c625936ae801bfbd1f19919d8ae |
| SHA256 | 2a10f62051e41a3519791d68e30272e32747c47ae61d8da6d6aee5ca65acea8a |
| SHA512 | bfec0f06f25d742252a852ee92b996e2820e266477584a30f8420b6e775606db4bf21263fdfc5af001200235efc445817293c796c70e013af4c4bfbbb9747a17 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 773a92373ec3168fe78ee9e94d385d80 |
| SHA1 | d565667d2c60fd7d28a8dd2c4cfe6fc19d040d7c |
| SHA256 | 3572640cc9e9c815b6378b8a1ddec3edbb624185144adb2d628ef920170dcc43 |
| SHA512 | 6e342d5ec7a5bbf54f37a4d5b8f7ee0b5db07d0d01f1e9a82e948182505e2c3a70b0083c6d65d31a1a5218f06b3f7a7f177f42cc7cd04bc3447a128d60a072fa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f1ddd4a722c0acd0e209d802eedd7e80 |
| SHA1 | 4858f3e47e4efa621855fe98a2ffc4913f095082 |
| SHA256 | 5a14ba49fb15290350ba93ce43737bda432ff22c8d8309e42a62e2cb9695eb6d |
| SHA512 | 329e2a2f02429379f901bece7881408007c52adc08b2feea3672dfe028a9a0072f8df836d2f959b2791ce00c873435a74fdce4657b107ea25ca01ca501277253 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b85dee4cc7584237a300b0876c08e6ef |
| SHA1 | 7bde52f19d3a46434ea5ddc29780a830e8de7338 |
| SHA256 | 586df17a9360bae93ad3d175c637de4d18957c39bd126cf2aa70b4e3f08bff08 |
| SHA512 | 58a0a52adc1909f4870150fa0563f32baf244b31074cd7389864015f8e5c03418907b8e263517a61b4fd2f38f57b753bb54286bb6ed1983add42c22708fa9d65 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\explorer.exe.log
| MD5 | 5d3b5b0f16008f08fdee52e2f1cec320 |
| SHA1 | 54832a9714484ecdcf7301badef5725d330019ae |
| SHA256 | 866608fe8ec50048b8fd894a985ada27160188fbcc50b47c7ac0fd09479e0451 |
| SHA512 | adb3d951cb63a6a643f4bb1198c0711d46d542b622f3d8b4500baa683c82ec10889cb95de04895d5c50e2d2e2259c46d95c2190903c5802e880f04fc0f64a983 |
C:\Users\Admin\Downloads\IHC\IHC\SpynxService.exe
| MD5 | 328ee22aa1f35ee2893989884d4773eb |
| SHA1 | a8bad059652df26e28dd54655fa41b4857f8bc39 |
| SHA256 | 2e8fc47b9462ec17997c1b5b8aa5bf9d858105415e3e31520d713a857bcfcaa0 |
| SHA512 | e5cd01ed8beb54228fa4052b10371b9dac8f1ae65d8e74de78627e4398c161ee118da711f2a13ef8679496bd2b52c6b4c9c684df11463179a5791a01c4913de7 |
memory/5608-6835-0x0000000000170000-0x0000000001752000-memory.dmp
C:\Users\Admin\Downloads\IHC\IHC\SpynxService .exe
| MD5 | 30bca3c862157f7c3c3db7f7ce5d93fa |
| SHA1 | ae6725f06b7e0f69ae133e74a90c6f20d6a6f941 |
| SHA256 | 04ba1fbf8f72ae692e84a751e8606a2b81f7a051a9b536d3c6b2a5e291176684 |
| SHA512 | 5b8d56ced64c0ebe1d3e4d190539a48ea081677500a7b2fe49fc576dc1fc06fb4337094d44ed7ac258adee0d66f723ee56cd4e5179282420742106de3e55465e |
C:\Users\Admin\AppData\Local\Temp\fake_useragent_0.2.0.json
| MD5 | 0af58abd8a3fd21eb8c012a05a58ad0e |
| SHA1 | 1725c9a836ff1aa112b84cec370fa973a5e8f7ce |
| SHA256 | 12a537681364542407e0e1a7bf52d51b213335f28bf8253a4871c2599ff55602 |
| SHA512 | 51dcbcd971f9d5a1f4b0967f9f6a277af0361698d436869c0d167567d5bf4188c6cf3e3bbe1095d9901b9e5524efc0db3e59b54a0e8c191eff40956ebf211002 |
C:\Users\Admin\AppData\Local\Temp\leakless-0c3354cd58f0813bb5b34ddf3a7c16ed\leakless.exe
| MD5 | ff2114d92d94f55f915241fc4f738707 |
| SHA1 | 95892347feda8ce72df545c2108c1e0b0881e84d |
| SHA256 | dbeda9027eb297f2ff6000263b31e89e75ca860b9ec630c29ee6bb115d9c38ae |
| SHA512 | b5a64f20bb8d12ba13c25b3642534a5057a12bc1c5afa4cda575a7f5e95cd92c82c48fe740300ab1533773f0ff0f137f361dea63bdf4b6146a002181f889d512 |
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome_elf.dll
| MD5 | b4093c517727bcd927bd2a4d3910773a |
| SHA1 | cccc4a2006c5a203ab0a3b64053ef7a2f3eb049b |
| SHA256 | 3b14289bdbbc5e3093435c5406bd595130496aa7a4a26d93418c437a219fc0af |
| SHA512 | 58fd93cdc7010f144dc434a64f45cdd9d32c55f8c345755c59f576d1afa03f3918be4891146341f24d111980704cda943c095ce81fef52470405ef5e345f459c |
C:\Users\Admin\AppData\Roaming\rod\browser\chromium-1131657\chrome.exe
| MD5 | 433788f3bdba994f91b254308cacf2ed |
| SHA1 | b86ddd4bc53c47120353e71f7f59f1a3143ccdcc |
| SHA256 | 5502e8e1ad177b878eec12f2469e9a79136ad88acef13677a4364190344d6db3 |
| SHA512 | c55ebe843586ec238304bacd9cd1766c99811de49cec9af32017b4c82f57181187d79135382c726a87e6b166d3fe1e2d522a728b2cd0d6bbc353d0dd38fe9eeb |