Malware Analysis Report

2024-12-07 14:34

Sample ID 241006-1nwzba1hpb
Target NeverLoseCrack-main.zip
SHA256 d893667722ead622a8309c287f75d5e31aa8614db99ddf3866d1956d4ec83219
Tags
persistence discovery evasion exploit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d893667722ead622a8309c287f75d5e31aa8614db99ddf3866d1956d4ec83219

Threat Level: Known bad

The file NeverLoseCrack-main.zip was found to be: Known bad.

Malicious Activity Summary

persistence discovery evasion exploit

Modifies WinLogon for persistence

Disables Task Manager via registry modification

Possible privilege escalation attempt

Modifies file permissions

Checks computer location settings

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Unsigned PE

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 21:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 21:48

Reported

2024-10-06 21:50

Platform

win10v2004-20240802-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/3176-0-0x00007FF98BE83000-0x00007FF98BE85000-memory.dmp

memory/3176-1-0x0000018FECFC0000-0x0000018FECFE2000-memory.dmp

memory/3176-2-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-5-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-6-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-7-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-72-0x00007FF98BE83000-0x00007FF98BE85000-memory.dmp

memory/3176-73-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-74-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-75-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-76-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp

memory/3176-77-0x0000018FF0000000-0x0000018FF016A000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-06 21:48

Reported

2024-10-06 21:50

Platform

win7-20240903-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"

Signatures

Disables Task Manager via registry modification

evasion

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000d26f6071b48950640a26c1b77fffbcad9eb23e5fa7425c212979c7c197b1fdc4000000000e80000000020000200000005e20f9ca73d66f98773178a07820765b64c14fb5a9d26d98fcc61f133440292c3001000023a9c48117a81cf7421e1038a93598f0aceecec092d484bfaceb5b60af54b6c89838398f9fcb1034addf44a7d1184ee44406586424d9871b859c8638f683ecb4dad48c084882075c1d68d67917c0649cb57c0353b5dd49879b06a7f9b073b620f142eb02db787d6b760b35cbe906c6f1240f2b76337e9a64fb7158c02f4cc59754c508fb8252db3dc489e291cd3c95ce06fb6ca15a9fbd930a8bbe5e17b2d428bbcc670017fcc02dbef873cd3b8d0470e27d2d35f315a5f01d7d5a25cbc924d07b2dce66c340b7658b3e7ff5fc7cf7c2ec027bfca81c669ec479fb03817f4f6eb0488dac3a003cc52dcb3beb5ea594cc8397d6fa304efd5b1cb04795751b2f8f34a3541da0770f87d8adff87846f48527e0f87afb8efb06e1caa9bf120e4f57ac3d70e4cec493a351dd36190abfcf7394000000039ec8aa11403c8da6a063331076e7d65188b34661e4bdbb7e3a6ef32ac5778b389ba389b376e6d100d217c413c52c415fcac92e5df1245ce7de286872c17d7cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000483e233db11b8ab85f6c4a9e15d9938d1f5aab85d62ffae5e8856f6dd32a766b000000000e80000000020000200000006dea7826e80e9064345a7a3d4b4f305b4b094b6fc1e41afa4d53d399552f9c5f30010000801a0337bb9315cd536f8fb8c10182a0c4103ae59a3b411c4ae5e3d80fc57c201f1a06cefa68d7582c77ca25bb5e8d59642c62974582b74bf8ae0df8b86e30f6a8303ae783469ee49ae5142762c7bbb6bed7dcf7c67733a42dc88fe92ba32b541ac47b01f35183d147030beb8d867b705d83caba4997f386ec5ffcf050cd128334863ec55c0f24a2e90f44ac9b68563e72272044491c72acb3867240f3ceab70455f2f3566f5b35d356d91fa1053b25b531ed868676ebf6b050de436b4d5999d1ce5b2a3618417a2dd1004e9030189baea597b7fe94ff7217e17586fac119e2d821fc39f8ae726336f1eb90b6dee4153f05abf7c6e27bce8e51716becc89da174c3367a4efdfdadbcdee4f12f7556b2831760d11d5edc2b77232f8efbca6ae7e54a311828c1ce330187ced13736d26f740000000234929b0ac3bfa459dec921c4d623ea75578f7e5517fef0dd9aa2138f8e52228e488280a2bda3a8df51746aff6ca30aa7bea476375ba6a8b08c63f86e310ea68 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000008e57030de5735dcf635eeee8e96db87263c3c9de20cdf55567fc17193fb435f000000000e80000000020000200000008ee3c70c5a690d1673fbf887dba1607425ecd43ce856af6866027dc61fa0c53b30010000562849ea012883d52d268c827389592e578fa2f08ec7cdef85d6750b38b72144c408ea793daf5fbcd3df8cc97238df4beac05271e42c5eea0882e3b13cc623160afe397462720f99981e00abfbcc9f0a6ec8015f9d248326befb737ade49ab0ac563deb822d07066829329970058e0304c5de0d9e7943cd82a685e064b38b9eb49e90f7014bdadd0c3e9ba597c050442a967e9ea33a25452b298c956a8b03efbc4a2507d4894575efe9fa688373d3a614607d422c8f3136091ea9d364c7aba63f9590e54614fd94da45eb08dd62c4c6a0b1b99be7b94ea36f80855cc71d3a099ac58ebe23c13c97e5e8996b8ad4e67f98dafe1b324b4d26500cb50595c8fa138458faa3412ae3c9a30014703acedadb0503ff6daf3dd8004d979e93960f7ae84febad9707ce3c4eb66c0a72f962083e540000000a29b7c2d879345dbf61eb4d77d16cfa658908e5cabed6a3a82d340dadc3ce6cf5466ea1780120633f7410a945bfaee18b7e7b5d1460333b998d1e967846037f3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000686ce0687a4a54b2210e2b4e99b3b68e6dd074b4cfeed722ba30f5e450af2211000000000e8000000002000020000000de7765f7917192b51a21256640fd3607cf510529c327b3a2245055d2eee455a7200000004f41b706d077ba8e66fc6da7af65bbbb5ba99964d96335407fc1c4ab8c3092e740000000beff80f7018aef19ebc2ffcfd61e71b88e7d6bec5c9164fc78d84342640dcfbf032ec80f2ed3dccf4668487f9c86a9cdf334ca740adfda91173bb8102a7ee26c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000001c020980af68d54858e799f464c9939c5785f68b248146e2cb00b11297504b000000000e800000000200002000000093e7afa6539605b2bbfca470584e4ab2e9f0f984fe23d476eec2c22331753086300100008b3e3b1bf21e945036e5711369884fad1cdc640db92c0161bab01b1504ef08aa2cafd34e2c1c2a18912397422d3061564814ce5cf7e3fc5ec247ed39a6d6217f942256a23aff6e2fb378b1215145a3b0352a437745a173c379239764ab904598f4a55a66183b71a4ccb427c99608c028b0a9059075b3dd1fff865dfb1c83133325aaf6e288f73c0ec7e965fc7633a8c85a0dd684b2b75f922480908658dde20ac7377218190df72ed74560bd230da7b32573f46a991bdf47d65cc8b8c20e7a7394645b54e1ee52a41153684c493b3d28b3a31ac722785065c1e08a55a86e8feb2ab986b1c81d5d7321d96b595c1f91e229c8349b9d5e936508841615da47288c912789f41f0f82f951207f9c75323fe579dcd1f5a3516a1941d29e7c7a6d32d8e6cbdc6a8ced9b257d6cb87029cf6c16400000003ad20602d40700bdd0d499276e787bc128d69975504a40fc466a212672c6dc1a9f356bd0b36d1d3cdfaeb2cfd8654693c792ed20fd2a21b8021194fd6f89ccdc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000b6c843b06a6a6fa7350f12461692f37bc272ba9533180340f22d2c0b8cc80080000000000e800000000200002000000057468af7ef8a282ff531dcb59f2260ef7da042920315f3a113232f7dc1ab7f95300100002069a5533dbe900fa1e1fa42a4f6681e4e4d4084855daf0b5845c818e5f4cfda66239c8945ed0d8265ac2803971af76cd8fa1952d9701029c52cc4deb6fb4319785dc38810bc28f4800d728a13030108aa30c882a595a54166624ac210dfe77deb2833d3bd9cc6a78783a90132bb6fa18524409889db9d05e232402030e9becae6edb8d308c32a7ab7bf8b3655caa2ab8c92fcc157bd5bb8d689a4e6fd9c0ee54eca38bdf02cfa5725fd601c0a7718e17bf33c0bc07ff01eec8c36c13f9bf7a72b10c36dd529b9cf07592491d2d07a2e3f43423a88bfc2ee9bc6dffb56703adfded22f9db120bf6e15dbf20bee752d3704b5a28bfb3bb9efef6f778d04bbba0f37aa6605eba89b1e2cbc0d6c20cfb9cf7f775830384638ff3c9c1f03d68cc1645bdd3d77446c20c72e6bfa7093d60f91400000003c7913b92227770bdf6c425c581c1682fd385c9531b8a9dc3c5dd1d5ba2a353d94dcf137eeb54d5deccb1fc44e51b365a344ac67cf345f664900cffb248fae32 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000f1bc094ba8b2e28d22a7567b0b4302d8542ec1b657243d9f5258c6d1f4fa5bd5000000000e80000000020000200000005497203e0447e7312ac8eb9060e27a5121a8da8abe0b00e871b7ad0c0cb4b36c90000000256090b462adfd2f09f854fc90c45e40b0b6043a3e3d78852c88956084bd1f3ec2dd80ee646d265bbab4bc24729d6f3fc825c3672adbbbbed1b89cf99422c5b49e5c35f7597da717e3ada0ee6f369c73afda7cf41c47fa7071b80230bfde177aaaa0643ff5ee7322ceb02854c0f50acef4564eb193ff624acd3a78a545e2fa653e9631afb4dad00682aa167f7b87ded5400000003ca8c7bbf7547a75d93efea84f5d10df30a006686d4d4b1689f747aebc9b56bfce1ccc51a9d59de10f808e87d9c6bd115f0b565ca2670d2bf5bdb8431110e5ee C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8666D31-842C-11EF-9527-EAF82BEC9AF0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\cheater.fun\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434413202" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2648 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Windows\System32\cmd.exe
PID 2648 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Windows\System32\cmd.exe
PID 2648 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Windows\System32\cmd.exe
PID 2780 wrote to memory of 1604 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 2780 wrote to memory of 1604 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 2780 wrote to memory of 1604 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 2780 wrote to memory of 2656 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 2780 wrote to memory of 2656 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 2780 wrote to memory of 2656 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 2780 wrote to memory of 2356 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 2780 wrote to memory of 2356 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 2780 wrote to memory of 2356 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 2780 wrote to memory of 2864 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 2780 wrote to memory of 2864 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 2780 wrote to memory of 2864 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 2648 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2648 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2648 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2588 wrote to memory of 1408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1408 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 356 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2936 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2936 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2936 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 2936 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2588 wrote to memory of 1456 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant Admin:F

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant Admin:F

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.cheater.fun/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:472079 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:537613 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:537629 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:799784 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:1389600 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:996413 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.cheater.fun udp
US 104.26.15.166:443 www.cheater.fun tcp
US 104.26.15.166:443 www.cheater.fun tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.3:80 c.pki.goog tcp
GB 172.217.169.3:80 c.pki.goog tcp
US 8.8.8.8:53 cheater.fun udp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.3:80 o.pki.goog tcp
GB 172.217.169.3:80 o.pki.goog tcp
GB 172.217.169.3:80 o.pki.goog tcp
GB 172.217.169.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 8.8.8.8:53 www.microsoft.com udp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 104.26.15.166:443 cheater.fun tcp
US 104.26.15.166:443 cheater.fun tcp

Files

memory/2648-0-0x000007FEF6453000-0x000007FEF6454000-memory.dmp

memory/2648-1-0x00000000013B0000-0x00000000013F4000-memory.dmp

memory/2648-2-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-3-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-4-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab7DBA.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\f[1].txt

MD5 aa0cb87afedca46feea8717f309fa35a
SHA1 74d7766c601fb9dbe80633c4bd4ea34f2c9ec4db
SHA256 bec4d5a106e91be7c11aa87765bafb2868406f1bcc377ed3801698ecfbfa3579
SHA512 29b4c73929306e8f5351edeadfe16fd4729bb11472f5e3f50df14404f32f722b0052bc190d085b300e9359d65da90e2ec53995f5daf395d2ca13647773929a08

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

MD5 1e38821d466f34d4b19abb09f3fb3999
SHA1 f935dfb071a66a0107c16b02a567df094400bf4b
SHA256 11c48ec6c1fa4671b6ca0dbfe3ffcb74ee351c10c0313623b2bf9c5afe95ca05
SHA512 e6a8e017b7a8ea28280fb724ec19b7b67727bfdbaeaecf5ee5e8c7920f24fdf7c7ac7fd2c18f3b6cb9f56a28d9bd60228ef1c525cdb75bf25c9cd658299f1aab

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\favicon[1].ico

MD5 6c9ce802f79e4522fb07a2eb4de37d50
SHA1 c311dfb31b47749fb06f0c57164ed9cb9641ff86
SHA256 fee3bc240a1a5648acd362d27ebc066b0540fd2568ec7d228e5f2f548ec937cd
SHA512 618904a5064cafb97bce537cde4fc3887f9cf72c2392003d8e42a0016dad381e2fc960ddbadea5c78ac5711a59e330b1a1e0af0be938ce94ca4737a62f1b206d

C:\Users\Admin\AppData\Local\Temp\Tar9937.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7268bd918964bdedca6972b30ca8dff5
SHA1 6939c1c3b145d6b5075b89c002f9a0cd22927358
SHA256 44ba967ba32bec486786979a99724e63f1c61b9f6a84a1a64fbcafd39a5948cb
SHA512 0ed25fcc8637965c4e8394d13db678962b9b7f6c76806e4750a576bbc174ef85746a9d4026c279eb637b56840092d114a399b529f372ce7950c69cfd771bb8fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed64c678bc61a130a333faf37495bf11
SHA1 09a30efa6ed723f35a8233544d9ee49b8d1f0595
SHA256 8ce9529b59fb47aba5b90003ae8561311f21a9b82e0f53e81e344d663f2911ad
SHA512 e21a971028718ce989ddc7bbe0d78bc885a185dce79b3e42b0a3f24e9762f370af41de12f5aea8c03bc2ca76213dfdcb7cd934f43fb8be53983d5a33d8e6f10b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f64e17058df9ec57269a9195b72c05d
SHA1 2d002daca2c62fa1a706d6733f3e240de2fc35ba
SHA256 79ea5a487e61f2582dfdbdfcc394750a24461d71c3886bd13d4888a062e3e8c4
SHA512 9df45ff37d6c4d2457061044c7d87a785b0fc94c4855c4b240732c655364b9ae9c746a6a763b4eae10ef6cc31a546d2b8c79c5e0b9613811de67f8ca759f0f78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad51b30ed0df36976e0bcbc289ec10a
SHA1 754ad0b5f2747bc272dfcaa2f8cd8dea62c82d1d
SHA256 8f598100fc2934d98c36d73a7703506ebe499abe2e671032e1fbe65e443fb7b2
SHA512 1062dd08eb03d9730b0f68de911d59e75f52124e88a110ef67336a7262e67f6424a22e0e1a5502e4622792955dde9dbcd1ff80e04be47b49082e2ee42d9e58dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acacd73b9e234b45cc39a693204a0713
SHA1 b17a0df7dbaab65ce765895a84447f4844f9ba4e
SHA256 1530fbf3cdac62c15af55affde96c41e45aaa7227b329e4dc7c021c297f2399f
SHA512 bf10890785974160d34fb5d5bbbd8bdd00809fa0a416c752cfa70757dbcf3d35399c4d899149b05adb3b726b79e5d62db6a914126b3597d7729d510169cc89d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 770c307724d8704ea2378741d1240e3f
SHA1 5ba76eea0308a56e33896a1666d70d77e1688e04
SHA256 67d97f593f3ff11ea6c015768553c75f75a02171dbd7f6d38c651fc1f9547a0f
SHA512 a9f2e9123e59eb15c5bb0ca031de6e04c681b7a4833d321f3b29f56a087d0e0ed404af65f45d50e1fda8dc567436b5bde9ad216ac5d333d5ad11512f85d1a5bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8785762fee244e157009913206b8e983
SHA1 364841e2cb6844295eb4729e1c0672e4c244b98a
SHA256 fe0b93adb71d56fb0a40105a77e9e55e3a32688d3d522c5ba73a39e2d90e658c
SHA512 88e7bcaf62c344d74b124a2ae6f4a0a1b02950087a3fec11735cab8003421089a0935267fef53f4104fb6070b22e96d86bcd50f6d25a44ab785ebbb7b3e00edf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 231e5c0301ab25a83183fbe35e69fbf5
SHA1 1fa6123652e518334a1fa51ae09f148965feebae
SHA256 af7cb296796a37f1999ff44a857db1ed00039d9ff28013128227464fed22788e
SHA512 f8a36f5c0b025559d2a0bab44217f2fde57909a5a48937baa00ac08659754c411a85b3ad80684eecd98106f00b346ed06225101c1576a3649253c6698496b18b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bd717bd2e21e1e6fb719c4d2148e23f
SHA1 dcb447fcc423c0de9863b4f02a8b06076339018d
SHA256 516cc2ea3dcfb102f2d9c3401fc00ad2b78060543ec0e33840050cb48b2fdf9f
SHA512 ad3f14f9356b17915a2ace23dcbcd8abd08475fd3c91d257681513b6e79407d3d87c8e65f61d278e8eefa56b03c9ecc0e6d598f8e44884bc13d4a63b4d188ecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15793129385bd039037e5dbfb6d2f9e4
SHA1 35698c4701304ddc3559e959afd6b943e2e7e123
SHA256 b99dd45ec109981bd672d69069139d4e204d2f8072cfee8dddd001874c0cbc76
SHA512 cec04de6ab247a488d7806afef59cf24425b044279d1ec3794ff3d5b11a9aeab630c178728bdde07a5c90f8680717e40f1870ed47dd6682e3e413e8978d590e3

memory/2648-575-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 3b2da3aaea49b85a8a220f5efeebc783
SHA1 cd8f6bfe7c665c7e52d24bafc68ceb1020484a4d
SHA256 fd00143abc95524e7e1d3ce2cf5e18fd2813a387995a3c659182382e7ba121cc
SHA512 33cbd8527c0b24b6df34f228b98fc21bf51e73b3e3c29e96a56d6e54a98665351c4ec9092343eded1678777fcba113048ddfe46cd12a83665bfd183281b71d2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 573342d1f0d867afa795b6d7854a8a97
SHA1 5467899eadf0548e9d83e9c8cf8947a305a6cb1f
SHA256 03d6c88dfa87c6a9345d0d0a572b37c9181007b08a242eb7cd75e032354d0495
SHA512 0fa76eacaf84c9c63e79af2780759aa4a68e5cdacf1c8eb1b6ee12046c1ed360a33aabcd9a637c04e6fe7d054aedac59eb211401fb424e0be64a555d1a143c26

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

MD5 437c038fc08ef455eae38c1914466440
SHA1 059446456324d77d91a198022a6bf262d81febc4
SHA256 8612659cbf8f4f98377702c2eaa8ea02a01bd918157271d810c3ee1fcdb38d0b
SHA512 2566371a47986c46018ddea661deeb32a4d7a8acff96b798186a1b9a9ef3b3812a281141a55bf88bca05c1f86b2ac690730e6fbdd4a508e15c1df3dcf1c76156

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\recaptcha__en[1].js

MD5 33aff52b82a1df246136e75500d93220
SHA1 4675754451af81f996eab925923c31ef5115a9f4
SHA256 b5e8ec5d4dcc080657deb2d004f65d974bf4ec9e9aa5d621e10749182fff8731
SHA512 2e1baae95052737bdb3613a6165589643516a1f4811d19c2f037d426265aa5adf3c70334c1106b1b0eef779244389f0d7c8c52b4cd55fce9bab2e4fcb0642720

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8YD38FIG\www.google[1].xml

MD5 551ace5b4f93ae1bb74c1d280b237767
SHA1 57b3b4571c5c9f9a3fe6689be964f318600a0433
SHA256 46da9b1f2c32a14ccd212d3e64379ab402f073505f6cf5739ef41830f8386503
SHA512 e391c5b0c01415b5fe2f91b09611d5b2d92283e0538364ad78f9dc984edb55c84702fc43e6a7c01a81ae32bdf769453df93a4a64db2637e3b199e9531edbcce7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\styles__ltr[1].css

MD5 0ca290f7801b0434cfe66a0f300a324c
SHA1 0891b431e5f2671a211ddd8f03acf1d07792f076
SHA256 0c613dc5f9e10dff735c7a102433381c97b89c4a26ce26c78d9ffad1adddc528
SHA512 af70c75f30b08d731042c45091681b55e398ea6e6d96189bc9935ce25584a57240c678ff44c0c0428f93bf1f6a504e0558bc63f233d66d1b9a5b477ba1ef1533

memory/2648-661-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\ZHOBHI1W.htm

MD5 62ee4b4b8ba89c8c8638a63f6201c32f
SHA1 b3326068765996176d12bfb628f6804192ceebf7
SHA256 f91bc261efed2a528dbce7eb110f83c024da537412d304686f6a9f405fcafa08
SHA512 619ee83d36fc70de73d46852d0cf7e0652187494f33c823ab0603892ee9ae16ecf6db9a877d3e62ba72b637f1908105c29524698ffbc1ed842f24556bf4aa240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52338bcb1f900c0fe9d6f042504892d3
SHA1 3694d5bbfc0e486333961d8e09a6e411c77aac1b
SHA256 7b7f0c261167c859564f7394e6d18adc694b9d32628b4b9ad6444ee14c8701a7
SHA512 4c56b0c57d517cbb2fd22ddbbbb97e4ebfb56df0885133a5b41d816dc95672b5d38f813226c0805e0aa33c2e79a82114a0b0d28135e50af8de9afd5a5d1fbbda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 048b66601bd144417e5125b3ff8565d1
SHA1 d1a2a53d5f7635009007d2f0680ebe2eabb64aa1
SHA256 bef8838460dd64b2b7e0baae61f87aa860cd065f2a3b189bb23e515c8641bd3b
SHA512 d3b65bfce89ac8ca156202d2a0055c5f585db128cda3e80ef1dfa1903ca93302610ab59adbb2c3898188497886c3db7784c11e21e80d9256d764eba647d61c68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 7fb5fa1534dcf77f2125b2403b30a0ee
SHA1 365d96812a69ac0a4611ea4b70a3f306576cc3ea
SHA256 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f
SHA512 a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 d45254ebedacd30d03187fb17db46c42
SHA1 b26559e5105ef91d0235c8d6496b75fb115b29ed
SHA256 2ad1fdcaa91c72c3985420317f62995ccebc736635fd538acdebfacd2d40df3b
SHA512 799029e77135e07a77fb6eea555770f0a3ee56e6b19eb9dfc6745c1e06c79cbe84f96a04a762ba3e14a19f050e98f82c36da74c8f150860adf1418cf16c77b37

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\index[1].css

MD5 9239ce738fb09559eb42ae9da350325a
SHA1 29438c7374f209f2a7923193e0d5ff70bd2ece7b
SHA256 84ac4668615a89556551d47504f98682ad26a78f14cd1cbdba10eddcaabee429
SHA512 5527f87deb8763166244e87d3eed27bb8fa99ec750fcb8d263d9411e88b25fec6c2ce4762703a8781f31ec17e283384622f7f0d0c75dce81af181242ee222cf5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\index[1].js

MD5 0732e3eabbf8aa7ce7f69eedbd07dfdd
SHA1 4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f
SHA256 ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
SHA512 41d24c426abcf913be59917591d906318a547661280036b098a2b1b948bcf9ff14f268b140db10956730d64a857a61b81034d888ed7f857419dee6b8d327447c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\normalize[1].css

MD5 de0ec39273a45ce886a5b37039970b92
SHA1 8ef6ae471dd9dae2ed3d5c5fe941e2308378f60c
SHA256 61a1e49dfe42fed75731a2efb3dffd2a41a475f10677899e305a179f1ee73b55
SHA512 5d651a9b3a228e39d63ca951daeeb3e538b5a06df502cb963245ba9fdb522c07fd921e813c7a517252365587c8b9d436c91639563d74d08b5935341e40096c87

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\index[1].js

MD5 be8b59461c536a6fec6c2a03b83264c6
SHA1 eae0dce112796a8d3d12cc1f94d53e2b7a19c49d
SHA256 3b6e6606b353a8885896fb5b2f727acdb14eac35ed7fad8b30260f402880d7a4
SHA512 6ace984676fc682741af594b449459c92b8cbd34dde824672e46607ca85e04738fe3ffc0db5c2519d9590872a9b4876e4acb8d9866d6d22a1d3bb2e8d5798741

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\bootstrap[1].css

MD5 5dfe443d2a82b63b394064e908725823
SHA1 6dcfcd2180f2cfec628dd373f452d7dfd206480b
SHA256 7b9bae153ba54756148cee5cad085ad6b4b642c579542d43f28f16a5c6d680c6
SHA512 6907328ca29840473be3a8556440aa528020bbfa4c19d022eab8b411874727f524382c8d65a0ddf8ad66401a46780374862c50ece03b37f953a416800a2a8a03

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\andera[1].css

MD5 08f48a0e3999bc35f90a23d32f192bb9
SHA1 a2d9086da7ab4211dcc36b18d1a0855cd4df8a35
SHA256 e3903dbf544513d861f53027b73207671150f886b060df3b5cb07da274b31bfa
SHA512 20b1d1e80883612f9a1d3c74f69f244f8e97cf6b5f8b4aee19a5bcb7443b11be1bb2a7c593ca3fecdb136d5af51bc2bba6faca580544ec468bbf0e3eb13197ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\css2[1].css

MD5 8ecd8fcc3e48cff120fb9b217d399c3d
SHA1 ff1c886bac3ed86638c9f1aa2909ccf0e127adbd
SHA256 56aa2769891fbd028df9d4c2c02dd9a6674523dbe7390659a3e106761f4c9cb8
SHA512 754ac032c29b0bf462e45cad645412add735b40ef49becabed707b8265f6ddcba71cc44c14da970f72161156789d8df1994a9f0bab04d0c72b1467a65e23d692

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BXC9LDEC\cheater[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\f[1].txt

MD5 89b5909df1a67be7046cb41c52f7a4ec
SHA1 8fe014623a7abae873f32c512635cc84263cee53
SHA256 93ea4ba3d1cfe9ab27376608b40ea6871cd8f9def02ce33195dbbe90b94c0851
SHA512 6d15b9f0c2ae18a4313334273935c44868097f82e55ef62838a1d69e6d604e9e4382f54a55e1cb05ee326c2a84bfa3397043c876afa077285747ce5aa8b423e8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\noavatar[1].png

MD5 2b9e5e996d630e38e550a0aecc059251
SHA1 3bffe62f73028b545d73f0083e97545a5169b97b
SHA256 4422cc03355bde6af025fecee06d1383f005d4c2eb1b7e58ad32cd6222a41f89
SHA512 c661201e840988cf6e03e44bd82313f3c5d218a8c896e24447751650aa1291f085a6c4c4df81718f5fb2090fd4ba3f0fb8646ac9331ed5116b5a207934fc5a8b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\andera[1].js

MD5 e706111a9f23d6aae15084bfc9628fcb
SHA1 1d02afc87ea4a963812b2aa98234c25b23843777
SHA256 6503008f6dc1817c7937961344f69c7542968c9fabde653d49043845ed0f566e
SHA512 58ea3eee08f2e89aa33e597664117c230f0236134b9868375c686b6af199a23d6cea2a0ead7bfe7b4374731babf0037af7b56d1bb1b06e9f91be8941a2acb49b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\owl.carousel[1].js

MD5 4eaad699ff502bdc7b905488167e6223
SHA1 8bde1a620a4bdce16938d7473a9f69a7ef6a9401
SHA256 258bb4448458aec854fec297ad7ea1d770e1d40a076f1f67f6c800aa47d99ba2
SHA512 870b2a6f87fe03d67a5b00899ec3476adbdd9ba9458741dd24d52a7e4b8a7e30fd353bd9ddd4056051acc7f52b54888976ddc667059ebfa67b5aea4ce4253a75

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\bootstrap.bundle.min[1].js

MD5 edab7ff9b7cf6e33983f06324f19095b
SHA1 ef82e1da35b2642b050dd69dd4be47123ce429da
SHA256 5c276ad670a7a4238693a9d4a9a6ce6658a83e149b0912774ca81e98fdda1971
SHA512 be91b10fd9bad7e02dd88e13f1f0fc7f748cd13c4f330cb4c7a8d9be5f88017cc99396d68c929c7c3bc48cbc4025c1883836436996697965b53628f744f5ac24

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\116ce879b167b764d47d5d2d1434ad[1].jpg

MD5 d6656fa557535edc6a40d27f9e4b4d31
SHA1 5f35f778e67350857dd739756e7c7f249e501ded
SHA256 e974db9ad77d8a76c96562d014fbabac403e56ecfe28869296474193a90c8084
SHA512 ba1192d65833daf9ae0bb5d0754143f0c3684df552b8c8c6c6875f9cbdc8eb4ac67389faf04f1730b2fccd8aed7e3df498ec69d416d2a54da629406c7787c9c5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\68d906752665f6e4246c36336348a7[1].jpg

MD5 9cbb3b7b6fb0880754a0da30e1b26a17
SHA1 244417f949db1e8cd79a03f46aa11b59c986f9a9
SHA256 58cbebe4ca4348068d233b6ce941b158545dd611a6be1bb195212948bdd7e37f
SHA512 d9ecd1521f5bed80d27a1b58e8208a96a8378a74924c7a62884550cc6f0c310aaf8571be5f7967ca7b4552d2d8d84e17d6cc8ba4d6bc93fd496f64471aa7c8d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\owl.theme.default[1].css

MD5 ce255a851ed82d3d5d38fde41c5002bc
SHA1 08d59678a121bfd0d8e90c4d679c73008b2e4f1c
SHA256 9a1aee2a26cd3fcbc9feb3e2f0f2f3610aaa9fb2abb680c99de65974e0951fff
SHA512 f3f2a08f7bddd925508521407f58de3d1dc918306f5361dff327fd8e7b887378788fa88eaf2633af6ee970579be1d1dc0c54557091f2feb624a8d8af44f49af1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\owl.carousel[1].css

MD5 30e8ab059c5769694d265cd9792dd2ca
SHA1 ab88dee83eaf166af9b9e16069ccd14e3a93573a
SHA256 84c350979dee9c0550eedaf645946402b35e39d718201d794b33296040acc777
SHA512 f7d67cad6b4cc1b5495bf33dc4fcf0150b5d23c8a492f83ff7d8374dc8c9d4513cb616f0836f343c6cb6df9c32c9e5c6efca83a7a7cdfb0d09100169593bc69c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\dle_subscribe_style[1].css

MD5 12d83dde31cb78f07359a9e429376dae
SHA1 78282339d8b4bacad433e2e7a49f45f81f807317
SHA256 60120cd177f0c3ff174d22e9be9d1f90f674c19bdc67fdc46b00f6488e5b0160
SHA512 dc5aff74896dd85277426d0aba71a35d6a6dfb75957522cd43cfce2e5a8c9b319422a042361471d94873f42322e3a4e4693d6e9a515d22a5a339b9ccd8f09c93

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\wow.min[1].js

MD5 c7e83fbbf6fc82bf17cdee1797f9b255
SHA1 710a309e4a9ceb87bf0e1c18fe7dd36da5ee4b79
SHA256 4b24331902da7a0e39aa8a7ab0b22c84f4d1d3ba96b75b911f5b920fa4d011fe
SHA512 27e6281aeaaa29788699ab09010a9b08713b12975c5f9c13d0e417c4a63070d9afe5d107202ac3a9ca09e0cccf608a184f08ee5a2e940c9d4c43d1b9e10229a9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\copy[1].css

MD5 a1e2448f875fe1924c4a7551608c7b83
SHA1 a0f43338a34af02dfe2ca8510d68e87163b71b14
SHA256 69127bfb04be64a577a5d3b19f55ead197b1d7212fa0b54c47415e83983ace6b
SHA512 e2063215a1cbd5159b4bf91b78f9acf27400b6ff61977dee9880e59c283af2c722d0ceda798a5a0ef7d192cd5a3c46a52526f6a7c2b938872402547aec6d2ad3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\copy[1].js

MD5 7b213160b676100a557667789ec2242f
SHA1 05592cd6805904b6cf303218ce1cfb5efe650dfe
SHA256 2408e8e1ae4dfd8b4d8f36ebfec82bf12ebae247d901e80f5657c187ad235d1c
SHA512 7e503f01d129acc2384ca73c6f9104eb1b2d3ee71faba6e423d3deb9b9483c828043258c366dd20344ca58191de20b50e5fc4f8222ff8bbd75eda0684f7430af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\js[1].js

MD5 b78361376d9318af330d741ecfd182e7
SHA1 6bf6cfaaeedd22066b9b7bf204ebbbfcf3cb03b5
SHA256 3b20f11c4c96da0dcc6fb48268f45b41618c4974651972d1358403a0e4368bc4
SHA512 802df0a5defc7b5a88dfb3ae36440aca7114885e9ad7ecb9fccedff33abc33fc9b441737bc24b527f695f268ca200d924ea840e221773c4af72bef3474f3a4ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\dle_subscribe_js[1].js

MD5 c2c841beb0885c055b1e935de2cdd0ee
SHA1 73b73cc94ac407c01548a7d1fdf0e7107d0d4451
SHA256 a98d69184062cc6dd6f3f900ed353aaab9ba9c3abd5c15f34b598c220c105727
SHA512 8a25ad066a272061436fc69eedd010b02875a90fbb04fb64849d10dded1d4703064b2dc2825b87fbab4c0e9c547cf53fc1e7365c319f4d7824c9a75c737d8af6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\e1f926fb5da2ed47b7a9cd2de25e4b[1].jpg

MD5 dd6bd12375898dd3ea3a9c33e1d84d01
SHA1 3762c73c9499c74a74e954fe48f0dc235044bbe8
SHA256 9729ad157dff4d6baaf1f1e75713c51659968e0376bebcedc5ae933ee47e59d2
SHA512 ad7b1e9e6c6beb3355a3240125e4cb34f9aabe0dca7982da19e6060f110232977fdf611a4aa1f545655c228b12e18a0336f3e43f64f1f46a581f64a25d642505

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\288d4d6fe7f18f40da6ac44464f556[1].jpg

MD5 dd79b2ed870973d143544344f23dd6e9
SHA1 14bcf27f4f378c4aaa1c06989adcdd04cd791323
SHA256 50ec5c9953dbcf80f8a67038223b16c595ac46167d9e6817679a697b5fdf33ee
SHA512 fcdf2ed80fe4628151cbe1ec22b71f2b7da3b0d13eb9822106809e914db2d9e37a6809931e4da8abbd4bd446823869c2d056eb60dad4f1d2f3379c1746a7bf70

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\4585245f848f1f8c1b968fc513ee08[1].jpg

MD5 901465266f7ebccad229356619137867
SHA1 73c47c0014431f956e4cd409e1994c32bf0a49fd
SHA256 aa44160916bb36336a8b35e05cf50866f720663694b9cbce8f6a5cb47d6d656c
SHA512 554c1e339b7ae7b4cbbba614db1534925292856339f5b59ab2deaf46c6ee72ccb9de3c3883cff1566f6245215f818ce0d609716f60dbcd355cbc86516280b8b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\a3dffaf9b6cb54cfcd42da8abee4f2[1].jpg

MD5 d82984643d5f83645928a3b4fdaba713
SHA1 5c07d501f1f20a66b8a13d90080882f76c8b0a26
SHA256 015611b9f4f202cbbd718db0be9da099d56bf1fb083d6d2baf3f37b679bb71cb
SHA512 973c4bd0f1eb20c5e0f5a2a64dd4d69dd604bd931b585854d413fbdc61e13282cc0a7f63cc29b456f37510c0fb39f67fb30e242d612658b7be1792f7330de48c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\4fdb06d3dbb8a56591cf64e74da366[1].jpg

MD5 fbda729e77035575e6006c2803207016
SHA1 d334e665cd61612e54d4d692a03ce885578c2390
SHA256 f9525fd16ffa251b68804af88952e4af2318dac5bdc2b7d6bfcc55101012dff1
SHA512 759cb0e8d9e214816b7940cc1cb2924b739b4ff97b77cc673a431cebbcf367467d6520956b866d568ab5a116b151859c7aa467989de8fceb9d2e620f0b2e41dc

memory/2648-707-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\GOJ1VOPB.htm

MD5 b1a25566f38b3799d45fff2dc9602e87
SHA1 f27dbc0132298c246b5d90903cb9d13265ad93d7
SHA256 8589025e828df4a6c8f9c147f0c7f079932211ec2f430af940421e7d1f5b9234
SHA512 95d5d2a8b213a143db5597f2629f60d29c063d2d6bca610e84c3f456b8d2a63c3ce8dd6650a89e62695202de39a2503dc754cd45c6436de0f66c85d3d1bfcbee

memory/2648-720-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-721-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\UGCZ5XWM.htm

MD5 0669073d7caf5dd1edb7c267a6178171
SHA1 41341b4ea25826fb75e279ae5992228d0c4bf2f4
SHA256 12ad8ef02f0496e958da818c97672608db4dce418165314abc8041f4c07df6d2
SHA512 d7ef385753d04241285a2b8946fa4ae44e56f07051db1da1cfff6735c64c7e075355a32442256a1cb2bdba21353ffafa13f60ffa09ecad2f83affe2e447b37a7

memory/2648-733-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-734-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-735-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-736-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-737-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_A16F2B5587F8EA698853F1F96C5649CF

MD5 0daf539bb5f7c9ff35006ac5a0be9f00
SHA1 58a94ca5da705dc6932e43c2f12bf7715d7b0e90
SHA256 21761a415ad3b5125e15eb05cbbf4297b5215f3f6d21597819381dec9a5a4432
SHA512 c1f9d3e521ac59fbf934570338a5986161902c00d93d030439575ea6f101d6d9bad0b64c8a6240683fd399dff77843e8c0ee63ecb2bd2d07a30773d48a8837f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_A16F2B5587F8EA698853F1F96C5649CF

MD5 e93dd23acb40d261818ddc36424065ae
SHA1 f54fde2c70c69e91dd3f291425d666e05ca7f26f
SHA256 26f5c7f5975f88dd57fe7e13fb407b23fae2bdeea1bb3d01ac9e91d48b208e49
SHA512 1745281800e2415fe26d2fead63102074144f4faf8c4a0d60cbbe04d6ded3a72ea954b24ee8faf3157fc22a41e5e8dd6d44c3aa2749ba4786fe16741a3b81840

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

MD5 4eb2ccd0b5c0f1bb089431258cc90869
SHA1 a87148d98467be9317bf309afad23820a42a77f8
SHA256 964b083dcc0b1f41867d265ae25f219d6e55678c48dedbbf8b0d5ccb4c39e840
SHA512 d2cb2eebdd4d0ae13a7ababf8cd97495078d2ee0780a6d02c2c6343635908143a3309a427bf9716a87dfc8ee483774a1c5abe0c98daaa045dcf2cb00a37ec784

memory/2648-779-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-778-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-780-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 84d906212a86b406d11280cb7c2662d9
SHA1 80b8c9c31ad2859139b6b836b2ea9e6d41a6fe72
SHA256 66861f32419eb710aec7f5ce6a3ffd305d1692f3f5d5c01256bbec89c0633265
SHA512 537f66e5db574e5565c2bc77e8208baafc4891d96037bcc27e8a4359cf94065344be6bca696f122cccd66c55fdeab399091a0e104b20fb56e0016a04f1128f32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd9cfe033bebdf270ae7600e3388fff2
SHA1 15b523560a8b1800ff4d8172c4c043b1fa692d77
SHA256 c97ac7bcae6f232d348d0fbf4f068b4358fb84470e41d25669b65769bc239c5c
SHA512 4dd5503b7fd543b7b818f0306e7a16481c7ca0a61efcc3626722e0d8195c59391bf0a4d18897711e68902547a5dfa75c974198dee5ce75c5b21ef677885efb0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70e1e554da1f95ec85fc79690cd43501
SHA1 6080005bec7077e1b6d9cb677b3f8c7f3ce41f96
SHA256 ed7f7edc236f0a9255e4031b07e6b488c18ba7347dd9ac46034335156d261a90
SHA512 08d9ade75de797e48915f10ad731645997ddfca54505d10e8e09b110bf4ac915a6e142bdcb4bc833e8e33ca7635f80a2356e1a132cc0ef109d68d666cd91f0db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 316ecfa67a7eaf1c39718c63931d82b1
SHA1 f8b1793b9043e216b4328c50cefc246f092d19bc
SHA256 bb1bb960f44b49101763500e9da3de034ccd05ecce92dfe3a400f27d325585fd
SHA512 163f2008e47e496174ac016973c4aa6585149647e68e2d5dac4145bc5277bdd96254f91042b33234c9aedbfa42f5d8afc0f6a96af27fd0b2493766752c2b94a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8e8a050fce65bd25bde381db4fa4dd5
SHA1 754f42bebb4a244af6d7c18f8ab5733d43c0ab0e
SHA256 f388c3ea15d9062fa10cb2aa0860f6393e34889483c37f3bbd09896169ae9327
SHA512 602d2e1030ba46fac0fad614cebbe68e9f6362816867c181d4998dc6b3caa678c8a642ee6c0503affd4747f99c314d6895af82dcb1c0f85fdf2cf7cf51bce1da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 135e71ea4d89eaaddc07e02ef992dfe2
SHA1 d8cab81381155603337d40bbe29f015e0ccd6096
SHA256 9311ce168a276e5e6c95fbf8cfe0bee34f87d5b9d6660fe8c5b6341075426a1a
SHA512 aed7c6561aae9ce9d775aa80a5ec4116fb6677f6bc42eff1e1777f49bfa59809ceba7a75371174fcd4296a10ea288001cdce8fe78b8e9113d1570d1d56e8c8cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46896b9229628dd750614ff2feb63508
SHA1 9024078a911769e62580737c204918b71c309373
SHA256 6276a7a9ac644c2bf45a5816f7e458a477fc2071a853df458a1281d216e99379
SHA512 91f18b16ee0855fcb2758c3255f56f24096708678d32657955252ec238c312519a763d0291668cd3373ce8c8a39d8a09748649d0abddad098dc7e68770010e10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 318ab44d6ac874aff82bbb2951020d66
SHA1 7403fbf4f40c6c48332bb6ce7f5115d4edb69141
SHA256 e7598472c7d74083c95caf52ca89297b74adf032d32d7e82631283dc208674e6
SHA512 0b65ca27f5147d07f7b84d82d5fd773cc265123a029093b1abbe008fbd30d5b90c5a80d2d5fc2177760e968cb74ebc1130e61450111f10dc320385d7086b724c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 486b6686d43ef9f434ef6645dc9dc5fe
SHA1 280408e39bc9605e2b74312bf40c3a3c6825ccd9
SHA256 85f731d4a5b5f2671e4fe4ef38cf772fff30188ecb65847f04123f700fc236e4
SHA512 56bb1788617a96de77d92f33fe69ab6a0e9dfa0f15b33d49f810d242708119ca70cc136c5a4204ef74a736c20d3e810a89291d3122d0c3a972f4a7698021095f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db71f4dc0a1f1c0530e326f51a65fd4f
SHA1 9c4c98e64da16927a86d33b75c9433b1ac8ed120
SHA256 da9b0ab99464c4da3b9a3ace65262a7a4e8aad2f73bf1c36a3943e8ec50adf68
SHA512 4bb0771705492b20c9b14e5fecfbb1f4b1c465696b6542e3e17f86ae7d88691482b2cb4bbbfa85c60c9b98f4f83ace8417c2f740fc3f601b60ea7d134affa70b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 887bda9711113e5ad7ab392a60983ff9
SHA1 2860bcc1a18c1af4dffd2e256893a0fd19c6fe02
SHA256 556888820d62921aa4e837903bd3b32b54983047bd272c50404e4f5d87df57b1
SHA512 83394e35493f25688a8deda5aeb4adf57c8bed03eda1dee56be39d9cb39645afbeb07aac525077cbfbebe86aa122cab210f6ff4e2e290c89a8dd4fb9e33841cf

memory/2648-1227-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1228-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1229-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\57R1HE2N.txt

MD5 99fdc0b64606055744d8d7cdb67cafaa
SHA1 19c43d17a7c0ac08f800955d7099214d676a1a6b
SHA256 20015ca751b85b0440d04f4b191ba3a12d9c3808b2b508ee526711d3ad47c81a
SHA512 ff3cadef6df41a8f880036892aa38dccc52cfe151230895810ee628257eac552c0d317c8a903c75c2d6e317a4b91bee45fd9dfb3364cacdc80736bd2e7bbf630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9c2cc8432c249e19ae7605002e084f11
SHA1 8025c778a2c68723f1e8c197334451a14f774c65
SHA256 75ca0745794732604854ce7267907ffbfeb60a36a2515f732bbc536526c9912b
SHA512 8f6fb1dcc9894b871d5dc67c7c328443dbd9cc5fbc7159658ba25ce34dde7b8d1370cdc8516072c5e13daf35bdf9310cc907c12224893df551e0d23c9d11341b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b1991cbda6b4f3eda12d8d592aecfdaf
SHA1 bdb667bc32614416cf8bfa8c7a37af9774537852
SHA256 8d2cc9f36e281c1166996d3bc9447786a9900912c9a8df9872b8d0f340f1c788
SHA512 5ec86cb6cbe50069abcef79a1e55b068e5f45466b308c5fa1a797413c25b7aa13c0e11f94806af2b935e0e7ed6fe14d1d2ccc0d4d173dde11bf03c9aebae74c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_57DA74490ED7A10816EF04437EA06DB2

MD5 619d6101b5a3c55ece930d0ed961339d
SHA1 06d440f712028df0414685277ac3a8709ebbbcbd
SHA256 5f156bfb7633f6b634ca824ef6d0d7d96c6e5eed2a900fcb74817e3b497b50fd
SHA512 a80a1b8dad6d9c7841de98e0fdcf59efbee41a06912d862dcd0a8a7d1b2cac1485ca54f0ee46b2f728fded46acc49d1c1b0b5a2eb9c82581a73eabe6698a6299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_78E9BA377D96268BAF8E57FEF7614CD5

MD5 f44afa96b677450c8c561c0df9d1bfba
SHA1 ad0c3c1e3d81412417b2f74fb67ebd411261de7a
SHA256 379e01bae5c08ffaf1adc033654856893bfa5364307fe72902cab7815fb5053b
SHA512 174e6ca4d746dd3ef8bc5ef386ec232d442e13d7373a08dba5121abafd232eee5583a99cd3884e35c300116b23f2e8b142adbe4c79d9a8ccf494ec43fecb9008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_57DA74490ED7A10816EF04437EA06DB2

MD5 39f64bf514a230001b84b36b6564b8d8
SHA1 06bf44574cde353443dd8b19e0d9ae2391739440
SHA256 99b55fbcf9ba3183e0ec72dadfdaf639470bd8aec73468dfd501ff04c96b070f
SHA512 a6dd1b28b07830212b6aa62c4277b0ed22005935bf930a546fc998c9e856fddb30689181c19305503c0048fe9d6d08106794108a41e77915b337b14ccd8067c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0be61ea9124a2a23d28ae6cc1215c1f
SHA1 6f800d9c76f23d8a56b48b0622c1bb6cba512768
SHA256 4f6f20d1f92d2642fe8be7fafbf2ae9ee2914c1211d12144abd1d19e1b699c5e
SHA512 ba0efa0b67cfdde1556fd151dedd6a4408af19813292625f035228b571915857f38e4ebf2243d5ac8e862794db361ed5ad7a54a9151026fa4a4ef0079473a6b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_78E9BA377D96268BAF8E57FEF7614CD5

MD5 1f9bef9a8de4e16cb3d49d0055860b2f
SHA1 9526720f1e110a1c94fc8ec766844e0c944413ef
SHA256 608f25404050c8305ba965773ca52fcd3dc68f5fadc79b54bee3b7a0c7405d25
SHA512 0396de708002bc52b9c47c07d54e6a596118fbf41dbb6365bbacba397486bc169eef7ca559288e747e32276587eee84b7f1dfbd60fc607b7806f5df42a7e215c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\api[1].js

MD5 6650c8ef422443da09b3e4f9f412f94f
SHA1 f0f1729422d8b56b2b5004e33c2bbd2d27b62c44
SHA256 a4c087d114f87874ed22a9b77ac81aff137b456edcf57400a6fcbb86f8276baf
SHA512 22f3658b27a0c7d18cb2998b7f82d539e533e1e3d457c86851cd023a2be530dcfb8dac6c3a321f7d29a606440480861810eddd5116da67684a0dd84303306f25

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf

MD5 4d99b85fa964307056c1410f78f51439
SHA1 f8e30a1a61011f1ee42435d7e18ba7e21d4ee894
SHA256 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0
SHA512 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

MD5 4d88404f733741eaacfda2e318840a98
SHA1 49e0f3d32666ac36205f84ac7457030ca0a9d95f
SHA256 b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1
SHA512 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\KFOmCnqEu92Fr1Mu4mxP[1].ttf

MD5 372d0cc3288fe8e97df49742baefce90
SHA1 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21
SHA256 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
SHA512 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

memory/2648-1282-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1283-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1284-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1288-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1289-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1291-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1292-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1293-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1296-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1297-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1313-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1314-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1318-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1320-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1321-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1324-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1325-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

memory/2648-1326-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-06 21:48

Reported

2024-10-06 21:50

Platform

win10v2004-20240910-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"

Signatures

Disables Task Manager via registry modification

evasion

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1860 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Windows\System32\cmd.exe
PID 1860 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Windows\System32\cmd.exe
PID 3988 wrote to memory of 4500 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3988 wrote to memory of 4500 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3988 wrote to memory of 4968 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 3988 wrote to memory of 4968 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 3988 wrote to memory of 1156 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3988 wrote to memory of 1156 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3988 wrote to memory of 4428 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 3988 wrote to memory of 4428 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 1860 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1860 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 856 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant Admin:F

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant Admin:F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x254 0x300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3380 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xcc,0x114,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 64.233.167.84:443 accounts.google.com tcp
GB 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 rr1---sn-q4flrnss.googlevideo.com udp
US 173.194.57.102:443 rr1---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.102:443 rr1---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
GB 142.250.200.54:443 i.ytimg.com udp
US 173.194.57.102:443 rr1---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.102:443 rr1---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.212.193:443 yt3.ggpht.com tcp
GB 216.58.212.193:443 yt3.ggpht.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 8.8.8.8:53 102.57.194.173.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 173.194.57.102:443 rr1---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.102:443 rr1---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.201.110:443 youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 www.cheater.fun udp
US 104.26.14.166:443 www.cheater.fun tcp
US 104.26.14.166:443 www.cheater.fun tcp
US 8.8.8.8:53 cheater.fun udp
US 8.8.8.8:53 166.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4flrnl6.googlevideo.com udp
US 173.194.24.42:443 rr5---sn-q4flrnl6.googlevideo.com tcp
US 173.194.24.42:443 rr5---sn-q4flrnl6.googlevideo.com tcp
US 173.194.24.42:443 rr5---sn-q4flrnl6.googlevideo.com tcp
US 173.194.24.42:443 rr5---sn-q4flrnl6.googlevideo.com tcp
US 8.8.8.8:53 42.24.194.173.in-addr.arpa udp
US 173.194.24.42:443 rr5---sn-q4flrnl6.googlevideo.com tcp
US 173.194.24.42:443 rr5---sn-q4flrnl6.googlevideo.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-aigl6ner.googlevideo.com udp
GB 173.194.183.138:443 rr5---sn-aigl6ner.googlevideo.com tcp
GB 173.194.183.138:443 rr5---sn-aigl6ner.googlevideo.com tcp
US 8.8.8.8:53 138.183.194.173.in-addr.arpa udp
GB 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 rr3---sn-aigl6nsd.googlevideo.com udp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com udp
US 8.8.8.8:53 40.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-hgn7yn7e.googlevideo.com udp
FR 74.125.11.134:443 rr1---sn-hgn7yn7e.googlevideo.com udp
US 8.8.8.8:53 134.11.125.74.in-addr.arpa udp
GB 216.58.212.193:443 yt3.ggpht.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.178.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 142.250.200.54:443 i.ytimg.com udp
GB 64.233.167.84:443 accounts.google.com udp
US 173.194.57.102:443 rr1---sn-q4flrnss.googlevideo.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 173.194.24.42:443 rr5---sn-q4flrnl6.googlevideo.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

memory/1860-1-0x0000026CC7890000-0x0000026CC78D4000-memory.dmp

memory/1860-0-0x00007FFA1CC83000-0x00007FFA1CC85000-memory.dmp

memory/1860-2-0x00007FFA1CC80000-0x00007FFA1D741000-memory.dmp

memory/1860-3-0x00007FFA1CC83000-0x00007FFA1CC85000-memory.dmp

memory/1860-4-0x00007FFA1CC80000-0x00007FFA1D741000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b80cf20d9e8cf6a579981bfaab1bdce2
SHA1 171a886be3a882bd04206295ce7f1db5b8b7035e
SHA256 10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1
SHA512 0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

\??\pipe\LOCAL\crashpad_856_UXNGSSZSNRSJAYFK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7006aacd11b992cd29fca21e619e86ea
SHA1 f224b726a114d4c73d7379236739d5fbb8e7f7b7
SHA256 3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814
SHA512 6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f2655afd1eda5d6c9ac9a4184767e45
SHA1 5d7b381d34115af4bd546a7db798f10d9809c516
SHA256 e995865d87ba1969fc1420d6e178476afe1f709047c4286a07a719370499c522
SHA512 7ff5b6ed349e5ce5416763844401a1d0a7cdec02e7a9bf84ad3d89c84ef6ed7d754922b160e9d4063eebbb6dd9b6b72d212c27bbd49875ae7cf443283b3cdadc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 63bcc6cea93cdd894317583620702a17
SHA1 4d7781e9312e4ecad45c7b02e5e481066d1a1c81
SHA256 07f7c99bb81546ec38d4f895e5df840efaf7aa6302f347f6d8807b4707779ddd
SHA512 fed084540f038be0d7d64c44ca26b90556b84c1f85a588868d7cab2d92734cc9098540f1710a8db2116c92da810c3a44e301c15e77c2578380f0791ab9c528f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 34ec44343831cc8b360c0fcf50ae7801
SHA1 760421405a2704c7ad3a34bc93b42a276b6f3839
SHA256 a154305178feaa091ce32c4c3f1945ab8ccd5ee71d26af35c797028d818de6ab
SHA512 463883086618b8c9be64fe60ab5f79dcf135d0c25c3adf89502400f6708f98b65d06ce27405012f1d50d8ff90d53c2002a1cb9883730706e30f42f4e21936eeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 14faea8abad29a96c8c9b7b98f1ec2a2
SHA1 fc1c489bc83a49b88b7d70e81d021444b6373739
SHA256 b5a85d668a844ea3e8182461ffcc56790666192b8a36e8dc67c6d553353da972
SHA512 bd78eb74b73a292275bd64bec3c3b6b4eedebb188ce475914aa374fe2834fb75bb56202fc34b95d004d82729555dafbfac16e4bd8c94e8bf5f35471906895c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4206ba09a7451b8b9f04a6132338e6ff
SHA1 64147448e449ca9e79fbc76bcf80e20650d9877d
SHA256 c4f72d60867d7adc19888b492c7d0e5166c3061fe6cddaa92122f7b66456ec24
SHA512 eeecd7af943c64034040b5ac7bac11a456f5d0758ac5c3d1963c4122472b495093912b75693b07da73781dc40d1b3d6329d7ead62f361d72c9ace4d50c8f33ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4015f5adf14a66ae7793be07542f83c8
SHA1 b32cf12f491af620c08c92c864acd94d5ff46ae0
SHA256 e5753c90f9153904f56678a1b81a5f2fc7db72b4fa363ea8d0a5ec6018b2327d
SHA512 2124c40b2441a160f96c51d00b8609f7c66a53d1c1f36a5eb18d4c5a461409ec521f311fa4b9733bc8e1abd25d360811ca9f87db5ebb5085bc225a333a0d08db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12aff5ca666273375da159ce5f30602c
SHA1 cb4861d1702853513f1ebf3650ef7966287e4a95
SHA256 92e816c85bbee18b41e5c64b9d35cd4880120b1f66da824434e902eaa65669a9
SHA512 97636af38339014122d2bb94e76d83e2ff8a592fd1330d38b504308ed5b35fc23f211e3a75860d992b799bc1317823d6d5bd7d5f7b3007fbeaeccb159b1b9181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2745441beafa97805455f69b5d2ee55d
SHA1 ec39160a8757ad3bb8462c4fe2c3ecf317f849a4
SHA256 8f850b7923b13be2498b5ec321adc4aedcf5542623accbbf22dced68f1f8c293
SHA512 d47a1ff7864f0bb94e0a8642316cf24c0d2d2d2ad8d158e758591653b302b469f20c0f1b4367a8d1aba8803eade741bb7eb78be20957da88db99adfa2094e693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587049.TMP

MD5 8d57ab843261d362528bd38d8ca11036
SHA1 c4faff02330e0e0361a6a77064728cd58d529854
SHA256 a4c9a7c8776dccb16ec97f55232c25bfa8575cbe1e03feb7a8f3bb122d6e3610
SHA512 5c8036d22217bfcaa29524cde95e3be9e77836bec189eed3c91b602f93074023967dd6b03ca74123f0719d76c8bf0f247b08c3bad1f5847fb49aea5e049f47b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdb48a3b-58cb-41b8-a27f-1b559eb7bc17\index-dir\the-real-index~RFe587923.TMP

MD5 b291d1b17da3a1d81320f0cf207ee369
SHA1 99ddbdf0478a6df38623588415da7623cdaccab6
SHA256 628493665ef5b18c996c95bee2e487088b3040f37ba7dd30c7fc66485527aea5
SHA512 62b4e15c496738436297660b742ab2e87a4f523178ceaa49ded422f8a7cf13ffdb7e4fb7a8126f2e94aef3795f6e1b1b7d725215c85b37d273cf0be6900a6f1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdb48a3b-58cb-41b8-a27f-1b559eb7bc17\index-dir\the-real-index

MD5 945f60556ec22a32d8f9022589ae5c24
SHA1 a5a99bb15f84a612af983aea6d6a0987a6eb84e5
SHA256 0efee83d621437271df864d744c42016d9322d721bd769d8a5c45ed038a7e713
SHA512 b47cc58c6d57f1108129dbef85e168084677d35a91c8e5e1a28481714a68e0ce14e4c2efabad6cc287d75294f5d5d7f26047c84bc7923336b7d34fbb1da3e494

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f50bd6db5a0ccfbf89e6ae0af1b0baf2
SHA1 3b63f29746deb1f81c4afc0b65e9c38a35b7b7d0
SHA256 9957cc776476f8a5542ce2b66c1e79f23db382d8be471a0592ee0107e6465339
SHA512 cef40e409aa96d8584de5805c09c26bfcc7ccc85cef25992220b02a1face423a49662b05ab2cd9ae8b4130481e773cdf24807a537d915a37e05928c0c1366e38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f3e6710a5ed88d473ab8f0ccaa869263
SHA1 1aa5badc1f504d173a710143d0e12951552bc1ff
SHA256 e0759c5196c0b61fd626f93e42e8f9746c85e800f28bff4890968c97258acd45
SHA512 41acd11dda19b637e2ac8d406233727908cd3b0d565d287909cabd0967de414c36c7b0196f42811dd6f711629d965dce834673e07cfb7b36eb4031940c620632

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588f4b.TMP

MD5 5d36a37c7415c8f40be97cd0dc3b1218
SHA1 59ac448d956bfda41b27f5e2a76ae05e2f409de4
SHA256 014e3ae42b248bf19dc9fe2256a35889062d289edf2ec717eda409335be51e55
SHA512 74a9046c64d70060a85f887c2acd198bd835bf7c60abba21dc114864f315efd7e3f246dbb23e00a0f56c5e81532d541df4e6f1806883612e70efc7ccbc9cb173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b7557e65f22c5a2676dd6339c1d27062
SHA1 6df9a2bdbe91f96b48d90085b44e5b1715f059ce
SHA256 199ffa8d22cc63ab1ee8aac3effcf21d6f0147a0a1411491e8b407d0df50ac0d
SHA512 ca2789cdea613f1af7d5a66a5c22e29442827664ab0f4bc421028254d2c7ea575d67c61070113371f029098e4ba74b39dbcd18fda48b2007fc6999ebe1093e4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21ae10dd53604a11ddd01701360d2f0b
SHA1 34e7640322de99340feecc6d954bc86c3b5e7a5b
SHA256 78722381df903b6b0effad851542eb8d2a1bd0b2570f2d48bddabed6e7215dba
SHA512 d91fcc951150d353b4d9ae3a3a7ef5be897be92615d2cb77826b577c94e689a5afd18059578e4f59b416a09195abdf0cce14f80890a82284c67d8f2d865e7f8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 778ca3ed38e51e5d4967cd21efbdd007
SHA1 06e62821512a5b73931e237e35501f7722f0dbf4
SHA256 b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0
SHA512 5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 d4573f829b4f14307ba330cb30e84a4f
SHA1 914f31667c202743a1f761d6e5d97af867692822
SHA256 153998221610cf51fb52561639d94a86a7e027225571296ce96aa1d716916828
SHA512 a2df48fdd73f7615c370c063e175d76f35c3e73e6c7b06f8c96c222b0810ac0694044084dc824f57c4a67dc783fcf92412c89927abb358f2c4af260bfca737bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 6446a11e503a678306ea9653aeffb08e
SHA1 b774ce5a88202a719e6a7be53bf3373473de31c7
SHA256 680d8582801792b0578b94bacf2a68c231bf4f970d00b8f92fa85e32c6ce94a1
SHA512 3f282eebb712ab6aee8d47222af9ad05cee7b292a0e463cab8ab5999db5a727dba80aab6e98aaf2f8d4c3932daaeff08ec44562287b786868d631d4b295de6cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 0b2cb411df0c267c83abb83802dee87a
SHA1 cc65aec20bacb8bee07f10981658dec751b6b270
SHA256 77177367eae44aa70ec5fd107ccd6c589092ff93e9166b9bdd19a0477d2d2e42
SHA512 17fb4be12d013d7fc19d6e26a6e25131e88ce6272fec1bce23a94d6a6a3e309ea9dbad75fe91b80862fc014de1687016b3418215d962836bfd0d536c4f95b22c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 0ceb818a26c32ccc800255c207c0afac
SHA1 ecca1bec3f2eb5c5c444eb86a9835ed4ffd9766e
SHA256 b8f195a536a61525543f3a65ec2d11ec9cc27c2c18b74def7ac218ef4fa41124
SHA512 8f89398cca104d6fe7b4c3e7d86cdb6b401f1368ee711b7650c19a688dc616c36093aed2bf0a4dd27a269cfd6946bd3b4a435d4f9d6f2f48eab8ceb3803695f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 4165e15c0e8e7f5313aba85f1fa09233
SHA1 15566d6448757cbbf77ba502d1451b9751a9de0d
SHA256 cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90
SHA512 ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 f737d4b852a8f4d2a41e8f9033e13aaa
SHA1 f1f7eadf66cfbd6963697d102b4bb1e8de28da2d
SHA256 2aa331f40ecbcae2cddc8cd73e836b5c2fdcfa9e03e49a6ec55e7e2d6673197a
SHA512 b567703c94d991d71b692808eba4e7c593a7eaff3e8e31f3e2bb397d36d47b3baab4168339beb15df3ca3f6004c88ecbca863c6fe286dcfee4355181c0c904a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c0dd6883e32dc796bbc10667b1b8c7c6
SHA1 7dc55c8a79a4c62ca1ecd4dbfc9fcf22eb631654
SHA256 bb96701a77711c9348b7f5a86e1cd54a1597cf0a9fdb9651ef6901d9b987b710
SHA512 f58c21b7cb6611de0a5ae81128fe2d556a31f3bef9fd2293b058258e2901b85d8d81eb908de9c8c4bb9d696289451586579a5cae2ab182a1f329fbeb36e4f19d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 75c9bc77b3e0e30af4e5312eee529027
SHA1 630196fc218bfa7cced9733c701bbd890e5ba840
SHA256 bf39875a1cb81ab21407ddaee871cbdc72e17a9cc7e774a80d6474377ad6a9c3
SHA512 df1f92af3c71ba541ab4ba6d86c22dd534e38bb547fab317b37b95ffefffabb4c9b4c15b11a75c059ea4177cdcfd84900c187d54535bce316bfac7509f1488c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e2e3cc6c-a65d-449b-9b01-214eacb0e8f5\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 9a95465d3764f96b7999c7c0f30f87a6
SHA1 5d2f08cb28acc8716afc6406beec43120b5737df
SHA256 425485dac92e5a7f24fbe3c728977bb245cd9425ddfcfe51352eebbd8bd2c0fb
SHA512 e80de30197ce9460abac1f3831a85da660aa382afbebd41524b448dc0e092c0270e5758c6b5e67992d3129ac6e3bf55f5a01316c0515b241a4aa88044af59913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2d0cbcd956062756b83ea9217d94f686
SHA1 aedc241a33897a78f90830ee9293a7c0fd274e0e
SHA256 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2
SHA512 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a57c7e81a0d4e6ff33d20323d2bebe6d
SHA1 2546003d69e1a163df7067672ee998c161d07dc0
SHA256 461c52c7ac2b90768028eecacbba8d68be9e8d9c25c153f5f35a31830e2ecb6c
SHA512 7e78f5e846ccfe545a7a7db5afbcd3367519fe0dfd9ad1c3d978131b717223ecff7633216231edbfc32443a810c599dc3ef94aa3ab28ce6790df356c3adde47d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b29d6564d504944c882a11565ad76fc5
SHA1 55595493ac1f32db256b731c4bdc7f6695c65975
SHA256 5011113068b800186395b5e26fb019d9b43d0168c95a5c7c354884156a061e9d
SHA512 0f70bb2d870d9c01186aad175eb1ec972f196cb8591696b3b784d67ab7f540d7e41f0c86e8d7c64f52e6db228eca4ab2318ac2618bb59b66315af3940907a5d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b9702688303fbb6343e85ea57e2a15c6
SHA1 b10aad5874cf3ecf2b47248238c0b79ff3f90334
SHA256 d81320b92a0387de380553dbba770770c6682079297c354ddbebd2aca680ce5a
SHA512 8e28ae5c9dc9be9a7d492bb259ec3953da6ecfa118c8272e42f34288b7b032f1a57ce0c1ffca0a7d2890599dc522c5d175c6fc5cd7993037c6d4c3572e38da8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdb48a3b-58cb-41b8-a27f-1b559eb7bc17\index-dir\the-real-index

MD5 a7d82df9e0636a264478436feb2400a1
SHA1 dcbf4407df2350aa0a2d23fef32e45514539987b
SHA256 97372c3d8ef8a7cf8f15d0644d7912e1da4acbc2608ee4317054a03f6bf39e33
SHA512 da97bdf22a858396f2a081119bddd357c8151bdad819662def5bbd05a4a3d7754bb2710167f234cdbd58d1653b68835d9e96976224c52e895c520d96617fda19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 52bc550b1d445b9a0502795277e5fb5c
SHA1 d8ce2b03d9cfceffc17d5e2e91f1a6da78ff735d
SHA256 a1206170896fbeaf8afd638de7a7add7688f91e35044b19ca114b4683c051980
SHA512 22317cf6cecd8b1b8c4d0dfdc2168bd8b050ef616d51ee39cd6b3cc11b7918704877641834bceba834fa91b1ff9c7300edf5aaf3134400e04e5a1b9afbdcbc1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ebb26c74d698d034e0ae91b4408aa220
SHA1 0aac4b0b65523eee27b39062b4a576aa80b4882d
SHA256 aacc6d13f310406586904df323bcbb955aa9a3531126c351957e8ab1fefdb1cb
SHA512 0f46cccecfc3a7dba0f9ed5412e37cae5de2a03174cdbacc9152306ab5992493daee90608d3cffa9196b8e25a59d2fde11a0d62e2ff2c5a3543db4c4deccb0d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ab7993452ab3753885dcea2ce9d3ac80
SHA1 4412562734ad99fe6d6cb2c8b4a8f4c472046b41
SHA256 252104929278322098ae79c7e8795d5dec2f01814e2cf8e268ac1a7a5985e72c
SHA512 1757b64eb80f439da5a00b2f3f3fbd512b4a5cf2860591b52be3e53b6f2cee5f70576e7fca08415ea937b6dc9901ba24676f680d3a9dcf660a5e0be4c4522677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 75b7b80ecc1d0e1b01d6d7af1782969c
SHA1 cf60d3f23811068569a51ff35ac0b0150a30e9f8
SHA256 d4a43756ecb02a6abc8d9eccf1cb6a58925aa3fee1cf6a6c3ea4ba6293ea6d1e
SHA512 38a5eff6074dba5642254eadc571cc1465f9ab31851e7eefb0fad339e3a8bd4bd102befa781d0107f0f6923e21cf358871a2231b00dbdc8f47c9fa7ab7e6343f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 68e076a8b5b30af0c2c7c1dfb48bfc32
SHA1 7e0a5cafd613c176f50cdb33b4d3eafb9252588a
SHA256 e0237f8a3e42884dff9a269bf214331642f9221c041bdefd715ab2afb34af9a1
SHA512 021c601df81cfe75833b870c973fadd6fc3fc546d1668659e29003070a6a6acd22d25f8ab1e92d904677ba9e1fc58967293ac049cbeeb75e6faca7600c868ff0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a7d6911e183ec14041592152151e8d5
SHA1 06dd2efbe190eb29a1a9001af692b04c2759f4f9
SHA256 8aa8bf9dd4307f5cdacfb404fd583fcd40531a0d6ca57db04bd816b0875093a9
SHA512 c5e77e67af06f0ce8d2d29fbd2c07100039c00689ced266a567cea3228056c1ee95391852414bf9cf214c35e42b25abb483529c17854590233266d88316f50f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 739d0dc61cb674fde8cca9ffd10fa467
SHA1 e44c5791eab9a5a05e051cf6e4012b9e28e3d852
SHA256 57a6f37347c3dd4b2fc4f135007b69dce51a6e0d5bb0a92c09fe3deda18b61ad
SHA512 a30978d7b9a27361662634b9dca3c46687a4ff798dc734b41324170fac9874e061513f030cb0b8bfe1cb340d40e7e16f229d4aae98f8b3472a05f03fe63c2c98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fccec854895091ae60b553bf023578a5
SHA1 bd4f352b4f95193aeafff28afb826ff5b4107f6a
SHA256 da61b8ad9ec5ae1ea88cae631f123c0061765c72e4e1911d1a01158e8829cdf2
SHA512 d6063f5bbd7d307d752d39fcc521486d268476cd3e3321c6fa215668d81857db847780bb8f838c26c9f42b405a85f05ab8397dbbb2e489c8f4b50a9088c6c105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4d90ca05a56fdf8_0

MD5 a13b815f4bd00171192e1e95804b2590
SHA1 3928b66efcc498b9564124a9e2a7ec2554d5393f
SHA256 cb08c4b6399f9061143da7b056c62aacca34dc63d8010d341c00cdaf134ac3e3
SHA512 bde1217a48d5389c7f523ff5efe8ca60bca77bcee4e4c943c88985f28712b40edf03c889fef91f8a088c72d57b0af221b833995a78a11d38725f503d22ba4941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2eb6d2bd2aed76ed2c6438d254d49232
SHA1 797cc72a7bfa5af3779c0aed175bfb1f00cf5a81
SHA256 9e097a744ee71169a906038b84b100f0add169de8698460ad0885a2a1284070e
SHA512 ea8515c8fefeab8512b1788a6f4d30125fd2e3b75d480db97cabbb5ac9532a87bbbb714f921dfbda9a6b16b0f5a3dcd6c9ce14496be4ab88ec9bdb155b35317c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf4896caea76a7ac_0

MD5 a790e7cf3c82b79a315f762a5232da58
SHA1 84a0e25e48b0d57fd2455dc154abea11eb8fcfe6
SHA256 2bbf998c5d2bf7e44509656f70654f4b7bd84b744e4aa4f33789849f3d661cae
SHA512 8e5c802b01e6968c356d099daa0b6278a738a7959c9c8bae91a5454767612736db62242d4f70aef973b67e44972e1201e53fe78dc335cf1ebc889c99f766b46c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 dfc11d056fa7cb3c558ad47e79c8edf5
SHA1 df884724c4d77fc889c86ea44805ef92995afabe
SHA256 f795a708ef3d3b363bebf83622f1d5c39643b95c6b606156ffbe0e95c129f481
SHA512 0fbeee654540924d9b1ca2283d9cef1cf8479f879af7648940746c88435b3eee14454a16ba550b2cf4a9a703bbb7bfacec0628c980145b32b578138b314ea79f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1cac1ba517c3385791a01e0594e989a
SHA1 8712bd224e404d50209118419c20dffd16e3994a
SHA256 c57f48f4a67fff58d6c7c4612c51c5a45d35db9f99dbf987c2d6b73cf3f57879
SHA512 c3d87203f8075e639a7e3d40c96d0aee26f22f84347748b1c173f00745e4d38ee755759f9dd100cff0c8cd03664472b06e0b945ae21e26273860d06304623b19

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-06 21:48

Reported

2024-10-06 21:50

Platform

win7-20240903-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"

Network

N/A

Files

memory/2628-0-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmp

memory/2628-1-0x0000000000290000-0x00000000002B2000-memory.dmp

memory/2628-2-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

memory/2628-5-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

memory/2628-6-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

memory/2628-73-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmp

memory/2628-74-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

memory/2628-75-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

memory/2628-76-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

memory/2628-77-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

memory/2628-78-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-10-06 21:48

Reported

2024-10-06 21:50

Platform

win10v2004-20240802-en

Max time kernel

93s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/764-0-0x00007FFEDCE23000-0x00007FFEDCE25000-memory.dmp

memory/764-1-0x0000029704DD0000-0x0000029704DF2000-memory.dmp

memory/764-2-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

memory/764-5-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

memory/764-6-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

memory/764-7-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

memory/764-74-0x00007FFEDCE23000-0x00007FFEDCE25000-memory.dmp

memory/764-75-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

memory/764-76-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

memory/764-77-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

memory/764-78-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 21:48

Reported

2024-10-06 21:50

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"

Network

N/A

Files

memory/2656-0-0x000007FEF6123000-0x000007FEF6124000-memory.dmp

memory/2656-1-0x0000000000110000-0x0000000000132000-memory.dmp

memory/2656-2-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

memory/2656-5-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

memory/2656-6-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

memory/2656-75-0x000007FEF6123000-0x000007FEF6124000-memory.dmp

memory/2656-76-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

memory/2656-77-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

memory/2656-78-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

memory/2656-79-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp

memory/2656-80-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp