Malware Analysis Report

2024-09-22 06:30

Sample ID 230410-wp9jksfc53
Target https://github.com/Endermanch/MalwareDatabase
Tags
bootkit persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://github.com/Endermanch/MalwareDatabase was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Modifies Internet Explorer Phishing Filter

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy WMI provider

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-04-10 18:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-10 18:06

Reported

2023-04-10 18:09

Platform

win10-20230220-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Endermanch/MalwareDatabase

Signatures

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\SysWOW64\Taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\SysWOW64\Taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = b77e344e9d45d901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "454326446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387922203" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31026152" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31026152" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50f9a112e86bd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "387970789" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e8000000000200000000001066000000010000200000004b47a2ea49ba33c28b00251880e02ae05dd455402ac0a007a38da77e074d07c9000000000e80000000020000200000006d2aa1131d73c6a5bdb815d02aa73bdbb9f0c0865b332660bb7e4ded6384e86b20000000a4e0f8607a13673275acd35e46b490ea458d0a74e98515006f99f5f775a3dc5c400000000b053796309f17cfef25833faa25dd6dc867539e45630704202fa98d411557f94151cbfd96f2ec0dd30262fb18b3f01a79a608a2020eaf6e34db0a6fcf8138e9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "445107770" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "387938797" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{459F94E9-D7DB-11ED-8E3B-6EE0D1D44315} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e800000000020000000000106600000001000020000000c962a3cce2677fd70aa627df0757e42fe384a430c299534d2eea38a35b4a811e000000000e8000000002000020000000ee9844c663a39487cbc6783f9d655847bf9d8f9e619b677cc5bb302441a9955360010000e1a07b4cc68f5ae28430d1fda020a0239ef3705ccdcd62d689c71c02325ba3343a4e53e36ed6f746b300920dd32b4d6dd6222f2c715a06c77d4a0a347741f776b755c1d91c4b4cf33f6a10e5ff22400a19c9a8f52ddb3db9e2f4b5e39b24cca8dd44583932184e1028e9ab3f44e08692dda3f9e29cbd9c5db69f54d796ae95a91716588d247ab6b98ff749d6991ea695686dbc22cfe8dd2f509977333a04549ff81a5c7ff50545aa54ada6161bc1ff6bce461fdb763194e2521b5c39146a022988a99a51d90cbdeb145a3a39d870928c5075707b7c614bbc59ff2ee75667e97e17a0374907560540d0e854546ffab18321b754ad0a4d0be58cefc6267f8f8e4b4793abb16f47aba385552a00b15ec28672f445e9936090ae8bbd38e910d70474a924d0eff176cbc8943cf885d0daa93ffdf2332b95f5451a13236e4d9c9ee24202cd797b48a497bee94db7fed709d89f3af4bec0ef4244eb2f4350411e359ebb40000000a334b22c6366d6ace1007ec39facca3db9172055f0c9729e18db13f061223ed2dba68123a1b9feeba18eaecd84054a73ea31035d045688d753ba963cda479e0e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\RepId C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "445107770" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31026152" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a702c863227b745aefca3d2bb9571e800000000020000000000106600000001000020000000b99a05843f919d22ef93b909be5f8124b564366c479a8b5635bf5a60369a2d36000000000e8000000002000020000000505a690ebdfffa11425d41a5fda72893b5ecafaffe8508a9e30ec4aabe07e8da600100002d12d7e0cef58ea548802ffaebac808115441900f6dc7cca15bcc5d72ce0e27a7e41447889ab43d0848d45822bfea2bfe4f58250d7c36cb8459e624c09dcc264135c2e7441d53f789225078b8afa4dc718724febf2f7bd2e8d93cdd0e0179a7274528bdd3e5b7f5af2e36015e794fc0aecf49767acbc8ab0c14a09bda51bc931d3859b32bd69994b188a8da089cac6ad4b526bd63dce5d1e59e3c1d1a2af4e757e23e5c0ca320a77f4683fac305caf3a2371fd3c04379ded0df2efceda7ad11cde1fe41d1e662e76f5176fbb35e345b86805fac77ae5a4b07281ffa94207e8f4cfb34eb70d8085b2b6c06e9613d4d91fc5e19286f8f5d95aabc82725e856c7ac790430ea86b23873320ad6fc4a35248bcda1d9087ac4912efb6b9d4841d71d311cb7b6136e86bf147704e807bc54170a8675e53d6c8452374a494f108da4300f41eb6c7b8246c191d132fa8ebf715d9203ccf21d881c27c8aa4f9f4485d5d0f540000000917fc233ef202cfacf244b5970314c46be920af339206b0c5936e7499efe794810576eedbcaa037738220155de8b7ab6127de50a0905b58e368f98ecbff357b2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\RepId\PublicId = "{2BCFFE09-9888-465E-8D25-94D3538489FE}" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256309644001589" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000beeb60dd8853dce930085dc34b26b284e6171d371c5fcd5c6d3559947bae8f95474f4e75f3481c5bfec7044dbb654af7db529c774bc9354c8707 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedHeight = "600" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 24c1e949e86bd901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 3df8bf635a45d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000ebcefde4039ee428854c77198cec594a1b0992c967bf3989907882f914b9582592b3744c08903435bd96e906b5ae3ebb28e289789ad325688a5aa8b7b9b1d4714fe9f707108fe37d83b9b2a559a89cfa0733ee27427c702d5282 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3520 wrote to memory of 4144 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3520 wrote to memory of 4144 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3520 wrote to memory of 4144 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4976 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4300 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 420 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 4976 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
PID 400 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Windows\SysWOW64\notepad.exe
PID 400 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Windows\SysWOW64\notepad.exe
PID 400 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] C:\Windows\SysWOW64\notepad.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2240 wrote to memory of 5032 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4372 wrote to memory of 3468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4372 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Endermanch/MalwareDatabase

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3520 CREDAT:82945 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffd8fc19758,0x7ffd8fc19768,0x7ffd8fc19778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:8

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1860,i,2992251644392234196,2983873297115462275,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.110.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 200.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 86.8.109.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 58.250.217.23.in-addr.arpa udp
US 8.8.8.8:53 131.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
NL 172.217.168.228:80 google.co.ck tcp
NL 172.217.168.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
NL 142.250.179.195:80 www.google.co.ck tcp
NL 142.250.179.195:80 www.google.co.ck tcp
US 8.8.8.8:53 228.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 251.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 172.217.168.206:443 apis.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 acbc9c53c66f6227d3e13587ce3d34c2
SHA1 6f64bc5d48f60fa7e26c64a42b31dd0dab5fc8ae
SHA256 47e4e5a5b3ff282a5ff5796b6a6149b53d79ad444cd71b74536d5bd56c077fdd
SHA512 1d07e95a5b98d15dfe261ab985d18c386023d3d40c9a8cb995f2d657ffb67e4ec5b22a99575b3232d4758170db4efeb7fe950d9db11c5237daddb138f0fb5093

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 b45e206f2c599058d8db958864020a91
SHA1 5c92f976ead6608f39ec7c6b15a0b592264ecc58
SHA256 3d48a0f79d984c2b3896c7dd867884bd7c9c49c5c886d0df1cf425aaa8ed89a6
SHA512 258d3573f893f23d77cd2d54a0cd9830329db8e5f005dbc66e00b5dabe43f76a43f7f517ad58ffdbd575150944a6f3eb251d8011ebe385e64a6e2d37196e6b37

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\favicon[1].png

MD5 346e09471362f2907510a31812129cd2
SHA1 323b99430dd424604ae57a19a91f25376e209759
SHA256 74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08
SHA512 a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\dark-3946c959759a[1].css

MD5 2820c4c7c0513590c53d244c42fb6fe3
SHA1 e7512521010a3afcf5ca395457473e7963a23ed9
SHA256 c2982a111fe3270b0feec1917715b73a1ad11e04a918c3748a129fbedff88370
SHA512 3946c959759a620244e1e09847f1baaeb2e1aad20b8e0b84ca7652fa14a130d5b94af4047a1db76afa5abacc01bba4d87789d44f959e08f8524b864eb66f925f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\light-0946cdc16f15[1].css

MD5 5235e806bcb88fed6c8c8cfb53348708
SHA1 ab71dbe80857d73ce2ca21a45ab4a216ab1cbce1
SHA256 89233262726664b22e2d2e8a742b89d7439d526394f7413b30a92f304a04775f
SHA512 0946cdc16f1502b0f9aad2daf13882a63691a93f7f9a6afb537da241ef6db703e1173a6591975026f826792a4ddbe79c07b863e2a6a41ec6e7894ef1fa920e40

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\primer-489656187993[1].css

MD5 139f4923247452688185bf3d633447a5
SHA1 3ca134c873f9beaa50e5134195c9ac131ef2d95f
SHA256 8b3bc987c4a93293a843b9a31a20270cf8cfe2eb6d9f3d5bc0c4336682c7d37d
SHA512 48965618799325b03b58acf21191857abe99f6067b844448c977112907e4b61fa6e44c2559c4cbd75d8dc84b7bccd6f589c9993152efda28cf0fac77eb19fc9c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\sessions-4849c97a18f4[1].js

MD5 2bb72936e57438f307ac1d83dafb518e
SHA1 d8d0d2610fe499c2f2d6c4abad5c4ebc0387ce18
SHA256 0e6bace12a3476af2364c8a3f1b89bea228491d0e59920ad3c229903ee9e8d90
SHA512 4849c97a18f47cf864f8c5465a7959c2054b74401e82c1a7f66a290aa5ee89d60a26aaecc662ccb73187d3fbcca98e584ce697b4b1c7d3c8608fede252fbce2b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\code-menu-699612a7bb50[1].js

MD5 7ea0c06350594cc3720dd77bd7f3a3fb
SHA1 c2600b934c656ef063f5bb65a81d879d2aafe6ec
SHA256 d1e73500e9a5a6b3388a56f2aed65d1c88ab407583b9bd8baafa53eeccaebb5d
SHA512 699612a7bb50ed6b745cfabe0ffba666dd050ffa7f4c47807c94b92a9c390cbb2b8d0c6eb1a85f2b5072f3264b10ea6fd9a0c99e0407764ee07ffc55e0c490c4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\topic-suggestions-12644bfb92d9[1].js

MD5 2339d6f00c13728ec3e8c8ac5cc04103
SHA1 65c6f65c183ed78afc8aba2fdb60dc95d6f04c1a
SHA256 8c20afc53c5f2182e2acb0978ff144fc986187a9d073cacc2f9ef47cee8f8381
SHA512 12644bfb92d9e7a3de21c29fe81c9af40d4ec15dd25c745795484f7d8a00de30331c0803469d61890d2c00f42ae16878df38fa59eb437977a9a3653d39b99215

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\repositories-1e8ac8fa769f[1].js

MD5 e86ba5335479c9ff116ffb175065a222
SHA1 38a5b71b6b19a5326ba6a5ecd5affb087532a877
SHA256 138335ed297f4958231edb8dd26ddd9225ae2a86efa0b72def021f8cd33aaa88
SHA512 1e8ac8fa769f11dcddd496c0dc5870f48fe84690f6d0f8d8a2e4564947c2fb7fd5bbfb1eb240bf85fd93f4393068f4d8c3f1572678e9c592134c5f51d3873cbe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_mini-th-34a24a-01ff22798072[1].js

MD5 387e7b7c88075f1cc262ce7762995108
SHA1 8d4a776982195206039b9fa67db73b30a4308022
SHA256 e69981450663b3ee09eaa62baeac163f7c8e3546b6d629a16f77cb11a65f80f3
SHA512 01ff22798072cbd083234ac32c9a3bdb5dae8bc388529fe83ca1440a77d2324f89bfa844d09e175756ea7c008a814d4da968c06ed4f89465ea2f3f1bc0982fa8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\codespaces-c3db6dd3891f[1].js

MD5 2a4e030ae20ddd0d7fc6695e77a52892
SHA1 b490df78b209478ac7e5ff01a528da74160b4c91
SHA256 c5962c5a418ad72660262692f1635e9762997f2341902b6ba59eb66f8fa7056a
SHA512 c3db6dd3891f9c3e235039f08cb29d6edd5d242b5cf83a9a67177582fb3e04cce7bd19aa5f2dabe712ab75332a1960914ff693eeaac472c5a7a5b87d72769fcb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\app_assets_modules_github_ref-selector_ts-7bdefeb88a1a[1].js

MD5 d8d29d2bbd0f6b4f7d7c90ee97327932
SHA1 79f48d95561b7184b59a35145f40e38288cf80d6
SHA256 9364633a098614712c53ec35442adcbf0f59411a2bca17db12374e1e94a0fae3
SHA512 7bdefeb88a1aaccf9b57f95f9e147289f4f8388ebc5f70da7e9b0320cfe96d603b597bcfec9f9bc12754f9c96d0489e76fa2b91048b20a8fa970788b5bffabb9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-911b971-e714578c4cac[1].js

MD5 7434f51ecfefa587a020c2ff47fae4de
SHA1 4c10f748619ac8b87f25e7bf4a9e48dafe74d517
SHA256 c3c5a40add538d81807d60aa46ba52c2b0368b80a4a73665cefa50b48413bead
SHA512 e714578c4cac5de881bc79cbc561f68443c0d1d93e6d933b4fe67b7677bde8bf55bd635924d286fd09fce1f0b7f82c86867d7499f6493e5834c38bedbdece26f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_virtualized-list_es_index_js-node_modules_github_memoize_dist_esm_index_js-8496b7c4b809[1].js

MD5 844fc2167be483deee376371db56f504
SHA1 6bba3094b6c0753f8e70cc9ed0d1dd43f36d267e
SHA256 4449596879e9737f1a216b91d8377dd0e2e5ee9b57f0df3d0f9ddddbccc4ca8e
SHA512 8496b7c4b80988d7cfe5aab2d7a4a3c70908544afeee50b7e7b836922f51ae8a3c499f094070b8a8385e092caee09f7f14b004cdfb9d63acb1d10dfa9f377f28

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\vendors-node_modules_morphdom_dist_morphdom-esm_js-node_modules_github_template-parts_lib_index_js-58417dae193c[1].js

MD5 5c92d60934f35b5e8ad723d7f982d7ac
SHA1 a9dbe8393e165ee73c9c2f15d9b9e25dee03ef98
SHA256 ab812475a704013e0662146bbc9075cffcec836d87c0507fd8c3649691694fd0
SHA512 58417dae193cfa3899e4861b3aaf7143ac640625ee2181258f2d051d2e3d0ab4991c396089ddc26c781b687d2e78f2ca7df7b9282205eb5518f61e6eb6066fc4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\notifications-global-86e9ba7bffb7[1].js

MD5 c81994fab4171728a9d56d598ca6c7f2
SHA1 3560f347746006944133e499411235399642ebe3
SHA256 9a5975c800bad812fef12760aba50f61f623303141088d685c3c167dd8515f78
SHA512 86e9ba7bffb7eaf1a30bb975d0b72654de5b664845b07e543b96098b93de762e61096cae05fe47340a37d07d39708bc7894d5bd031e8fd6b37c6e03b79097398

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-fe0b8ccc90a5[1].js

MD5 b49149f4a5bb177d2a996d4dabb198ad
SHA1 7bc5e2cab51623c49b486fd3d809e277eca85d44
SHA256 b39d718bf90927b25fec09e7d70cd72b69adac6bd943ceeea106959922c230e7
SHA512 fe0b8ccc90a5b06dd44f859d6cde857cec873876b0ccef2ee3dcd1edf036b5d636487a134869c5e05f17f7fd224bb7ad47b063161eb1b85536a362b0b5d99759

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\behaviors-02dc1184ac49[1].js

MD5 5787c9b73681f0a1dc706ffa0bc3e070
SHA1 80e024bf2c12cb0d7cf3317816d4ff1855dfc68a
SHA256 4d2de4268df34d391c9b3f2ada4807570b85380a6ca05939e07f1170693a78c1
SHA512 02dc1184ac49c869fefbd755d5773dfa1dec7f209fdd708bb50a2090943497866cc8493886249602ce1ffed0efb3052522a86c582114b3d4701ba1842e880d6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-80a9915bf75c[1].js

MD5 803de299ecc5672af443d018f8b7d443
SHA1 23ea39a811d08acb34a991966c8a5b8381659636
SHA256 bf14d2467bc2f557486dd191d87534cbb7eeb2d84524db094aac54ec23ed77f8
SHA512 80a9915bf75c01c9eda4b40965878faa2b4e51f60aa9e4c24953421f685a1aa2b49d7b86b2a68f29861973b96dde38faa9a659df2124824162549f04410646e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-2e2258-dae7d38e0248[1].js

MD5 2ea4751c021cf86092225f87a5cc7ca2
SHA1 3c3a818ccfb35a1cfa7b8c7793699aa9ab8a9d72
SHA256 9d4c3a8ff89e9acd1218edd29506299cd6522610df7b06442704ccc318b24c2f
SHA512 dae7d38e02483d4244dda02aa05e081ef94d31f30c8bba7f9581d5541abee149b092d5e216009ac4457fc28336a89373bc78e94a6ab513da516b15289c982653

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\app_assets_modules_github_sticky-scroll-into-view_ts-1d145b63ed56[1].js

MD5 9c15e69f34d72ab01a25575780a3dc9d
SHA1 4834bff994ded22703fbce6e1f04d5a13838354e
SHA256 a382c7be63e4761274ff6e21ef7e9596aa0eb700573a0ead42aea76c36e3e47b
SHA512 1d145b63ed56c1ca14a1cb8d7264bc56a9e0c3a7d11ce67b5b1954b034a9ab4c29d74f72ddf860600dfddbf1b73d38caaccecd5bc51dd4fde166f79d426aa086

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_onfocus_ts-app_ass-dbc08c-c80bb6d2e713[1].js

MD5 f5f1895fd16df7ec5de1ac0cb59c1f2e
SHA1 e65078e88775a6c7472eb5ef882b94eeb5d0ec89
SHA256 077048a700f11d1f982097569e9b89ed2422293f323465967bc1e4f2d28fc0d3
SHA512 c80bb6d2e71370895a987cd12251bfd3884a8d8cf392374c65b76115a769e1e08c2987c8aff1a7094f72c48af4faed2564ac51622c089451e462d18bda4cccbd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\app_assets_modules_github_behaviors_keyboard-shortcuts-helper_ts-app_assets_modules_github_bl-1f24ae-60413f6f3a61[1].js

MD5 149d13dbcc51fa331e11cfabac92c70e
SHA1 9153519b565a843dee2e9c5c4a80ded810e193c7
SHA256 9b2dec605c3d912a89cf87edb803b1110c7cfc2730bb90df7ea5bbd3edf29ef2
SHA512 60413f6f3a618e8edd9fff6ebdd34b274adbe5289ffb3894d6df4efb0ac12f70ccf33c57104ed8a197c596af0ae5f89f3929d3657a63aa57628133424f0e4ec9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\app_assets_modules_github_updatable-content_ts-70e6c1269039[1].js

MD5 86a00ffb34c4d73e3f3c3ba24756c1c9
SHA1 e2c5edad571445b52f611db67fd2d7928c203a1e
SHA256 35617d8843005118fa116252bed39f77de0e967066c1ba3f9b665ba1f6246a04
SHA512 70e6c12690398352b11576213e7e6908581bdc2fa7374409bface6053e05aef889e421bbb9dde3e566750677a166b0b31d8422e097ab52c7b11db8b589812fe3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\vendors-node_modules_github_paste-markdown_dist_index_esm_js-node_modules_github_quote-select-1bdbba-dd6debfb8eb8[1].js

MD5 3300bb1e43e1f3e0b54b12ef8374c3a3
SHA1 00827a47080d5a773e7be772db60ddc757c886fa
SHA256 b057bb407ab2e68df16830361ec5d21e19f1df0f1d262852032f49ffca0586cb
SHA512 dd6debfb8eb8b752c44b228fc2b4ecc97c13e4c4a70db3fd017c919dac8f8ace9c75a8857a8bcdce973becc3d3c1a6949934e14411219541343e1c06fa751d5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_template-parts_lib_-273494-0fb4f42e57f4[1].js

MD5 f3ababa361da60a5a0850157f001e1f0
SHA1 d922d1351994e5bbb7300ff64fccbcd51d868efe
SHA256 3bbfa36699d3e10c2d6131124a6349bee69838b7c3bac42b23d7a4e95958ea3f
SHA512 0fb4f42e57f49b300ed87d266e866309fdecbd06d89ad6d91f4c89d7eee0302826654c890a040d595eb58eb27daa4535077fae5d50ff2d234124f829b2f92a49

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\vendors-node_modules_color-convert_index_js-35b3ae68c408[1].js

MD5 9dc040f59be2a61a2c9e74568e81a859
SHA1 7ea23e783cb7242b748c0630d5946c82777fcfbf
SHA256 b05a7e19c59be8422fa87b0c0a3ec37a9aa64757092ee6afc887500c186324ee
SHA512 35b3ae68c408451d73656d48ecccbb9663b4e824ba12a41275a8878859bd48ce96612c54d7a72e8201b61efb6054187571d3da8d4db02418d54ed74cc0dd6126

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_hydro-analyt-f69502-d8672aa6f36b[1].js

MD5 e4012feecc28eedcd3e808d60e46b8ca
SHA1 9d9edfa379e126c74fd5d1d54b8ab44c455de132
SHA256 a1ca04d5bf323662e0954d2246375044d461303e6605b18dc7cfeae4e9f02102
SHA512 d8672aa6f36b0137c3a23b186456056455c7207cb815cc28e9b6b348e9f1ad25d34454d70af8610b3e1096707ec276a6378096d234d499c5a11f435f19092e3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_hotkey_dist_index_js-b47a28757074[1].js

MD5 c276f423c6cb28f8343853e1ac010b5a
SHA1 178aadaa8312ab8a2df9f0e7e660a953906ee8a7
SHA256 a7f7e18e890a1b333483033f30ac36bf70498d6d8a45c8056aab7e2360ec021f
SHA512 b47a287570740e0282d8e09ff1c842fac19f2f6204d0f92d6b4ddac83f54b577816b46c968ef333b83564c8c9652f904a6af678a767cf1b51312ba884ddf0332

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-ba0e4d5b3207[1].js

MD5 80de3fe499fabcd32f3eb5a1c8a080b9
SHA1 45c7a787dd927214b847550fcd44f37261413256
SHA256 0f0b5c21ea9467b911d1377fdff0272addf7fccc7a588f2f30ec6f07ffbdcb6f
SHA512 ba0e4d5b320783d52465d15d4a36113a8e10261eefc707314d7e6f211ebb57930b7cbf2568017febe5e47cb43749552e6992fcd652aec702110a330364e08506

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-424aa982deef[1].js

MD5 fa2bd9163204e6ced0bf13f169206c40
SHA1 ea2d13287aef46af1ad0f04b04eada4e8a8966af
SHA256 0c2a6aa4860bd3d3a135d59418bf4e7a00173c3e974842ae436a0a2fbe3da624
SHA512 424aa982deef4fc0969c58c54d1dfcf1b589d6c9da95575e4b5f88ffb03a8457954a19c03b00afbb5f4fa0d64a6d7b7361c0a4737c1d21490d2767eea227e0db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_lit-html_lit-html_js-9d9fe1859ce5[1].js

MD5 29b126d180066f2cd72287a725af3dce
SHA1 da1a0918b337b6bcda086580271306fbb2d41ea0
SHA256 9417afb32e38d089ae0e18debddaec99629f25af815081ebf426a48066ef3438
SHA512 9d9fe1859ce5c02054af70a2435b2b137398d7f41f2b71cc138333f706bf3c175eccc001e8ba717e80508a10590fd40c91468a9ee60839cf2cf5464c2601deec

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\element-registry-232b7187141e[1].js

MD5 0616418cd2a86a108acb841ada777f95
SHA1 73a4223689e940597f37189796aa211bfaff8411
SHA256 c0bbdc2a2ea28204266e885aeea4d003c4ac86cb86c224bd735f08fb438c7532
SHA512 232b7187141e85857befc1433bad1f4504ae24f6913538a4d1f993ddb9609b5a0d762016b5bcb3e9751da34fd98f29791ae6b52f5fc90587f3659e7081fbab0e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\github-elements-5f0209c98275[1].js

MD5 cc26cd480b150f489db2fb850ba30252
SHA1 29a7c8dbef41ff2cc9dfac54b76081cf687b3db0
SHA256 cb74dfc2260dfd597e852ea960b0ab0ead49ddc122ebfe82af3c7823008859bb
SHA512 5f0209c982751c652a64d4b8e695028423f16f6380eb36b7f905f1f0c971653749c8bb653579542fabb5b14266540de55b895b61f3b6e341d05fdd0517c15fe0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_primer_view-components_app_components_primer_primer_js-node_modules_gith-6a1af4-68db00c62e33[1].js

MD5 2de0975dfa6a7deb3210f0c45eecdca4
SHA1 2b42da02d3679c5ce9931842a7193d988360fb0f
SHA256 6a490ab3a7b8c3d69f2a81455cee13f846eb36765766fd397825b08df29a1408
SHA512 68db00c62e334ee79dc1e9cf40754676839e53d3df6709ec9736340208b2406b623d7076e1f8dbb7823ef6c5fb0c6a985d5f3e9bcb5277b0a725606903d2f40b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\vendors-node_modules_github_tab-container-element_dist_index_js-node_modules_github_auto-comp-bf192d-81631767a9f8[1].js

MD5 293d63f0050ea51645c8dacd1db64d15
SHA1 d4543677f93f8d3b6c0668b6e7f5bde78fb2d292
SHA256 7246e4fdd4fce24e9d15002dfc9e07db899a1704598444f31b4f9b9a34372afa
SHA512 81631767a9f813fc0e4c5900d24c30e3824860bfdfe913cf11a6eb7356ab8e8b99c5cefa5492e3daa5e49e468ecd2a765461ff4ff10c127f404e101118851dc8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_text-ex-3415a8-7ecc10fb88d0[1].js

MD5 bb1800636a88e2cf90f48ea181a1c3e9
SHA1 486238b0e8fbb84b4f92e462ba7f337f8c6c091d
SHA256 7bfa93a6b92eb9a2f1668a9b16ea5e1f7f2591d3664351788a48107ec879bf84
SHA512 7ecc10fb88d0dc86ce7d35b7a2be7b44f51904fbb1908b53c9afdf0d6d1fe9760753f6cf8f9ca1897bd537552d3f8238c68e9b993a167cc52f43b5f7a58b37e1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_details-menu-element_-bb7a4e-8ca5bb7b5e7e[1].js

MD5 f8fd66fe242f868671c429712619f0ad
SHA1 f11152ea44023423ceabae57e8aedd6e0a989cd9
SHA256 b5b19cdc6d7cc23c96ca4214a7f915e99a6a3db99af3bf01432831cbe35f137d
SHA512 8ca5bb7b5e7e52344931fc71eeb1c2f79b08df6939f6f2bb5f7bd78bd225ba05ab794ced92dd500f89e1b4767e8cb8f106c0be926210f2013d27f1c8e0070202

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_github_details-dialog-element_dist_index_js-node_modules_github_memoize_-8664b7-b1d9fac72bf3[1].js

MD5 e8daa8ae1bace46578621c25ea0966dc
SHA1 83571037fa8b308c87e365911838bb8e459e30f5
SHA256 c181db979284686fdac27e16a750d2176b10c3224d4e59a7882a24cb5a9be31a
SHA512 b1d9fac72bf386bd30e509cd355253b69060d7a72529b6272d53593f28237ccfc31ec334309638fc6c71e52c8fcc44294d3ecbe557013eaeb8f7dfcd71a03e32

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-44ef1e-ff95e778f461[1].js

MD5 5e5e12b8aeabb4b09bd21a35791f7a9e
SHA1 e327a6a2c4f32e0a459a6537017a379c31cdf7c9
SHA256 3b3f02fd63bc69bc9137be434e4eee05a4148ebff584f8945d808e9615b63a14
SHA512 ff95e778f461f30e5f1c3c6aa5be1f824a59b5a137b0a1e6d2e311ed44cb5729097e6008238990838a6d291bff503af37d501c4bb96840e78e9fc36470b17eba

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_fzy_js_index_js-node_modules_github_markdown-toolbar-element_dist_index_js-e3de700a4c9d[1].js

MD5 186933c0117b94c9b8aade71f6f310c0
SHA1 ae67ade0e920b536137b6e98bb5e9e6c34b96925
SHA256 1465e7c16987bcaf9bb6209172d23d157cba309e9c8b2e4751b77ce4feb1b14f
SHA512 e3de700a4c9d4e1a490d2daa45c518f837ba0f6e065274231627b3911c43faf07e365ba42dc6d110627987662366ea1cdebc9ed4f5a8b88a04b64a7980c7b5b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_github_relative-time-element_dist_index_js-99e288659d4f[1].js

MD5 f491d4f9b68507dfdf90a5ef6d4f70f8
SHA1 dac15fb588758d0cf24eb922931dc367d9f0458b
SHA256 6f7e23dd694a3e70ef7b0a8dd6b30161168039187a16bb1f8ad56c0e385fc2f2
SHA512 99e288659d4fae2fc48756d2bc57e0bbe2add23ed9ff370f8f9643ee09585f4bcacc6688cfe6380e60dbe883f614bbe2c61cd7d52fd5109f20aa79b70df6f079

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_github_selector-observer_dist_index_esm_js-2646a2c533e3[1].js

MD5 e5411d902c14114345232eab0b388a2e
SHA1 a079ffbceba09465e2546881d6b963d05edd3add
SHA256 3dd71977f8bc77d1d340787b166bb300047f951a16e440f75c9fe2599659a70c
SHA512 2646a2c533e30cbd3c0ef653c306fdd6052f00fb9479ea664f791ee17c4a8d8321a0337dc9f79b9a0aa0a1d68a9cc84b46bda6b2285bc16a8434712b54794f75

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\environment-9fa8265d4c66[1].js

MD5 0974196805e76d9e4241714b70e1ec07
SHA1 dc86f62d155288fcfb998a69bd9d0d40463c6907
SHA256 a0c66eb68f15054d3199cbae5e3219e95da1a81fba88c2113358e30721812d2a
SHA512 9fa8265d4c66461a7d04911b4b6f404d046ab47fa744933897c28d22cd523078b752b6f6a866369dd04f2a3c2d9c3ff04ecd2d61805a7a4af7a2c51f158d6f36

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\ui_packages_soft-nav_soft-nav_ts-de360abf3418[1].js

MD5 028e12d4e783074c81652227528cb19a
SHA1 29e174284b2a6afaa23d82b2c1272fbff4a74426
SHA256 ef763158bd70c92c72c9aa194111f4e5f3e774d0fa8b57b1580289e223405388
SHA512 de360abf3418d1f7917a5fb6cd9f8a459e810bf37d0932727a3ef37047ae3f0b333a480febba701b622f7e893e981471cbf02b8c26510775fe5757440a3309d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-327bbf-0aaeb22dd2a5[1].js

MD5 9fc89fa65a58962ff1ef5ba6ab4b7fe7
SHA1 cd29e761b12b62c2fd89f78e46cb7a1b3a138319
SHA256 a65b97799b96dc96f1dc22f0a05c4d5e737ec6526545987154d982bcebc37ddb
SHA512 0aaeb22dd2a58feaf4bdcfba5d98a6f7241825a8f4049facebc4392ad1196e41a22a898e35c7ee8b59c87c76814f45d06e9c366bdaaa2446985a7f9b6756e013

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\wp-runtime-4469d34ab4b5[1].js

MD5 3a26f235169b5d90608c0ef53c447a6b
SHA1 6aaf4baed7ae2ffa47ff3349f8c74aedd8260278
SHA256 2b717b23cce426b807903cc084f8a8f462ae37615e1475acaa0b2aecb4f176e8
SHA512 4469d34ab4b539a75d3b1ceebf297778f6c4cb503336830bb302cbf68c954a62b1b04b156a98bb5e67ce7eab4f397a4134fdbefeb13ab2d7977eee0b1d1d3193

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\code-eb757dedf4a1[1].css

MD5 1509ed536a5689e730f80e6a63e40f4a
SHA1 8781101dfa895853165f8f8607a03636f4602005
SHA256 1b07a0884e67b45947aba1ca661844dfd121e839c909933af78defd1848786ba
SHA512 eb757dedf4a1e8a8a1f9cf566965c98fde3aaaefca12700990c837caed81f1277570d8ac24001e2ceac535ec45a8132f8cd76a370a746870d215cd0a92b57a6e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\github-cec71f055b16[1].css

MD5 6a5fe2abff6ac950537b59f29e863cac
SHA1 d0e19430c99c140dda4dadf206d487cf7149cbb3
SHA256 36f5a259b868f73a395fd60dc359f63332e3de758bd4946f836a5c93c3370d46
SHA512 cec71f055b165c717d05a7fad94804bb01d1702d70cf5adfa890bc6d44037ff1dca91185e042d656ad9e25ff0954f317d831b8a6cd1f06e2e697967708389b6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\global-8f2b2d4c7aff[1].css

MD5 1be523bac034abaa378b67806ef01ae5
SHA1 13577f9fe88ffe60e2983bbea7b773c5163a4e3e
SHA256 041e5c6ba3c4dd331dd6967ca2e3669a3c7d2b2455c06656c2c2e65676589a33
SHA512 8f2b2d4c7affecc64f5079f6abf50d90f87ceea1643665e3730eb644ec49706623c6f367566dd3fbc5c6110d3e4a907b387c2e9a68ad072ec21872da880d70f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\vendors-node_modules_optimizely_optimizely-sdk_dist_optimizely_browser_es_min_js-node_modules-3f2a9e-fc88059edf41[1].js

MD5 7528cb3c6d2f4e157f284598427c9d77
SHA1 9284a13a46b40b5fba1d820ef5f3e84f943c2e72
SHA256 bc1269d6d3f2e936f729b04a73578432787ebb4ce737b9e05b167a029ed3eaa5
SHA512 fc88059edf414704493eac1e8b64a1a21665de715c404f57e543e6485aebeb4aabc4b586bb4acf9e141c8149c3fd76e815767df1570bf1ac5b0db12f05400f72

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\optimizely-88264c7905d8[1].js

MD5 e16477ffdbed182f428d984027e4bf95
SHA1 ccfa2b4acc1bad75764c78ef6282a687b91df3c3
SHA256 f740960a4fdaecda0672e08c889bb56c55fc948978f63aada9b1becc592f4807
SHA512 88264c7905d8ffe38490d7eb16c30e4428f19dd543c2d6276188aa8c688b790d6b16f14ad3c5c09f10a9ddcddcefd2d6df3002d880bb893932f43d6d9628522c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\MEMZ[1].zip

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\MEMZ.zip.yf9t45m.partial

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 9d7d180f2de0b32edd9f9ba978b4eb0d
SHA1 9bf1008285df462813b1e16c7f8076cd51845ea9
SHA256 a15a3c7ba09d8274c9ac4af92269a12079065383d57b0db0fae614a2936ef64b
SHA512 77b7b8f810d51f1923a41838cfe1fde471b03bd65e571e422f9c8ed8eb00191e536a61d4f82f42c27c03df87d4e497abedef00156e24bedbc57f9f465e0bdf68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 b1f5098f0487387e494d3e52e45a3ffb
SHA1 b88cb5961b03aee2db8821b8253129d6770ca23b
SHA256 c6984a7ae563f1e5903fade62c0ce1bb58c722b6df2a6791e2490d7ef49463ca
SHA512 2deb9198c349b8904e43fe11afb943cc273db61856542d307e2358f6fe531313f125ff22a494dcb37b87e406db08c92030982c3f1407942b625c22405be70648

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TLJZEAIH.cookie

MD5 b731b55745fe543e6ffb601d9d085fd2
SHA1 36487ceeff89d8f509bd81195b0e61fbc63f0302
SHA256 3fd5daaab15110964a4c15a6fd7041c43de879d9175fa8df5a6018c5d007b481
SHA512 fc1b3d2e0adfffa9695fc0f4741729f81adb3f1cec03866e4e44c81277a1fbf0397ea093a3e551942a2072d5c9e553d9241aca34fc645ec8d7c52c68c573d40e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Temp\~DF1D9054D57EAFBEAE.TMP

MD5 0a197cf75ff2f46207e715015aed96b7
SHA1 f053673c759d7f40c5914f5f1cd090271684dade
SHA256 046004ecde4b8156c03f7083a3f7a88839c3df3a72423ae2fea49b7a1e72f96e
SHA512 ab879959f87e80e6904d19bff196b2ad92d5aef747da3721729bf685bea7e05af9c35b21002de75a1138d0f6b463274dec8777e35cd080d8ec60c70ad28fe001

memory/1932-683-0x000002F245720000-0x000002F245730000-memory.dmp

memory/1932-701-0x000002F246000000-0x000002F246010000-memory.dmp

memory/1932-720-0x000002F2458D0000-0x000002F2458D1000-memory.dmp

memory/1932-722-0x000002F245950000-0x000002F245952000-memory.dmp

memory/1932-724-0x000002F245DB0000-0x000002F245DB2000-memory.dmp

memory/1932-725-0x000002F245DE0000-0x000002F245DE2000-memory.dmp

memory/5032-747-0x000002955A070000-0x000002955A072000-memory.dmp

memory/5032-749-0x000002955A090000-0x000002955A092000-memory.dmp

memory/5032-751-0x000002955A0B0000-0x000002955A0B2000-memory.dmp

memory/5032-753-0x000002955A0D0000-0x000002955A0D2000-memory.dmp

memory/5032-755-0x000002955A0F0000-0x000002955A0F2000-memory.dmp

memory/5032-757-0x000002955A2B0000-0x000002955A2B2000-memory.dmp

memory/5032-760-0x0000029559A60000-0x0000029559A80000-memory.dmp

memory/5032-764-0x000002955AC20000-0x000002955AC40000-memory.dmp

memory/5032-767-0x000002955A9A0000-0x000002955A9A2000-memory.dmp

memory/5032-769-0x000002955ACF0000-0x000002955ACF2000-memory.dmp

memory/5032-771-0x000002955B2E0000-0x000002955B2E2000-memory.dmp

memory/1932-782-0x000002F24BAB0000-0x000002F24BAB1000-memory.dmp

memory/1932-783-0x000002F24BAC0000-0x000002F24BAC1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G3SWBQIX\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

memory/1932-799-0x000002F245970000-0x000002F245972000-memory.dmp

memory/1932-804-0x000002F2458D0000-0x000002F2458D1000-memory.dmp

memory/1932-810-0x000002F245820000-0x000002F245821000-memory.dmp

\??\pipe\crashpad_4372_PZTLXNCTQFPQLKHH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\810424605.pri

MD5 a2942665b12ed000cd2ac95adef8e0cc
SHA1 ac194f8d30f659131d1c73af8d44e81eccab7fde
SHA256 bdc5de6c42c523a333c26160d212c62385b03f5ebdae5aa8c5d025ff3f8aa374
SHA512 4e5ba962ba97656974c390b45302d60f4c82d604feb6199d44e80497a40d0b0a9fd119ca17ac184809ca0821ab6813292892c433ed7277f65c275f37a96070b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\3877292338.pri

MD5 0d02b03a068d671348931cc20c048422
SHA1 67b6deacf1303acfcbab0b158157fdc03a02c8d5
SHA256 44f4263d65889ea8f0db3c6e31a956a4664e9200aba2612c9be7016feeb323c0
SHA512 805e7b4fafed39dec5ecc2ede0c65b6e103e6757e0bd43ecdce7c00932f59e3e7a68d2ea0818244dfeb691b022c1ccca590a3f4239f99e1cd8a29ba66daed358

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4942e39a012d5043065575d64bdfb757
SHA1 fe72c3c9f598345e3153393363d95a99831a89e0
SHA256 c8530d4c59cd40d4294e89319c5acbfa75e0ca48e4c7d07f0da77b58e6e14b6d
SHA512 c82daf39c37d328123ea250b8a58fd3d64c9ce7b162ad3dcd32caebb8451b21afbcfb8208cd29984b7e4556d9ec953df7ff1d556a2da2bdb04c3aa33ca4a0333

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 768ac1bd8911606263a1443a31fbdf8b
SHA1 6fa4da194a2f5f82fe0f0efc5d5195059e7e51b9
SHA256 aa470bbfbe5269a7d67896e7cfb102d1eeda32880b49cc678be2bccefc38b74e
SHA512 e5a00c0bd6fefe6e507fe0e276627b61a684dd3a0818b76160ef3c4246522fa4bda92d45e217d3b8c6e478c3218409a3ad6dc746740855634dbab44008b8f89d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 751b25eeece05e7f5a28d6687b5eba32
SHA1 93151fd63cb5ef77e61e6d83597892107a41032e
SHA256 39968f3577737c6d5588726b7b4f05146ef18de557bace4dab3c3214f45e329a
SHA512 a27c151d96b85042fcefc158189fc1adac56aaa025557a9b3f4d8498c341213bf833eee65b0bb999c748fbb647bacff32d156e066aad5366813b322027c95e49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 92c221522f377b5317c85ad8d0ab0966
SHA1 020dce5a863b89254d62ee714732243042ba90b9
SHA256 d36a4bf2e8d912756b021f4a8df13a4d3ef706d4aff1e2d6f0c535d74a2ed859
SHA512 0508a6eca2d945ee3651c3732ee0ed77b9a30e9059d5236c2ed30e2bcc3468b146fce4c86afcb9d4866298b8d365a9f2362e4fd69631a9608482a2dc9569b3df