Analysis Overview
SHA256
d893667722ead622a8309c287f75d5e31aa8614db99ddf3866d1956d4ec83219
Threat Level: Known bad
The file NeverLoseCrack-main.zip was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Disables Task Manager via registry modification
Possible privilege escalation attempt
Modifies file permissions
Checks computer location settings
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Unsigned PE
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 21:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-06 21:48
Reported
2024-10-06 21:50
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
memory/3176-0-0x00007FF98BE83000-0x00007FF98BE85000-memory.dmp
memory/3176-1-0x0000018FECFC0000-0x0000018FECFE2000-memory.dmp
memory/3176-2-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-5-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-6-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-7-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-72-0x00007FF98BE83000-0x00007FF98BE85000-memory.dmp
memory/3176-73-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-74-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-75-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-76-0x00007FF98BE80000-0x00007FF98C941000-memory.dmp
memory/3176-77-0x0000018FF0000000-0x0000018FF016A000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-06 21:48
Reported
2024-10-06 21:50
Platform
win7-20240903-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Disables Task Manager via registry modification
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000d26f6071b48950640a26c1b77fffbcad9eb23e5fa7425c212979c7c197b1fdc4000000000e80000000020000200000005e20f9ca73d66f98773178a07820765b64c14fb5a9d26d98fcc61f133440292c3001000023a9c48117a81cf7421e1038a93598f0aceecec092d484bfaceb5b60af54b6c89838398f9fcb1034addf44a7d1184ee44406586424d9871b859c8638f683ecb4dad48c084882075c1d68d67917c0649cb57c0353b5dd49879b06a7f9b073b620f142eb02db787d6b760b35cbe906c6f1240f2b76337e9a64fb7158c02f4cc59754c508fb8252db3dc489e291cd3c95ce06fb6ca15a9fbd930a8bbe5e17b2d428bbcc670017fcc02dbef873cd3b8d0470e27d2d35f315a5f01d7d5a25cbc924d07b2dce66c340b7658b3e7ff5fc7cf7c2ec027bfca81c669ec479fb03817f4f6eb0488dac3a003cc52dcb3beb5ea594cc8397d6fa304efd5b1cb04795751b2f8f34a3541da0770f87d8adff87846f48527e0f87afb8efb06e1caa9bf120e4f57ac3d70e4cec493a351dd36190abfcf7394000000039ec8aa11403c8da6a063331076e7d65188b34661e4bdbb7e3a6ef32ac5778b389ba389b376e6d100d217c413c52c415fcac92e5df1245ce7de286872c17d7cb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000483e233db11b8ab85f6c4a9e15d9938d1f5aab85d62ffae5e8856f6dd32a766b000000000e80000000020000200000006dea7826e80e9064345a7a3d4b4f305b4b094b6fc1e41afa4d53d399552f9c5f30010000801a0337bb9315cd536f8fb8c10182a0c4103ae59a3b411c4ae5e3d80fc57c201f1a06cefa68d7582c77ca25bb5e8d59642c62974582b74bf8ae0df8b86e30f6a8303ae783469ee49ae5142762c7bbb6bed7dcf7c67733a42dc88fe92ba32b541ac47b01f35183d147030beb8d867b705d83caba4997f386ec5ffcf050cd128334863ec55c0f24a2e90f44ac9b68563e72272044491c72acb3867240f3ceab70455f2f3566f5b35d356d91fa1053b25b531ed868676ebf6b050de436b4d5999d1ce5b2a3618417a2dd1004e9030189baea597b7fe94ff7217e17586fac119e2d821fc39f8ae726336f1eb90b6dee4153f05abf7c6e27bce8e51716becc89da174c3367a4efdfdadbcdee4f12f7556b2831760d11d5edc2b77232f8efbca6ae7e54a311828c1ce330187ced13736d26f740000000234929b0ac3bfa459dec921c4d623ea75578f7e5517fef0dd9aa2138f8e52228e488280a2bda3a8df51746aff6ca30aa7bea476375ba6a8b08c63f86e310ea68 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000008e57030de5735dcf635eeee8e96db87263c3c9de20cdf55567fc17193fb435f000000000e80000000020000200000008ee3c70c5a690d1673fbf887dba1607425ecd43ce856af6866027dc61fa0c53b30010000562849ea012883d52d268c827389592e578fa2f08ec7cdef85d6750b38b72144c408ea793daf5fbcd3df8cc97238df4beac05271e42c5eea0882e3b13cc623160afe397462720f99981e00abfbcc9f0a6ec8015f9d248326befb737ade49ab0ac563deb822d07066829329970058e0304c5de0d9e7943cd82a685e064b38b9eb49e90f7014bdadd0c3e9ba597c050442a967e9ea33a25452b298c956a8b03efbc4a2507d4894575efe9fa688373d3a614607d422c8f3136091ea9d364c7aba63f9590e54614fd94da45eb08dd62c4c6a0b1b99be7b94ea36f80855cc71d3a099ac58ebe23c13c97e5e8996b8ad4e67f98dafe1b324b4d26500cb50595c8fa138458faa3412ae3c9a30014703acedadb0503ff6daf3dd8004d979e93960f7ae84febad9707ce3c4eb66c0a72f962083e540000000a29b7c2d879345dbf61eb4d77d16cfa658908e5cabed6a3a82d340dadc3ce6cf5466ea1780120633f7410a945bfaee18b7e7b5d1460333b998d1e967846037f3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000686ce0687a4a54b2210e2b4e99b3b68e6dd074b4cfeed722ba30f5e450af2211000000000e8000000002000020000000de7765f7917192b51a21256640fd3607cf510529c327b3a2245055d2eee455a7200000004f41b706d077ba8e66fc6da7af65bbbb5ba99964d96335407fc1c4ab8c3092e740000000beff80f7018aef19ebc2ffcfd61e71b88e7d6bec5c9164fc78d84342640dcfbf032ec80f2ed3dccf4668487f9c86a9cdf334ca740adfda91173bb8102a7ee26c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000001c020980af68d54858e799f464c9939c5785f68b248146e2cb00b11297504b000000000e800000000200002000000093e7afa6539605b2bbfca470584e4ab2e9f0f984fe23d476eec2c22331753086300100008b3e3b1bf21e945036e5711369884fad1cdc640db92c0161bab01b1504ef08aa2cafd34e2c1c2a18912397422d3061564814ce5cf7e3fc5ec247ed39a6d6217f942256a23aff6e2fb378b1215145a3b0352a437745a173c379239764ab904598f4a55a66183b71a4ccb427c99608c028b0a9059075b3dd1fff865dfb1c83133325aaf6e288f73c0ec7e965fc7633a8c85a0dd684b2b75f922480908658dde20ac7377218190df72ed74560bd230da7b32573f46a991bdf47d65cc8b8c20e7a7394645b54e1ee52a41153684c493b3d28b3a31ac722785065c1e08a55a86e8feb2ab986b1c81d5d7321d96b595c1f91e229c8349b9d5e936508841615da47288c912789f41f0f82f951207f9c75323fe579dcd1f5a3516a1941d29e7c7a6d32d8e6cbdc6a8ced9b257d6cb87029cf6c16400000003ad20602d40700bdd0d499276e787bc128d69975504a40fc466a212672c6dc1a9f356bd0b36d1d3cdfaeb2cfd8654693c792ed20fd2a21b8021194fd6f89ccdc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000b6c843b06a6a6fa7350f12461692f37bc272ba9533180340f22d2c0b8cc80080000000000e800000000200002000000057468af7ef8a282ff531dcb59f2260ef7da042920315f3a113232f7dc1ab7f95300100002069a5533dbe900fa1e1fa42a4f6681e4e4d4084855daf0b5845c818e5f4cfda66239c8945ed0d8265ac2803971af76cd8fa1952d9701029c52cc4deb6fb4319785dc38810bc28f4800d728a13030108aa30c882a595a54166624ac210dfe77deb2833d3bd9cc6a78783a90132bb6fa18524409889db9d05e232402030e9becae6edb8d308c32a7ab7bf8b3655caa2ab8c92fcc157bd5bb8d689a4e6fd9c0ee54eca38bdf02cfa5725fd601c0a7718e17bf33c0bc07ff01eec8c36c13f9bf7a72b10c36dd529b9cf07592491d2d07a2e3f43423a88bfc2ee9bc6dffb56703adfded22f9db120bf6e15dbf20bee752d3704b5a28bfb3bb9efef6f778d04bbba0f37aa6605eba89b1e2cbc0d6c20cfb9cf7f775830384638ff3c9c1f03d68cc1645bdd3d77446c20c72e6bfa7093d60f91400000003c7913b92227770bdf6c425c581c1682fd385c9531b8a9dc3c5dd1d5ba2a353d94dcf137eeb54d5deccb1fc44e51b365a344ac67cf345f664900cffb248fae32 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000f1bc094ba8b2e28d22a7567b0b4302d8542ec1b657243d9f5258c6d1f4fa5bd5000000000e80000000020000200000005497203e0447e7312ac8eb9060e27a5121a8da8abe0b00e871b7ad0c0cb4b36c90000000256090b462adfd2f09f854fc90c45e40b0b6043a3e3d78852c88956084bd1f3ec2dd80ee646d265bbab4bc24729d6f3fc825c3672adbbbbed1b89cf99422c5b49e5c35f7597da717e3ada0ee6f369c73afda7cf41c47fa7071b80230bfde177aaaa0643ff5ee7322ceb02854c0f50acef4564eb193ff624acd3a78a545e2fa653e9631afb4dad00682aa167f7b87ded5400000003ca8c7bbf7547a75d93efea84f5d10df30a006686d4d4b1689f747aebc9b56bfce1ccc51a9d59de10f808e87d9c6bd115f0b565ca2670d2bf5bdb8431110e5ee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8666D31-842C-11EF-9527-EAF82BEC9AF0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\cheater.fun\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434413202" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32 /grant Admin:F
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers /grant Admin:F
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.cheater.fun/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:472079 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:537613 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:537629 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:799784 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:1389600 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:996413 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.cheater.fun | udp |
| US | 104.26.15.166:443 | www.cheater.fun | tcp |
| US | 104.26.15.166:443 | www.cheater.fun | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.3:80 | c.pki.goog | tcp |
| GB | 172.217.169.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | cheater.fun | udp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.3:80 | o.pki.goog | tcp |
| GB | 172.217.169.3:80 | o.pki.goog | tcp |
| GB | 172.217.169.3:80 | o.pki.goog | tcp |
| GB | 172.217.169.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
| US | 104.26.15.166:443 | cheater.fun | tcp |
Files
memory/2648-0-0x000007FEF6453000-0x000007FEF6454000-memory.dmp
memory/2648-1-0x00000000013B0000-0x00000000013F4000-memory.dmp
memory/2648-2-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-3-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-4-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab7DBA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\f[1].txt
| MD5 | aa0cb87afedca46feea8717f309fa35a |
| SHA1 | 74d7766c601fb9dbe80633c4bd4ea34f2c9ec4db |
| SHA256 | bec4d5a106e91be7c11aa87765bafb2868406f1bcc377ed3801698ecfbfa3579 |
| SHA512 | 29b4c73929306e8f5351edeadfe16fd4729bb11472f5e3f50df14404f32f722b0052bc190d085b300e9359d65da90e2ec53995f5daf395d2ca13647773929a08 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat
| MD5 | 1e38821d466f34d4b19abb09f3fb3999 |
| SHA1 | f935dfb071a66a0107c16b02a567df094400bf4b |
| SHA256 | 11c48ec6c1fa4671b6ca0dbfe3ffcb74ee351c10c0313623b2bf9c5afe95ca05 |
| SHA512 | e6a8e017b7a8ea28280fb724ec19b7b67727bfdbaeaecf5ee5e8c7920f24fdf7c7ac7fd2c18f3b6cb9f56a28d9bd60228ef1c525cdb75bf25c9cd658299f1aab |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\favicon[1].ico
| MD5 | 6c9ce802f79e4522fb07a2eb4de37d50 |
| SHA1 | c311dfb31b47749fb06f0c57164ed9cb9641ff86 |
| SHA256 | fee3bc240a1a5648acd362d27ebc066b0540fd2568ec7d228e5f2f548ec937cd |
| SHA512 | 618904a5064cafb97bce537cde4fc3887f9cf72c2392003d8e42a0016dad381e2fc960ddbadea5c78ac5711a59e330b1a1e0af0be938ce94ca4737a62f1b206d |
C:\Users\Admin\AppData\Local\Temp\Tar9937.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7268bd918964bdedca6972b30ca8dff5 |
| SHA1 | 6939c1c3b145d6b5075b89c002f9a0cd22927358 |
| SHA256 | 44ba967ba32bec486786979a99724e63f1c61b9f6a84a1a64fbcafd39a5948cb |
| SHA512 | 0ed25fcc8637965c4e8394d13db678962b9b7f6c76806e4750a576bbc174ef85746a9d4026c279eb637b56840092d114a399b529f372ce7950c69cfd771bb8fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed64c678bc61a130a333faf37495bf11 |
| SHA1 | 09a30efa6ed723f35a8233544d9ee49b8d1f0595 |
| SHA256 | 8ce9529b59fb47aba5b90003ae8561311f21a9b82e0f53e81e344d663f2911ad |
| SHA512 | e21a971028718ce989ddc7bbe0d78bc885a185dce79b3e42b0a3f24e9762f370af41de12f5aea8c03bc2ca76213dfdcb7cd934f43fb8be53983d5a33d8e6f10b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f64e17058df9ec57269a9195b72c05d |
| SHA1 | 2d002daca2c62fa1a706d6733f3e240de2fc35ba |
| SHA256 | 79ea5a487e61f2582dfdbdfcc394750a24461d71c3886bd13d4888a062e3e8c4 |
| SHA512 | 9df45ff37d6c4d2457061044c7d87a785b0fc94c4855c4b240732c655364b9ae9c746a6a763b4eae10ef6cc31a546d2b8c79c5e0b9613811de67f8ca759f0f78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ad51b30ed0df36976e0bcbc289ec10a |
| SHA1 | 754ad0b5f2747bc272dfcaa2f8cd8dea62c82d1d |
| SHA256 | 8f598100fc2934d98c36d73a7703506ebe499abe2e671032e1fbe65e443fb7b2 |
| SHA512 | 1062dd08eb03d9730b0f68de911d59e75f52124e88a110ef67336a7262e67f6424a22e0e1a5502e4622792955dde9dbcd1ff80e04be47b49082e2ee42d9e58dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acacd73b9e234b45cc39a693204a0713 |
| SHA1 | b17a0df7dbaab65ce765895a84447f4844f9ba4e |
| SHA256 | 1530fbf3cdac62c15af55affde96c41e45aaa7227b329e4dc7c021c297f2399f |
| SHA512 | bf10890785974160d34fb5d5bbbd8bdd00809fa0a416c752cfa70757dbcf3d35399c4d899149b05adb3b726b79e5d62db6a914126b3597d7729d510169cc89d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 770c307724d8704ea2378741d1240e3f |
| SHA1 | 5ba76eea0308a56e33896a1666d70d77e1688e04 |
| SHA256 | 67d97f593f3ff11ea6c015768553c75f75a02171dbd7f6d38c651fc1f9547a0f |
| SHA512 | a9f2e9123e59eb15c5bb0ca031de6e04c681b7a4833d321f3b29f56a087d0e0ed404af65f45d50e1fda8dc567436b5bde9ad216ac5d333d5ad11512f85d1a5bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8785762fee244e157009913206b8e983 |
| SHA1 | 364841e2cb6844295eb4729e1c0672e4c244b98a |
| SHA256 | fe0b93adb71d56fb0a40105a77e9e55e3a32688d3d522c5ba73a39e2d90e658c |
| SHA512 | 88e7bcaf62c344d74b124a2ae6f4a0a1b02950087a3fec11735cab8003421089a0935267fef53f4104fb6070b22e96d86bcd50f6d25a44ab785ebbb7b3e00edf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 231e5c0301ab25a83183fbe35e69fbf5 |
| SHA1 | 1fa6123652e518334a1fa51ae09f148965feebae |
| SHA256 | af7cb296796a37f1999ff44a857db1ed00039d9ff28013128227464fed22788e |
| SHA512 | f8a36f5c0b025559d2a0bab44217f2fde57909a5a48937baa00ac08659754c411a85b3ad80684eecd98106f00b346ed06225101c1576a3649253c6698496b18b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bd717bd2e21e1e6fb719c4d2148e23f |
| SHA1 | dcb447fcc423c0de9863b4f02a8b06076339018d |
| SHA256 | 516cc2ea3dcfb102f2d9c3401fc00ad2b78060543ec0e33840050cb48b2fdf9f |
| SHA512 | ad3f14f9356b17915a2ace23dcbcd8abd08475fd3c91d257681513b6e79407d3d87c8e65f61d278e8eefa56b03c9ecc0e6d598f8e44884bc13d4a63b4d188ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15793129385bd039037e5dbfb6d2f9e4 |
| SHA1 | 35698c4701304ddc3559e959afd6b943e2e7e123 |
| SHA256 | b99dd45ec109981bd672d69069139d4e204d2f8072cfee8dddd001874c0cbc76 |
| SHA512 | cec04de6ab247a488d7806afef59cf24425b044279d1ec3794ff3d5b11a9aeab630c178728bdde07a5c90f8680717e40f1870ed47dd6682e3e413e8978d590e3 |
memory/2648-575-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 3b2da3aaea49b85a8a220f5efeebc783 |
| SHA1 | cd8f6bfe7c665c7e52d24bafc68ceb1020484a4d |
| SHA256 | fd00143abc95524e7e1d3ce2cf5e18fd2813a387995a3c659182382e7ba121cc |
| SHA512 | 33cbd8527c0b24b6df34f228b98fc21bf51e73b3e3c29e96a56d6e54a98665351c4ec9092343eded1678777fcba113048ddfe46cd12a83665bfd183281b71d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 573342d1f0d867afa795b6d7854a8a97 |
| SHA1 | 5467899eadf0548e9d83e9c8cf8947a305a6cb1f |
| SHA256 | 03d6c88dfa87c6a9345d0d0a572b37c9181007b08a242eb7cd75e032354d0495 |
| SHA512 | 0fa76eacaf84c9c63e79af2780759aa4a68e5cdacf1c8eb1b6ee12046c1ed360a33aabcd9a637c04e6fe7d054aedac59eb211401fb424e0be64a555d1a143c26 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat
| MD5 | 437c038fc08ef455eae38c1914466440 |
| SHA1 | 059446456324d77d91a198022a6bf262d81febc4 |
| SHA256 | 8612659cbf8f4f98377702c2eaa8ea02a01bd918157271d810c3ee1fcdb38d0b |
| SHA512 | 2566371a47986c46018ddea661deeb32a4d7a8acff96b798186a1b9a9ef3b3812a281141a55bf88bca05c1f86b2ac690730e6fbdd4a508e15c1df3dcf1c76156 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\recaptcha__en[1].js
| MD5 | 33aff52b82a1df246136e75500d93220 |
| SHA1 | 4675754451af81f996eab925923c31ef5115a9f4 |
| SHA256 | b5e8ec5d4dcc080657deb2d004f65d974bf4ec9e9aa5d621e10749182fff8731 |
| SHA512 | 2e1baae95052737bdb3613a6165589643516a1f4811d19c2f037d426265aa5adf3c70334c1106b1b0eef779244389f0d7c8c52b4cd55fce9bab2e4fcb0642720 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8YD38FIG\www.google[1].xml
| MD5 | 551ace5b4f93ae1bb74c1d280b237767 |
| SHA1 | 57b3b4571c5c9f9a3fe6689be964f318600a0433 |
| SHA256 | 46da9b1f2c32a14ccd212d3e64379ab402f073505f6cf5739ef41830f8386503 |
| SHA512 | e391c5b0c01415b5fe2f91b09611d5b2d92283e0538364ad78f9dc984edb55c84702fc43e6a7c01a81ae32bdf769453df93a4a64db2637e3b199e9531edbcce7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\styles__ltr[1].css
| MD5 | 0ca290f7801b0434cfe66a0f300a324c |
| SHA1 | 0891b431e5f2671a211ddd8f03acf1d07792f076 |
| SHA256 | 0c613dc5f9e10dff735c7a102433381c97b89c4a26ce26c78d9ffad1adddc528 |
| SHA512 | af70c75f30b08d731042c45091681b55e398ea6e6d96189bc9935ce25584a57240c678ff44c0c0428f93bf1f6a504e0558bc63f233d66d1b9a5b477ba1ef1533 |
memory/2648-661-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\ZHOBHI1W.htm
| MD5 | 62ee4b4b8ba89c8c8638a63f6201c32f |
| SHA1 | b3326068765996176d12bfb628f6804192ceebf7 |
| SHA256 | f91bc261efed2a528dbce7eb110f83c024da537412d304686f6a9f405fcafa08 |
| SHA512 | 619ee83d36fc70de73d46852d0cf7e0652187494f33c823ab0603892ee9ae16ecf6db9a877d3e62ba72b637f1908105c29524698ffbc1ed842f24556bf4aa240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52338bcb1f900c0fe9d6f042504892d3 |
| SHA1 | 3694d5bbfc0e486333961d8e09a6e411c77aac1b |
| SHA256 | 7b7f0c261167c859564f7394e6d18adc694b9d32628b4b9ad6444ee14c8701a7 |
| SHA512 | 4c56b0c57d517cbb2fd22ddbbbb97e4ebfb56df0885133a5b41d816dc95672b5d38f813226c0805e0aa33c2e79a82114a0b0d28135e50af8de9afd5a5d1fbbda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 048b66601bd144417e5125b3ff8565d1 |
| SHA1 | d1a2a53d5f7635009007d2f0680ebe2eabb64aa1 |
| SHA256 | bef8838460dd64b2b7e0baae61f87aa860cd065f2a3b189bb23e515c8641bd3b |
| SHA512 | d3b65bfce89ac8ca156202d2a0055c5f585db128cda3e80ef1dfa1903ca93302610ab59adbb2c3898188497886c3db7784c11e21e80d9256d764eba647d61c68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 7fb5fa1534dcf77f2125b2403b30a0ee |
| SHA1 | 365d96812a69ac0a4611ea4b70a3f306576cc3ea |
| SHA256 | 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f |
| SHA512 | a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | d45254ebedacd30d03187fb17db46c42 |
| SHA1 | b26559e5105ef91d0235c8d6496b75fb115b29ed |
| SHA256 | 2ad1fdcaa91c72c3985420317f62995ccebc736635fd538acdebfacd2d40df3b |
| SHA512 | 799029e77135e07a77fb6eea555770f0a3ee56e6b19eb9dfc6745c1e06c79cbe84f96a04a762ba3e14a19f050e98f82c36da74c8f150860adf1418cf16c77b37 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\index[1].css
| MD5 | 9239ce738fb09559eb42ae9da350325a |
| SHA1 | 29438c7374f209f2a7923193e0d5ff70bd2ece7b |
| SHA256 | 84ac4668615a89556551d47504f98682ad26a78f14cd1cbdba10eddcaabee429 |
| SHA512 | 5527f87deb8763166244e87d3eed27bb8fa99ec750fcb8d263d9411e88b25fec6c2ce4762703a8781f31ec17e283384622f7f0d0c75dce81af181242ee222cf5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\index[1].js
| MD5 | 0732e3eabbf8aa7ce7f69eedbd07dfdd |
| SHA1 | 4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f |
| SHA256 | ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b |
| SHA512 | 41d24c426abcf913be59917591d906318a547661280036b098a2b1b948bcf9ff14f268b140db10956730d64a857a61b81034d888ed7f857419dee6b8d327447c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\normalize[1].css
| MD5 | de0ec39273a45ce886a5b37039970b92 |
| SHA1 | 8ef6ae471dd9dae2ed3d5c5fe941e2308378f60c |
| SHA256 | 61a1e49dfe42fed75731a2efb3dffd2a41a475f10677899e305a179f1ee73b55 |
| SHA512 | 5d651a9b3a228e39d63ca951daeeb3e538b5a06df502cb963245ba9fdb522c07fd921e813c7a517252365587c8b9d436c91639563d74d08b5935341e40096c87 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\index[1].js
| MD5 | be8b59461c536a6fec6c2a03b83264c6 |
| SHA1 | eae0dce112796a8d3d12cc1f94d53e2b7a19c49d |
| SHA256 | 3b6e6606b353a8885896fb5b2f727acdb14eac35ed7fad8b30260f402880d7a4 |
| SHA512 | 6ace984676fc682741af594b449459c92b8cbd34dde824672e46607ca85e04738fe3ffc0db5c2519d9590872a9b4876e4acb8d9866d6d22a1d3bb2e8d5798741 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\bootstrap[1].css
| MD5 | 5dfe443d2a82b63b394064e908725823 |
| SHA1 | 6dcfcd2180f2cfec628dd373f452d7dfd206480b |
| SHA256 | 7b9bae153ba54756148cee5cad085ad6b4b642c579542d43f28f16a5c6d680c6 |
| SHA512 | 6907328ca29840473be3a8556440aa528020bbfa4c19d022eab8b411874727f524382c8d65a0ddf8ad66401a46780374862c50ece03b37f953a416800a2a8a03 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\andera[1].css
| MD5 | 08f48a0e3999bc35f90a23d32f192bb9 |
| SHA1 | a2d9086da7ab4211dcc36b18d1a0855cd4df8a35 |
| SHA256 | e3903dbf544513d861f53027b73207671150f886b060df3b5cb07da274b31bfa |
| SHA512 | 20b1d1e80883612f9a1d3c74f69f244f8e97cf6b5f8b4aee19a5bcb7443b11be1bb2a7c593ca3fecdb136d5af51bc2bba6faca580544ec468bbf0e3eb13197ec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\css2[1].css
| MD5 | 8ecd8fcc3e48cff120fb9b217d399c3d |
| SHA1 | ff1c886bac3ed86638c9f1aa2909ccf0e127adbd |
| SHA256 | 56aa2769891fbd028df9d4c2c02dd9a6674523dbe7390659a3e106761f4c9cb8 |
| SHA512 | 754ac032c29b0bf462e45cad645412add735b40ef49becabed707b8265f6ddcba71cc44c14da970f72161156789d8df1994a9f0bab04d0c72b1467a65e23d692 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BXC9LDEC\cheater[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\f[1].txt
| MD5 | 89b5909df1a67be7046cb41c52f7a4ec |
| SHA1 | 8fe014623a7abae873f32c512635cc84263cee53 |
| SHA256 | 93ea4ba3d1cfe9ab27376608b40ea6871cd8f9def02ce33195dbbe90b94c0851 |
| SHA512 | 6d15b9f0c2ae18a4313334273935c44868097f82e55ef62838a1d69e6d604e9e4382f54a55e1cb05ee326c2a84bfa3397043c876afa077285747ce5aa8b423e8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\noavatar[1].png
| MD5 | 2b9e5e996d630e38e550a0aecc059251 |
| SHA1 | 3bffe62f73028b545d73f0083e97545a5169b97b |
| SHA256 | 4422cc03355bde6af025fecee06d1383f005d4c2eb1b7e58ad32cd6222a41f89 |
| SHA512 | c661201e840988cf6e03e44bd82313f3c5d218a8c896e24447751650aa1291f085a6c4c4df81718f5fb2090fd4ba3f0fb8646ac9331ed5116b5a207934fc5a8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\andera[1].js
| MD5 | e706111a9f23d6aae15084bfc9628fcb |
| SHA1 | 1d02afc87ea4a963812b2aa98234c25b23843777 |
| SHA256 | 6503008f6dc1817c7937961344f69c7542968c9fabde653d49043845ed0f566e |
| SHA512 | 58ea3eee08f2e89aa33e597664117c230f0236134b9868375c686b6af199a23d6cea2a0ead7bfe7b4374731babf0037af7b56d1bb1b06e9f91be8941a2acb49b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\owl.carousel[1].js
| MD5 | 4eaad699ff502bdc7b905488167e6223 |
| SHA1 | 8bde1a620a4bdce16938d7473a9f69a7ef6a9401 |
| SHA256 | 258bb4448458aec854fec297ad7ea1d770e1d40a076f1f67f6c800aa47d99ba2 |
| SHA512 | 870b2a6f87fe03d67a5b00899ec3476adbdd9ba9458741dd24d52a7e4b8a7e30fd353bd9ddd4056051acc7f52b54888976ddc667059ebfa67b5aea4ce4253a75 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\bootstrap.bundle.min[1].js
| MD5 | edab7ff9b7cf6e33983f06324f19095b |
| SHA1 | ef82e1da35b2642b050dd69dd4be47123ce429da |
| SHA256 | 5c276ad670a7a4238693a9d4a9a6ce6658a83e149b0912774ca81e98fdda1971 |
| SHA512 | be91b10fd9bad7e02dd88e13f1f0fc7f748cd13c4f330cb4c7a8d9be5f88017cc99396d68c929c7c3bc48cbc4025c1883836436996697965b53628f744f5ac24 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\116ce879b167b764d47d5d2d1434ad[1].jpg
| MD5 | d6656fa557535edc6a40d27f9e4b4d31 |
| SHA1 | 5f35f778e67350857dd739756e7c7f249e501ded |
| SHA256 | e974db9ad77d8a76c96562d014fbabac403e56ecfe28869296474193a90c8084 |
| SHA512 | ba1192d65833daf9ae0bb5d0754143f0c3684df552b8c8c6c6875f9cbdc8eb4ac67389faf04f1730b2fccd8aed7e3df498ec69d416d2a54da629406c7787c9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\68d906752665f6e4246c36336348a7[1].jpg
| MD5 | 9cbb3b7b6fb0880754a0da30e1b26a17 |
| SHA1 | 244417f949db1e8cd79a03f46aa11b59c986f9a9 |
| SHA256 | 58cbebe4ca4348068d233b6ce941b158545dd611a6be1bb195212948bdd7e37f |
| SHA512 | d9ecd1521f5bed80d27a1b58e8208a96a8378a74924c7a62884550cc6f0c310aaf8571be5f7967ca7b4552d2d8d84e17d6cc8ba4d6bc93fd496f64471aa7c8d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\owl.theme.default[1].css
| MD5 | ce255a851ed82d3d5d38fde41c5002bc |
| SHA1 | 08d59678a121bfd0d8e90c4d679c73008b2e4f1c |
| SHA256 | 9a1aee2a26cd3fcbc9feb3e2f0f2f3610aaa9fb2abb680c99de65974e0951fff |
| SHA512 | f3f2a08f7bddd925508521407f58de3d1dc918306f5361dff327fd8e7b887378788fa88eaf2633af6ee970579be1d1dc0c54557091f2feb624a8d8af44f49af1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\owl.carousel[1].css
| MD5 | 30e8ab059c5769694d265cd9792dd2ca |
| SHA1 | ab88dee83eaf166af9b9e16069ccd14e3a93573a |
| SHA256 | 84c350979dee9c0550eedaf645946402b35e39d718201d794b33296040acc777 |
| SHA512 | f7d67cad6b4cc1b5495bf33dc4fcf0150b5d23c8a492f83ff7d8374dc8c9d4513cb616f0836f343c6cb6df9c32c9e5c6efca83a7a7cdfb0d09100169593bc69c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\dle_subscribe_style[1].css
| MD5 | 12d83dde31cb78f07359a9e429376dae |
| SHA1 | 78282339d8b4bacad433e2e7a49f45f81f807317 |
| SHA256 | 60120cd177f0c3ff174d22e9be9d1f90f674c19bdc67fdc46b00f6488e5b0160 |
| SHA512 | dc5aff74896dd85277426d0aba71a35d6a6dfb75957522cd43cfce2e5a8c9b319422a042361471d94873f42322e3a4e4693d6e9a515d22a5a339b9ccd8f09c93 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\wow.min[1].js
| MD5 | c7e83fbbf6fc82bf17cdee1797f9b255 |
| SHA1 | 710a309e4a9ceb87bf0e1c18fe7dd36da5ee4b79 |
| SHA256 | 4b24331902da7a0e39aa8a7ab0b22c84f4d1d3ba96b75b911f5b920fa4d011fe |
| SHA512 | 27e6281aeaaa29788699ab09010a9b08713b12975c5f9c13d0e417c4a63070d9afe5d107202ac3a9ca09e0cccf608a184f08ee5a2e940c9d4c43d1b9e10229a9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\copy[1].css
| MD5 | a1e2448f875fe1924c4a7551608c7b83 |
| SHA1 | a0f43338a34af02dfe2ca8510d68e87163b71b14 |
| SHA256 | 69127bfb04be64a577a5d3b19f55ead197b1d7212fa0b54c47415e83983ace6b |
| SHA512 | e2063215a1cbd5159b4bf91b78f9acf27400b6ff61977dee9880e59c283af2c722d0ceda798a5a0ef7d192cd5a3c46a52526f6a7c2b938872402547aec6d2ad3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\copy[1].js
| MD5 | 7b213160b676100a557667789ec2242f |
| SHA1 | 05592cd6805904b6cf303218ce1cfb5efe650dfe |
| SHA256 | 2408e8e1ae4dfd8b4d8f36ebfec82bf12ebae247d901e80f5657c187ad235d1c |
| SHA512 | 7e503f01d129acc2384ca73c6f9104eb1b2d3ee71faba6e423d3deb9b9483c828043258c366dd20344ca58191de20b50e5fc4f8222ff8bbd75eda0684f7430af |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\js[1].js
| MD5 | b78361376d9318af330d741ecfd182e7 |
| SHA1 | 6bf6cfaaeedd22066b9b7bf204ebbbfcf3cb03b5 |
| SHA256 | 3b20f11c4c96da0dcc6fb48268f45b41618c4974651972d1358403a0e4368bc4 |
| SHA512 | 802df0a5defc7b5a88dfb3ae36440aca7114885e9ad7ecb9fccedff33abc33fc9b441737bc24b527f695f268ca200d924ea840e221773c4af72bef3474f3a4ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\dle_subscribe_js[1].js
| MD5 | c2c841beb0885c055b1e935de2cdd0ee |
| SHA1 | 73b73cc94ac407c01548a7d1fdf0e7107d0d4451 |
| SHA256 | a98d69184062cc6dd6f3f900ed353aaab9ba9c3abd5c15f34b598c220c105727 |
| SHA512 | 8a25ad066a272061436fc69eedd010b02875a90fbb04fb64849d10dded1d4703064b2dc2825b87fbab4c0e9c547cf53fc1e7365c319f4d7824c9a75c737d8af6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\e1f926fb5da2ed47b7a9cd2de25e4b[1].jpg
| MD5 | dd6bd12375898dd3ea3a9c33e1d84d01 |
| SHA1 | 3762c73c9499c74a74e954fe48f0dc235044bbe8 |
| SHA256 | 9729ad157dff4d6baaf1f1e75713c51659968e0376bebcedc5ae933ee47e59d2 |
| SHA512 | ad7b1e9e6c6beb3355a3240125e4cb34f9aabe0dca7982da19e6060f110232977fdf611a4aa1f545655c228b12e18a0336f3e43f64f1f46a581f64a25d642505 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\288d4d6fe7f18f40da6ac44464f556[1].jpg
| MD5 | dd79b2ed870973d143544344f23dd6e9 |
| SHA1 | 14bcf27f4f378c4aaa1c06989adcdd04cd791323 |
| SHA256 | 50ec5c9953dbcf80f8a67038223b16c595ac46167d9e6817679a697b5fdf33ee |
| SHA512 | fcdf2ed80fe4628151cbe1ec22b71f2b7da3b0d13eb9822106809e914db2d9e37a6809931e4da8abbd4bd446823869c2d056eb60dad4f1d2f3379c1746a7bf70 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\4585245f848f1f8c1b968fc513ee08[1].jpg
| MD5 | 901465266f7ebccad229356619137867 |
| SHA1 | 73c47c0014431f956e4cd409e1994c32bf0a49fd |
| SHA256 | aa44160916bb36336a8b35e05cf50866f720663694b9cbce8f6a5cb47d6d656c |
| SHA512 | 554c1e339b7ae7b4cbbba614db1534925292856339f5b59ab2deaf46c6ee72ccb9de3c3883cff1566f6245215f818ce0d609716f60dbcd355cbc86516280b8b8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\a3dffaf9b6cb54cfcd42da8abee4f2[1].jpg
| MD5 | d82984643d5f83645928a3b4fdaba713 |
| SHA1 | 5c07d501f1f20a66b8a13d90080882f76c8b0a26 |
| SHA256 | 015611b9f4f202cbbd718db0be9da099d56bf1fb083d6d2baf3f37b679bb71cb |
| SHA512 | 973c4bd0f1eb20c5e0f5a2a64dd4d69dd604bd931b585854d413fbdc61e13282cc0a7f63cc29b456f37510c0fb39f67fb30e242d612658b7be1792f7330de48c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\4fdb06d3dbb8a56591cf64e74da366[1].jpg
| MD5 | fbda729e77035575e6006c2803207016 |
| SHA1 | d334e665cd61612e54d4d692a03ce885578c2390 |
| SHA256 | f9525fd16ffa251b68804af88952e4af2318dac5bdc2b7d6bfcc55101012dff1 |
| SHA512 | 759cb0e8d9e214816b7940cc1cb2924b739b4ff97b77cc673a431cebbcf367467d6520956b866d568ab5a116b151859c7aa467989de8fceb9d2e620f0b2e41dc |
memory/2648-707-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\GOJ1VOPB.htm
| MD5 | b1a25566f38b3799d45fff2dc9602e87 |
| SHA1 | f27dbc0132298c246b5d90903cb9d13265ad93d7 |
| SHA256 | 8589025e828df4a6c8f9c147f0c7f079932211ec2f430af940421e7d1f5b9234 |
| SHA512 | 95d5d2a8b213a143db5597f2629f60d29c063d2d6bca610e84c3f456b8d2a63c3ce8dd6650a89e62695202de39a2503dc754cd45c6436de0f66c85d3d1bfcbee |
memory/2648-720-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-721-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\UGCZ5XWM.htm
| MD5 | 0669073d7caf5dd1edb7c267a6178171 |
| SHA1 | 41341b4ea25826fb75e279ae5992228d0c4bf2f4 |
| SHA256 | 12ad8ef02f0496e958da818c97672608db4dce418165314abc8041f4c07df6d2 |
| SHA512 | d7ef385753d04241285a2b8946fa4ae44e56f07051db1da1cfff6735c64c7e075355a32442256a1cb2bdba21353ffafa13f60ffa09ecad2f83affe2e447b37a7 |
memory/2648-733-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-734-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-735-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-736-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-737-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_A16F2B5587F8EA698853F1F96C5649CF
| MD5 | 0daf539bb5f7c9ff35006ac5a0be9f00 |
| SHA1 | 58a94ca5da705dc6932e43c2f12bf7715d7b0e90 |
| SHA256 | 21761a415ad3b5125e15eb05cbbf4297b5215f3f6d21597819381dec9a5a4432 |
| SHA512 | c1f9d3e521ac59fbf934570338a5986161902c00d93d030439575ea6f101d6d9bad0b64c8a6240683fd399dff77843e8c0ee63ecb2bd2d07a30773d48a8837f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_A16F2B5587F8EA698853F1F96C5649CF
| MD5 | e93dd23acb40d261818ddc36424065ae |
| SHA1 | f54fde2c70c69e91dd3f291425d666e05ca7f26f |
| SHA256 | 26f5c7f5975f88dd57fe7e13fb407b23fae2bdeea1bb3d01ac9e91d48b208e49 |
| SHA512 | 1745281800e2415fe26d2fead63102074144f4faf8c4a0d60cbbe04d6ded3a72ea954b24ee8faf3157fc22a41e5e8dd6d44c3aa2749ba4786fe16741a3b81840 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\favicon[2].ico
| MD5 | f2a495d85735b9a0ac65deb19c129985 |
| SHA1 | f2e22853e5da3e1017d5e1e319eeefe4f622e8c8 |
| SHA256 | 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d |
| SHA512 | 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat
| MD5 | 4eb2ccd0b5c0f1bb089431258cc90869 |
| SHA1 | a87148d98467be9317bf309afad23820a42a77f8 |
| SHA256 | 964b083dcc0b1f41867d265ae25f219d6e55678c48dedbbf8b0d5ccb4c39e840 |
| SHA512 | d2cb2eebdd4d0ae13a7ababf8cd97495078d2ee0780a6d02c2c6343635908143a3309a427bf9716a87dfc8ee483774a1c5abe0c98daaa045dcf2cb00a37ec784 |
memory/2648-779-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-778-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-780-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 84d906212a86b406d11280cb7c2662d9 |
| SHA1 | 80b8c9c31ad2859139b6b836b2ea9e6d41a6fe72 |
| SHA256 | 66861f32419eb710aec7f5ce6a3ffd305d1692f3f5d5c01256bbec89c0633265 |
| SHA512 | 537f66e5db574e5565c2bc77e8208baafc4891d96037bcc27e8a4359cf94065344be6bca696f122cccd66c55fdeab399091a0e104b20fb56e0016a04f1128f32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd9cfe033bebdf270ae7600e3388fff2 |
| SHA1 | 15b523560a8b1800ff4d8172c4c043b1fa692d77 |
| SHA256 | c97ac7bcae6f232d348d0fbf4f068b4358fb84470e41d25669b65769bc239c5c |
| SHA512 | 4dd5503b7fd543b7b818f0306e7a16481c7ca0a61efcc3626722e0d8195c59391bf0a4d18897711e68902547a5dfa75c974198dee5ce75c5b21ef677885efb0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70e1e554da1f95ec85fc79690cd43501 |
| SHA1 | 6080005bec7077e1b6d9cb677b3f8c7f3ce41f96 |
| SHA256 | ed7f7edc236f0a9255e4031b07e6b488c18ba7347dd9ac46034335156d261a90 |
| SHA512 | 08d9ade75de797e48915f10ad731645997ddfca54505d10e8e09b110bf4ac915a6e142bdcb4bc833e8e33ca7635f80a2356e1a132cc0ef109d68d666cd91f0db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 316ecfa67a7eaf1c39718c63931d82b1 |
| SHA1 | f8b1793b9043e216b4328c50cefc246f092d19bc |
| SHA256 | bb1bb960f44b49101763500e9da3de034ccd05ecce92dfe3a400f27d325585fd |
| SHA512 | 163f2008e47e496174ac016973c4aa6585149647e68e2d5dac4145bc5277bdd96254f91042b33234c9aedbfa42f5d8afc0f6a96af27fd0b2493766752c2b94a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8e8a050fce65bd25bde381db4fa4dd5 |
| SHA1 | 754f42bebb4a244af6d7c18f8ab5733d43c0ab0e |
| SHA256 | f388c3ea15d9062fa10cb2aa0860f6393e34889483c37f3bbd09896169ae9327 |
| SHA512 | 602d2e1030ba46fac0fad614cebbe68e9f6362816867c181d4998dc6b3caa678c8a642ee6c0503affd4747f99c314d6895af82dcb1c0f85fdf2cf7cf51bce1da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 135e71ea4d89eaaddc07e02ef992dfe2 |
| SHA1 | d8cab81381155603337d40bbe29f015e0ccd6096 |
| SHA256 | 9311ce168a276e5e6c95fbf8cfe0bee34f87d5b9d6660fe8c5b6341075426a1a |
| SHA512 | aed7c6561aae9ce9d775aa80a5ec4116fb6677f6bc42eff1e1777f49bfa59809ceba7a75371174fcd4296a10ea288001cdce8fe78b8e9113d1570d1d56e8c8cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46896b9229628dd750614ff2feb63508 |
| SHA1 | 9024078a911769e62580737c204918b71c309373 |
| SHA256 | 6276a7a9ac644c2bf45a5816f7e458a477fc2071a853df458a1281d216e99379 |
| SHA512 | 91f18b16ee0855fcb2758c3255f56f24096708678d32657955252ec238c312519a763d0291668cd3373ce8c8a39d8a09748649d0abddad098dc7e68770010e10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 318ab44d6ac874aff82bbb2951020d66 |
| SHA1 | 7403fbf4f40c6c48332bb6ce7f5115d4edb69141 |
| SHA256 | e7598472c7d74083c95caf52ca89297b74adf032d32d7e82631283dc208674e6 |
| SHA512 | 0b65ca27f5147d07f7b84d82d5fd773cc265123a029093b1abbe008fbd30d5b90c5a80d2d5fc2177760e968cb74ebc1130e61450111f10dc320385d7086b724c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 486b6686d43ef9f434ef6645dc9dc5fe |
| SHA1 | 280408e39bc9605e2b74312bf40c3a3c6825ccd9 |
| SHA256 | 85f731d4a5b5f2671e4fe4ef38cf772fff30188ecb65847f04123f700fc236e4 |
| SHA512 | 56bb1788617a96de77d92f33fe69ab6a0e9dfa0f15b33d49f810d242708119ca70cc136c5a4204ef74a736c20d3e810a89291d3122d0c3a972f4a7698021095f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db71f4dc0a1f1c0530e326f51a65fd4f |
| SHA1 | 9c4c98e64da16927a86d33b75c9433b1ac8ed120 |
| SHA256 | da9b0ab99464c4da3b9a3ace65262a7a4e8aad2f73bf1c36a3943e8ec50adf68 |
| SHA512 | 4bb0771705492b20c9b14e5fecfbb1f4b1c465696b6542e3e17f86ae7d88691482b2cb4bbbfa85c60c9b98f4f83ace8417c2f740fc3f601b60ea7d134affa70b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 887bda9711113e5ad7ab392a60983ff9 |
| SHA1 | 2860bcc1a18c1af4dffd2e256893a0fd19c6fe02 |
| SHA256 | 556888820d62921aa4e837903bd3b32b54983047bd272c50404e4f5d87df57b1 |
| SHA512 | 83394e35493f25688a8deda5aeb4adf57c8bed03eda1dee56be39d9cb39645afbeb07aac525077cbfbebe86aa122cab210f6ff4e2e290c89a8dd4fb9e33841cf |
memory/2648-1227-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1228-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1229-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\57R1HE2N.txt
| MD5 | 99fdc0b64606055744d8d7cdb67cafaa |
| SHA1 | 19c43d17a7c0ac08f800955d7099214d676a1a6b |
| SHA256 | 20015ca751b85b0440d04f4b191ba3a12d9c3808b2b508ee526711d3ad47c81a |
| SHA512 | ff3cadef6df41a8f880036892aa38dccc52cfe151230895810ee628257eac552c0d317c8a903c75c2d6e317a4b91bee45fd9dfb3364cacdc80736bd2e7bbf630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9c2cc8432c249e19ae7605002e084f11 |
| SHA1 | 8025c778a2c68723f1e8c197334451a14f774c65 |
| SHA256 | 75ca0745794732604854ce7267907ffbfeb60a36a2515f732bbc536526c9912b |
| SHA512 | 8f6fb1dcc9894b871d5dc67c7c328443dbd9cc5fbc7159658ba25ce34dde7b8d1370cdc8516072c5e13daf35bdf9310cc907c12224893df551e0d23c9d11341b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b1991cbda6b4f3eda12d8d592aecfdaf |
| SHA1 | bdb667bc32614416cf8bfa8c7a37af9774537852 |
| SHA256 | 8d2cc9f36e281c1166996d3bc9447786a9900912c9a8df9872b8d0f340f1c788 |
| SHA512 | 5ec86cb6cbe50069abcef79a1e55b068e5f45466b308c5fa1a797413c25b7aa13c0e11f94806af2b935e0e7ed6fe14d1d2ccc0d4d173dde11bf03c9aebae74c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_57DA74490ED7A10816EF04437EA06DB2
| MD5 | 619d6101b5a3c55ece930d0ed961339d |
| SHA1 | 06d440f712028df0414685277ac3a8709ebbbcbd |
| SHA256 | 5f156bfb7633f6b634ca824ef6d0d7d96c6e5eed2a900fcb74817e3b497b50fd |
| SHA512 | a80a1b8dad6d9c7841de98e0fdcf59efbee41a06912d862dcd0a8a7d1b2cac1485ca54f0ee46b2f728fded46acc49d1c1b0b5a2eb9c82581a73eabe6698a6299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_78E9BA377D96268BAF8E57FEF7614CD5
| MD5 | f44afa96b677450c8c561c0df9d1bfba |
| SHA1 | ad0c3c1e3d81412417b2f74fb67ebd411261de7a |
| SHA256 | 379e01bae5c08ffaf1adc033654856893bfa5364307fe72902cab7815fb5053b |
| SHA512 | 174e6ca4d746dd3ef8bc5ef386ec232d442e13d7373a08dba5121abafd232eee5583a99cd3884e35c300116b23f2e8b142adbe4c79d9a8ccf494ec43fecb9008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_57DA74490ED7A10816EF04437EA06DB2
| MD5 | 39f64bf514a230001b84b36b6564b8d8 |
| SHA1 | 06bf44574cde353443dd8b19e0d9ae2391739440 |
| SHA256 | 99b55fbcf9ba3183e0ec72dadfdaf639470bd8aec73468dfd501ff04c96b070f |
| SHA512 | a6dd1b28b07830212b6aa62c4277b0ed22005935bf930a546fc998c9e856fddb30689181c19305503c0048fe9d6d08106794108a41e77915b337b14ccd8067c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0be61ea9124a2a23d28ae6cc1215c1f |
| SHA1 | 6f800d9c76f23d8a56b48b0622c1bb6cba512768 |
| SHA256 | 4f6f20d1f92d2642fe8be7fafbf2ae9ee2914c1211d12144abd1d19e1b699c5e |
| SHA512 | ba0efa0b67cfdde1556fd151dedd6a4408af19813292625f035228b571915857f38e4ebf2243d5ac8e862794db361ed5ad7a54a9151026fa4a4ef0079473a6b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_78E9BA377D96268BAF8E57FEF7614CD5
| MD5 | 1f9bef9a8de4e16cb3d49d0055860b2f |
| SHA1 | 9526720f1e110a1c94fc8ec766844e0c944413ef |
| SHA256 | 608f25404050c8305ba965773ca52fcd3dc68f5fadc79b54bee3b7a0c7405d25 |
| SHA512 | 0396de708002bc52b9c47c07d54e6a596118fbf41dbb6365bbacba397486bc169eef7ca559288e747e32276587eee84b7f1dfbd60fc607b7806f5df42a7e215c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\api[1].js
| MD5 | 6650c8ef422443da09b3e4f9f412f94f |
| SHA1 | f0f1729422d8b56b2b5004e33c2bbd2d27b62c44 |
| SHA256 | a4c087d114f87874ed22a9b77ac81aff137b456edcf57400a6fcbb86f8276baf |
| SHA512 | 22f3658b27a0c7d18cb2998b7f82d539e533e1e3d457c86851cd023a2be530dcfb8dac6c3a321f7d29a606440480861810eddd5116da67684a0dd84303306f25 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf
| MD5 | 4d99b85fa964307056c1410f78f51439 |
| SHA1 | f8e30a1a61011f1ee42435d7e18ba7e21d4ee894 |
| SHA256 | 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0 |
| SHA512 | 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf
| MD5 | 4d88404f733741eaacfda2e318840a98 |
| SHA1 | 49e0f3d32666ac36205f84ac7457030ca0a9d95f |
| SHA256 | b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1 |
| SHA512 | 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\KFOmCnqEu92Fr1Mu4mxP[1].ttf
| MD5 | 372d0cc3288fe8e97df49742baefce90 |
| SHA1 | 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21 |
| SHA256 | 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f |
| SHA512 | 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885 |
memory/2648-1282-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1283-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1284-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1288-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1289-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1291-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1292-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1293-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1296-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1297-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1313-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1314-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1318-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1320-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1321-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1324-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1325-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
memory/2648-1326-0x000007FEF6450000-0x000007FEF6E3C000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-06 21:48
Reported
2024-10-06 21:50
Platform
win10v2004-20240910-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Disables Task Manager via registry modification
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32 /grant Admin:F
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers /grant Admin:F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x254 0x300
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3380 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xcc,0x114,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa175a46f8,0x7ffa175a4708,0x7ffa175a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13272515016520112249,15251409001125018287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr1---sn-q4flrnss.googlevideo.com | udp |
| US | 173.194.57.102:443 | rr1---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.102:443 | rr1---sn-q4flrnss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| US | 173.194.57.102:443 | rr1---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.102:443 | rr1---sn-q4flrnss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.212.193:443 | yt3.ggpht.com | tcp |
| GB | 216.58.212.193:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 102.57.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 173.194.57.102:443 | rr1---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.102:443 | rr1---sn-q4flrnss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.201.110:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.cheater.fun | udp |
| US | 104.26.14.166:443 | www.cheater.fun | tcp |
| US | 104.26.14.166:443 | www.cheater.fun | tcp |
| US | 8.8.8.8:53 | cheater.fun | udp |
| US | 8.8.8.8:53 | 166.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-q4flrnl6.googlevideo.com | udp |
| US | 173.194.24.42:443 | rr5---sn-q4flrnl6.googlevideo.com | tcp |
| US | 173.194.24.42:443 | rr5---sn-q4flrnl6.googlevideo.com | tcp |
| US | 173.194.24.42:443 | rr5---sn-q4flrnl6.googlevideo.com | tcp |
| US | 173.194.24.42:443 | rr5---sn-q4flrnl6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 42.24.194.173.in-addr.arpa | udp |
| US | 173.194.24.42:443 | rr5---sn-q4flrnl6.googlevideo.com | tcp |
| US | 173.194.24.42:443 | rr5---sn-q4flrnl6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6ner.googlevideo.com | udp |
| GB | 173.194.183.138:443 | rr5---sn-aigl6ner.googlevideo.com | tcp |
| GB | 173.194.183.138:443 | rr5---sn-aigl6ner.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 138.183.194.173.in-addr.arpa | udp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nsd.googlevideo.com | udp |
| GB | 74.125.105.40:443 | rr3---sn-aigl6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 40.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-hgn7yn7e.googlevideo.com | udp |
| FR | 74.125.11.134:443 | rr1---sn-hgn7yn7e.googlevideo.com | udp |
| US | 8.8.8.8:53 | 134.11.125.74.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | udp |
| US | 173.194.57.102:443 | rr1---sn-q4flrnss.googlevideo.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 173.194.24.42:443 | rr5---sn-q4flrnl6.googlevideo.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
memory/1860-1-0x0000026CC7890000-0x0000026CC78D4000-memory.dmp
memory/1860-0-0x00007FFA1CC83000-0x00007FFA1CC85000-memory.dmp
memory/1860-2-0x00007FFA1CC80000-0x00007FFA1D741000-memory.dmp
memory/1860-3-0x00007FFA1CC83000-0x00007FFA1CC85000-memory.dmp
memory/1860-4-0x00007FFA1CC80000-0x00007FFA1D741000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b80cf20d9e8cf6a579981bfaab1bdce2 |
| SHA1 | 171a886be3a882bd04206295ce7f1db5b8b7035e |
| SHA256 | 10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1 |
| SHA512 | 0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a |
\??\pipe\LOCAL\crashpad_856_UXNGSSZSNRSJAYFK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7006aacd11b992cd29fca21e619e86ea |
| SHA1 | f224b726a114d4c73d7379236739d5fbb8e7f7b7 |
| SHA256 | 3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814 |
| SHA512 | 6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f2655afd1eda5d6c9ac9a4184767e45 |
| SHA1 | 5d7b381d34115af4bd546a7db798f10d9809c516 |
| SHA256 | e995865d87ba1969fc1420d6e178476afe1f709047c4286a07a719370499c522 |
| SHA512 | 7ff5b6ed349e5ce5416763844401a1d0a7cdec02e7a9bf84ad3d89c84ef6ed7d754922b160e9d4063eebbb6dd9b6b72d212c27bbd49875ae7cf443283b3cdadc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 63bcc6cea93cdd894317583620702a17 |
| SHA1 | 4d7781e9312e4ecad45c7b02e5e481066d1a1c81 |
| SHA256 | 07f7c99bb81546ec38d4f895e5df840efaf7aa6302f347f6d8807b4707779ddd |
| SHA512 | fed084540f038be0d7d64c44ca26b90556b84c1f85a588868d7cab2d92734cc9098540f1710a8db2116c92da810c3a44e301c15e77c2578380f0791ab9c528f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 34ec44343831cc8b360c0fcf50ae7801 |
| SHA1 | 760421405a2704c7ad3a34bc93b42a276b6f3839 |
| SHA256 | a154305178feaa091ce32c4c3f1945ab8ccd5ee71d26af35c797028d818de6ab |
| SHA512 | 463883086618b8c9be64fe60ab5f79dcf135d0c25c3adf89502400f6708f98b65d06ce27405012f1d50d8ff90d53c2002a1cb9883730706e30f42f4e21936eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 14faea8abad29a96c8c9b7b98f1ec2a2 |
| SHA1 | fc1c489bc83a49b88b7d70e81d021444b6373739 |
| SHA256 | b5a85d668a844ea3e8182461ffcc56790666192b8a36e8dc67c6d553353da972 |
| SHA512 | bd78eb74b73a292275bd64bec3c3b6b4eedebb188ce475914aa374fe2834fb75bb56202fc34b95d004d82729555dafbfac16e4bd8c94e8bf5f35471906895c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4206ba09a7451b8b9f04a6132338e6ff |
| SHA1 | 64147448e449ca9e79fbc76bcf80e20650d9877d |
| SHA256 | c4f72d60867d7adc19888b492c7d0e5166c3061fe6cddaa92122f7b66456ec24 |
| SHA512 | eeecd7af943c64034040b5ac7bac11a456f5d0758ac5c3d1963c4122472b495093912b75693b07da73781dc40d1b3d6329d7ead62f361d72c9ace4d50c8f33ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4015f5adf14a66ae7793be07542f83c8 |
| SHA1 | b32cf12f491af620c08c92c864acd94d5ff46ae0 |
| SHA256 | e5753c90f9153904f56678a1b81a5f2fc7db72b4fa363ea8d0a5ec6018b2327d |
| SHA512 | 2124c40b2441a160f96c51d00b8609f7c66a53d1c1f36a5eb18d4c5a461409ec521f311fa4b9733bc8e1abd25d360811ca9f87db5ebb5085bc225a333a0d08db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12aff5ca666273375da159ce5f30602c |
| SHA1 | cb4861d1702853513f1ebf3650ef7966287e4a95 |
| SHA256 | 92e816c85bbee18b41e5c64b9d35cd4880120b1f66da824434e902eaa65669a9 |
| SHA512 | 97636af38339014122d2bb94e76d83e2ff8a592fd1330d38b504308ed5b35fc23f211e3a75860d992b799bc1317823d6d5bd7d5f7b3007fbeaeccb159b1b9181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2745441beafa97805455f69b5d2ee55d |
| SHA1 | ec39160a8757ad3bb8462c4fe2c3ecf317f849a4 |
| SHA256 | 8f850b7923b13be2498b5ec321adc4aedcf5542623accbbf22dced68f1f8c293 |
| SHA512 | d47a1ff7864f0bb94e0a8642316cf24c0d2d2d2ad8d158e758591653b302b469f20c0f1b4367a8d1aba8803eade741bb7eb78be20957da88db99adfa2094e693 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587049.TMP
| MD5 | 8d57ab843261d362528bd38d8ca11036 |
| SHA1 | c4faff02330e0e0361a6a77064728cd58d529854 |
| SHA256 | a4c9a7c8776dccb16ec97f55232c25bfa8575cbe1e03feb7a8f3bb122d6e3610 |
| SHA512 | 5c8036d22217bfcaa29524cde95e3be9e77836bec189eed3c91b602f93074023967dd6b03ca74123f0719d76c8bf0f247b08c3bad1f5847fb49aea5e049f47b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdb48a3b-58cb-41b8-a27f-1b559eb7bc17\index-dir\the-real-index~RFe587923.TMP
| MD5 | b291d1b17da3a1d81320f0cf207ee369 |
| SHA1 | 99ddbdf0478a6df38623588415da7623cdaccab6 |
| SHA256 | 628493665ef5b18c996c95bee2e487088b3040f37ba7dd30c7fc66485527aea5 |
| SHA512 | 62b4e15c496738436297660b742ab2e87a4f523178ceaa49ded422f8a7cf13ffdb7e4fb7a8126f2e94aef3795f6e1b1b7d725215c85b37d273cf0be6900a6f1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdb48a3b-58cb-41b8-a27f-1b559eb7bc17\index-dir\the-real-index
| MD5 | 945f60556ec22a32d8f9022589ae5c24 |
| SHA1 | a5a99bb15f84a612af983aea6d6a0987a6eb84e5 |
| SHA256 | 0efee83d621437271df864d744c42016d9322d721bd769d8a5c45ed038a7e713 |
| SHA512 | b47cc58c6d57f1108129dbef85e168084677d35a91c8e5e1a28481714a68e0ce14e4c2efabad6cc287d75294f5d5d7f26047c84bc7923336b7d34fbb1da3e494 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f50bd6db5a0ccfbf89e6ae0af1b0baf2 |
| SHA1 | 3b63f29746deb1f81c4afc0b65e9c38a35b7b7d0 |
| SHA256 | 9957cc776476f8a5542ce2b66c1e79f23db382d8be471a0592ee0107e6465339 |
| SHA512 | cef40e409aa96d8584de5805c09c26bfcc7ccc85cef25992220b02a1face423a49662b05ab2cd9ae8b4130481e773cdf24807a537d915a37e05928c0c1366e38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f3e6710a5ed88d473ab8f0ccaa869263 |
| SHA1 | 1aa5badc1f504d173a710143d0e12951552bc1ff |
| SHA256 | e0759c5196c0b61fd626f93e42e8f9746c85e800f28bff4890968c97258acd45 |
| SHA512 | 41acd11dda19b637e2ac8d406233727908cd3b0d565d287909cabd0967de414c36c7b0196f42811dd6f711629d965dce834673e07cfb7b36eb4031940c620632 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588f4b.TMP
| MD5 | 5d36a37c7415c8f40be97cd0dc3b1218 |
| SHA1 | 59ac448d956bfda41b27f5e2a76ae05e2f409de4 |
| SHA256 | 014e3ae42b248bf19dc9fe2256a35889062d289edf2ec717eda409335be51e55 |
| SHA512 | 74a9046c64d70060a85f887c2acd198bd835bf7c60abba21dc114864f315efd7e3f246dbb23e00a0f56c5e81532d541df4e6f1806883612e70efc7ccbc9cb173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b7557e65f22c5a2676dd6339c1d27062 |
| SHA1 | 6df9a2bdbe91f96b48d90085b44e5b1715f059ce |
| SHA256 | 199ffa8d22cc63ab1ee8aac3effcf21d6f0147a0a1411491e8b407d0df50ac0d |
| SHA512 | ca2789cdea613f1af7d5a66a5c22e29442827664ab0f4bc421028254d2c7ea575d67c61070113371f029098e4ba74b39dbcd18fda48b2007fc6999ebe1093e4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 115c2d84727b41da5e9b4394887a8c40 |
| SHA1 | 44f495a7f32620e51acca2e78f7e0615cb305781 |
| SHA256 | ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6 |
| SHA512 | 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21ae10dd53604a11ddd01701360d2f0b |
| SHA1 | 34e7640322de99340feecc6d954bc86c3b5e7a5b |
| SHA256 | 78722381df903b6b0effad851542eb8d2a1bd0b2570f2d48bddabed6e7215dba |
| SHA512 | d91fcc951150d353b4d9ae3a3a7ef5be897be92615d2cb77826b577c94e689a5afd18059578e4f59b416a09195abdf0cce14f80890a82284c67d8f2d865e7f8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | c83e4437a53d7f849f9d32df3d6b68f3 |
| SHA1 | fabea5ad92ed3e2431659b02e7624df30d0c6bbc |
| SHA256 | d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb |
| SHA512 | c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 778ca3ed38e51e5d4967cd21efbdd007 |
| SHA1 | 06e62821512a5b73931e237e35501f7722f0dbf4 |
| SHA256 | b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0 |
| SHA512 | 5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | d4573f829b4f14307ba330cb30e84a4f |
| SHA1 | 914f31667c202743a1f761d6e5d97af867692822 |
| SHA256 | 153998221610cf51fb52561639d94a86a7e027225571296ce96aa1d716916828 |
| SHA512 | a2df48fdd73f7615c370c063e175d76f35c3e73e6c7b06f8c96c222b0810ac0694044084dc824f57c4a67dc783fcf92412c89927abb358f2c4af260bfca737bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 6446a11e503a678306ea9653aeffb08e |
| SHA1 | b774ce5a88202a719e6a7be53bf3373473de31c7 |
| SHA256 | 680d8582801792b0578b94bacf2a68c231bf4f970d00b8f92fa85e32c6ce94a1 |
| SHA512 | 3f282eebb712ab6aee8d47222af9ad05cee7b292a0e463cab8ab5999db5a727dba80aab6e98aaf2f8d4c3932daaeff08ec44562287b786868d631d4b295de6cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 0b2cb411df0c267c83abb83802dee87a |
| SHA1 | cc65aec20bacb8bee07f10981658dec751b6b270 |
| SHA256 | 77177367eae44aa70ec5fd107ccd6c589092ff93e9166b9bdd19a0477d2d2e42 |
| SHA512 | 17fb4be12d013d7fc19d6e26a6e25131e88ce6272fec1bce23a94d6a6a3e309ea9dbad75fe91b80862fc014de1687016b3418215d962836bfd0d536c4f95b22c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 0ceb818a26c32ccc800255c207c0afac |
| SHA1 | ecca1bec3f2eb5c5c444eb86a9835ed4ffd9766e |
| SHA256 | b8f195a536a61525543f3a65ec2d11ec9cc27c2c18b74def7ac218ef4fa41124 |
| SHA512 | 8f89398cca104d6fe7b4c3e7d86cdb6b401f1368ee711b7650c19a688dc616c36093aed2bf0a4dd27a269cfd6946bd3b4a435d4f9d6f2f48eab8ceb3803695f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 4165e15c0e8e7f5313aba85f1fa09233 |
| SHA1 | 15566d6448757cbbf77ba502d1451b9751a9de0d |
| SHA256 | cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90 |
| SHA512 | ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | f737d4b852a8f4d2a41e8f9033e13aaa |
| SHA1 | f1f7eadf66cfbd6963697d102b4bb1e8de28da2d |
| SHA256 | 2aa331f40ecbcae2cddc8cd73e836b5c2fdcfa9e03e49a6ec55e7e2d6673197a |
| SHA512 | b567703c94d991d71b692808eba4e7c593a7eaff3e8e31f3e2bb397d36d47b3baab4168339beb15df3ca3f6004c88ecbca863c6fe286dcfee4355181c0c904a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c0dd6883e32dc796bbc10667b1b8c7c6 |
| SHA1 | 7dc55c8a79a4c62ca1ecd4dbfc9fcf22eb631654 |
| SHA256 | bb96701a77711c9348b7f5a86e1cd54a1597cf0a9fdb9651ef6901d9b987b710 |
| SHA512 | f58c21b7cb6611de0a5ae81128fe2d556a31f3bef9fd2293b058258e2901b85d8d81eb908de9c8c4bb9d696289451586579a5cae2ab182a1f329fbeb36e4f19d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 75c9bc77b3e0e30af4e5312eee529027 |
| SHA1 | 630196fc218bfa7cced9733c701bbd890e5ba840 |
| SHA256 | bf39875a1cb81ab21407ddaee871cbdc72e17a9cc7e774a80d6474377ad6a9c3 |
| SHA512 | df1f92af3c71ba541ab4ba6d86c22dd534e38bb547fab317b37b95ffefffabb4c9b4c15b11a75c059ea4177cdcfd84900c187d54535bce316bfac7509f1488c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e2e3cc6c-a65d-449b-9b01-214eacb0e8f5\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 9a95465d3764f96b7999c7c0f30f87a6 |
| SHA1 | 5d2f08cb28acc8716afc6406beec43120b5737df |
| SHA256 | 425485dac92e5a7f24fbe3c728977bb245cd9425ddfcfe51352eebbd8bd2c0fb |
| SHA512 | e80de30197ce9460abac1f3831a85da660aa382afbebd41524b448dc0e092c0270e5758c6b5e67992d3129ac6e3bf55f5a01316c0515b241a4aa88044af59913 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 2d0cbcd956062756b83ea9217d94f686 |
| SHA1 | aedc241a33897a78f90830ee9293a7c0fd274e0e |
| SHA256 | 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2 |
| SHA512 | 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a57c7e81a0d4e6ff33d20323d2bebe6d |
| SHA1 | 2546003d69e1a163df7067672ee998c161d07dc0 |
| SHA256 | 461c52c7ac2b90768028eecacbba8d68be9e8d9c25c153f5f35a31830e2ecb6c |
| SHA512 | 7e78f5e846ccfe545a7a7db5afbcd3367519fe0dfd9ad1c3d978131b717223ecff7633216231edbfc32443a810c599dc3ef94aa3ab28ce6790df356c3adde47d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b29d6564d504944c882a11565ad76fc5 |
| SHA1 | 55595493ac1f32db256b731c4bdc7f6695c65975 |
| SHA256 | 5011113068b800186395b5e26fb019d9b43d0168c95a5c7c354884156a061e9d |
| SHA512 | 0f70bb2d870d9c01186aad175eb1ec972f196cb8591696b3b784d67ab7f540d7e41f0c86e8d7c64f52e6db228eca4ab2318ac2618bb59b66315af3940907a5d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b9702688303fbb6343e85ea57e2a15c6 |
| SHA1 | b10aad5874cf3ecf2b47248238c0b79ff3f90334 |
| SHA256 | d81320b92a0387de380553dbba770770c6682079297c354ddbebd2aca680ce5a |
| SHA512 | 8e28ae5c9dc9be9a7d492bb259ec3953da6ecfa118c8272e42f34288b7b032f1a57ce0c1ffca0a7d2890599dc522c5d175c6fc5cd7993037c6d4c3572e38da8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdb48a3b-58cb-41b8-a27f-1b559eb7bc17\index-dir\the-real-index
| MD5 | a7d82df9e0636a264478436feb2400a1 |
| SHA1 | dcbf4407df2350aa0a2d23fef32e45514539987b |
| SHA256 | 97372c3d8ef8a7cf8f15d0644d7912e1da4acbc2608ee4317054a03f6bf39e33 |
| SHA512 | da97bdf22a858396f2a081119bddd357c8151bdad819662def5bbd05a4a3d7754bb2710167f234cdbd58d1653b68835d9e96976224c52e895c520d96617fda19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 52bc550b1d445b9a0502795277e5fb5c |
| SHA1 | d8ce2b03d9cfceffc17d5e2e91f1a6da78ff735d |
| SHA256 | a1206170896fbeaf8afd638de7a7add7688f91e35044b19ca114b4683c051980 |
| SHA512 | 22317cf6cecd8b1b8c4d0dfdc2168bd8b050ef616d51ee39cd6b3cc11b7918704877641834bceba834fa91b1ff9c7300edf5aaf3134400e04e5a1b9afbdcbc1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ebb26c74d698d034e0ae91b4408aa220 |
| SHA1 | 0aac4b0b65523eee27b39062b4a576aa80b4882d |
| SHA256 | aacc6d13f310406586904df323bcbb955aa9a3531126c351957e8ab1fefdb1cb |
| SHA512 | 0f46cccecfc3a7dba0f9ed5412e37cae5de2a03174cdbacc9152306ab5992493daee90608d3cffa9196b8e25a59d2fde11a0d62e2ff2c5a3543db4c4deccb0d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ab7993452ab3753885dcea2ce9d3ac80 |
| SHA1 | 4412562734ad99fe6d6cb2c8b4a8f4c472046b41 |
| SHA256 | 252104929278322098ae79c7e8795d5dec2f01814e2cf8e268ac1a7a5985e72c |
| SHA512 | 1757b64eb80f439da5a00b2f3f3fbd512b4a5cf2860591b52be3e53b6f2cee5f70576e7fca08415ea937b6dc9901ba24676f680d3a9dcf660a5e0be4c4522677 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 75b7b80ecc1d0e1b01d6d7af1782969c |
| SHA1 | cf60d3f23811068569a51ff35ac0b0150a30e9f8 |
| SHA256 | d4a43756ecb02a6abc8d9eccf1cb6a58925aa3fee1cf6a6c3ea4ba6293ea6d1e |
| SHA512 | 38a5eff6074dba5642254eadc571cc1465f9ab31851e7eefb0fad339e3a8bd4bd102befa781d0107f0f6923e21cf358871a2231b00dbdc8f47c9fa7ab7e6343f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 68e076a8b5b30af0c2c7c1dfb48bfc32 |
| SHA1 | 7e0a5cafd613c176f50cdb33b4d3eafb9252588a |
| SHA256 | e0237f8a3e42884dff9a269bf214331642f9221c041bdefd715ab2afb34af9a1 |
| SHA512 | 021c601df81cfe75833b870c973fadd6fc3fc546d1668659e29003070a6a6acd22d25f8ab1e92d904677ba9e1fc58967293ac049cbeeb75e6faca7600c868ff0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a7d6911e183ec14041592152151e8d5 |
| SHA1 | 06dd2efbe190eb29a1a9001af692b04c2759f4f9 |
| SHA256 | 8aa8bf9dd4307f5cdacfb404fd583fcd40531a0d6ca57db04bd816b0875093a9 |
| SHA512 | c5e77e67af06f0ce8d2d29fbd2c07100039c00689ced266a567cea3228056c1ee95391852414bf9cf214c35e42b25abb483529c17854590233266d88316f50f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 739d0dc61cb674fde8cca9ffd10fa467 |
| SHA1 | e44c5791eab9a5a05e051cf6e4012b9e28e3d852 |
| SHA256 | 57a6f37347c3dd4b2fc4f135007b69dce51a6e0d5bb0a92c09fe3deda18b61ad |
| SHA512 | a30978d7b9a27361662634b9dca3c46687a4ff798dc734b41324170fac9874e061513f030cb0b8bfe1cb340d40e7e16f229d4aae98f8b3472a05f03fe63c2c98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fccec854895091ae60b553bf023578a5 |
| SHA1 | bd4f352b4f95193aeafff28afb826ff5b4107f6a |
| SHA256 | da61b8ad9ec5ae1ea88cae631f123c0061765c72e4e1911d1a01158e8829cdf2 |
| SHA512 | d6063f5bbd7d307d752d39fcc521486d268476cd3e3321c6fa215668d81857db847780bb8f838c26c9f42b405a85f05ab8397dbbb2e489c8f4b50a9088c6c105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4d90ca05a56fdf8_0
| MD5 | a13b815f4bd00171192e1e95804b2590 |
| SHA1 | 3928b66efcc498b9564124a9e2a7ec2554d5393f |
| SHA256 | cb08c4b6399f9061143da7b056c62aacca34dc63d8010d341c00cdaf134ac3e3 |
| SHA512 | bde1217a48d5389c7f523ff5efe8ca60bca77bcee4e4c943c88985f28712b40edf03c889fef91f8a088c72d57b0af221b833995a78a11d38725f503d22ba4941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2eb6d2bd2aed76ed2c6438d254d49232 |
| SHA1 | 797cc72a7bfa5af3779c0aed175bfb1f00cf5a81 |
| SHA256 | 9e097a744ee71169a906038b84b100f0add169de8698460ad0885a2a1284070e |
| SHA512 | ea8515c8fefeab8512b1788a6f4d30125fd2e3b75d480db97cabbb5ac9532a87bbbb714f921dfbda9a6b16b0f5a3dcd6c9ce14496be4ab88ec9bdb155b35317c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf4896caea76a7ac_0
| MD5 | a790e7cf3c82b79a315f762a5232da58 |
| SHA1 | 84a0e25e48b0d57fd2455dc154abea11eb8fcfe6 |
| SHA256 | 2bbf998c5d2bf7e44509656f70654f4b7bd84b744e4aa4f33789849f3d661cae |
| SHA512 | 8e5c802b01e6968c356d099daa0b6278a738a7959c9c8bae91a5454767612736db62242d4f70aef973b67e44972e1201e53fe78dc335cf1ebc889c99f766b46c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | dfc11d056fa7cb3c558ad47e79c8edf5 |
| SHA1 | df884724c4d77fc889c86ea44805ef92995afabe |
| SHA256 | f795a708ef3d3b363bebf83622f1d5c39643b95c6b606156ffbe0e95c129f481 |
| SHA512 | 0fbeee654540924d9b1ca2283d9cef1cf8479f879af7648940746c88435b3eee14454a16ba550b2cf4a9a703bbb7bfacec0628c980145b32b578138b314ea79f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1cac1ba517c3385791a01e0594e989a |
| SHA1 | 8712bd224e404d50209118419c20dffd16e3994a |
| SHA256 | c57f48f4a67fff58d6c7c4612c51c5a45d35db9f99dbf987c2d6b73cf3f57879 |
| SHA512 | c3d87203f8075e639a7e3d40c96d0aee26f22f84347748b1c173f00745e4d38ee755759f9dd100cff0c8cd03664472b06e0b945ae21e26273860d06304623b19 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-10-06 21:48
Reported
2024-10-06 21:50
Platform
win7-20240903-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"
Network
Files
memory/2628-0-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmp
memory/2628-1-0x0000000000290000-0x00000000002B2000-memory.dmp
memory/2628-2-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
memory/2628-5-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
memory/2628-6-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
memory/2628-73-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmp
memory/2628-74-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
memory/2628-75-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
memory/2628-76-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
memory/2628-77-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
memory/2628-78-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-10-06 21:48
Reported
2024-10-06 21:50
Platform
win10v2004-20240802-en
Max time kernel
93s
Max time network
102s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 52.111.243.29:443 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/764-0-0x00007FFEDCE23000-0x00007FFEDCE25000-memory.dmp
memory/764-1-0x0000029704DD0000-0x0000029704DF2000-memory.dmp
memory/764-2-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
memory/764-5-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
memory/764-6-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
memory/764-7-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
memory/764-74-0x00007FFEDCE23000-0x00007FFEDCE25000-memory.dmp
memory/764-75-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
memory/764-76-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
memory/764-77-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
memory/764-78-0x00007FFEDCE20000-0x00007FFEDD8E1000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 21:48
Reported
2024-10-06 21:50
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe
"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"
Network
Files
memory/2656-0-0x000007FEF6123000-0x000007FEF6124000-memory.dmp
memory/2656-1-0x0000000000110000-0x0000000000132000-memory.dmp
memory/2656-2-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp
memory/2656-5-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp
memory/2656-6-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp
memory/2656-75-0x000007FEF6123000-0x000007FEF6124000-memory.dmp
memory/2656-76-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp
memory/2656-77-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp
memory/2656-78-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp
memory/2656-79-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp
memory/2656-80-0x000007FEF6120000-0x000007FEF6B0C000-memory.dmp