Analysis Overview
SHA256
55e5131f01e0b4db477326c27139ab59c61f33cceb5de503e874197d23d37ad0
Threat Level: Likely malicious
The file setup.exe was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Unexpected DNS network traffic destination
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Uses Volume Shadow Copy WMI provider
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
NTFS ADS
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: LoadsDriver
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-10-26 21:19
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-26 21:19
Reported
2023-10-26 21:49
Platform
win7-20231023-en
Max time kernel
40s
Max time network
20s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "powershell" -ExecutionPolicy ByPass -command ". 'C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.ps1'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -command ". 'C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.ps1'"
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule "name=Adobe Unlicensed Pop-up" dir=out
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule "name=Adobe Unlicensed Pop-up" dir=out action=block remoteip=18.207.85.246 23.22.254.206 34.193.227.236 52.5.13.197 52.202.204.11 54.144.73.197 54.227.187.23 107.22.247.231 enable=yes
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c IF DEFINED InstChk ( START "" "C:\Users\Admin\AppData\Local\Temp\..\Set-up.exe" )
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
Network
Files
memory/2336-6-0x000000001B290000-0x000000001B572000-memory.dmp
memory/2336-7-0x0000000001F90000-0x0000000001F98000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.ps1
| MD5 | 77a8d3ca91cdb8259c205891832d40af |
| SHA1 | 0635077ff4a866b672756b81a0835bf03d860775 |
| SHA256 | 4954c3748da152bf700dda3606cfe618dfa3c2e6747be47f486a89336c3c6773 |
| SHA512 | 5b9247422f563534baca73d967a461dff3292f17278020fdf94bea3bb683e16721d57784017aae09d0859816198c38ced5c0fe5e5b7c3db0c0ddf07ae26d1fb4 |
memory/2336-10-0x0000000002670000-0x00000000026F0000-memory.dmp
memory/2336-9-0x000007FEF5930000-0x000007FEF62CD000-memory.dmp
memory/2336-12-0x0000000002670000-0x00000000026F0000-memory.dmp
memory/2336-13-0x0000000002670000-0x00000000026F0000-memory.dmp
memory/2336-11-0x0000000002670000-0x00000000026F0000-memory.dmp
memory/2336-14-0x000007FEF5930000-0x000007FEF62CD000-memory.dmp
memory/2336-15-0x000007FEF5930000-0x000007FEF62CD000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-26 21:19
Reported
2023-10-26 22:02
Platform
win10v2004-20231020-en
Max time kernel
807s
Max time network
1058s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 205.251.196.135 | N/A | N/A |
| Destination IP | 205.251.196.135 | N/A | N/A |
| Destination IP | 205.251.196.135 | N/A | N/A |
| Destination IP | 205.251.196.135 | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\System32\vds.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\diskmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\System32\vds.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000080000000299f28dfbbee9e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000299f28d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000299f28d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000100000000000ffffffff000000000700010000f87f1d0299f28d000000000000f0ff3a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000f0ff04000000ffffffff000000000f0000000000801d0299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010003b0000000000e0ff04000000ffffffff0000000007000100000800000299f28d00000000000010003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\System32\vds.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\System32\vds.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000299f28df8defad70000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000299f28d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000299f28d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000100000000000ffffffff000000000700010000f87f1d0299f28d000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\System32\vds.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000080000000299f28dfbbee9e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000299f28d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000299f28d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000100000000000ffffffff000000000700010000f87f1d0299f28d000000000000f0ff3a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000f0ff04000000ffffffff000000000f0000000000801d0299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\System32\vds.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000080000000299f28dfbbee9e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000299f28d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000299f28d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000100000000000ffffffff000000000700010000f87f1d0299f28d000000000000f0ff3a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000f0ff04000000ffffffff000000000f0000000000801d0299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010003b0000000000e0ff04000000ffffffff0000000006000100000800000299f28d00000000000010003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003b0000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000003b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\System32\vds.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\RegFuck.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{E1CB9B34-96A7-45BE-8DA5-D67E881A5A83} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 546872.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe" -sfxwaitall:1 "powershell" -ExecutionPolicy ByPass -command ". 'C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.ps1'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy ByPass -command ". 'C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.ps1'"
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall delete rule "name=Adobe Unlicensed Pop-up" dir=out
C:\Windows\system32\netsh.exe
"C:\Windows\system32\netsh.exe" advfirewall firewall add rule "name=Adobe Unlicensed Pop-up" dir=out action=block remoteip=107.22.247.231,18.207.85.246,23.22.254.206,34.193.227.236,52.202.204.11,52.5.13.197,54.144.73.197,54.227.187.23 enable=yes
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c IF DEFINED InstChk ( START "" "C:\Users\Admin\AppData\Local\Temp\..\Set-up.exe" )
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9e146f8,0x7ffcf9e14708,0x7ffcf9e14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4c05247eh6eb2h4918hb0bdh89c9d6e810aa
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9e146f8,0x7ffcf9e14708,0x7ffcf9e14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9528892269892684700,2006164169098888218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9528892269892684700,2006164169098888218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\diskmgmt.msc"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
C:\Users\Admin\Downloads\RegFuck.exe
"C:\Users\Admin\Downloads\RegFuck.exe"
C:\Program Files\Java\jre-1.8\bin\javacpl.exe
"C:\Program Files\Java\jre-1.8\bin\javacpl.exe" -tab about
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel -tab about
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\01368d5c45a14b7587cfead6fd139d1b /t 5896 /p 3168
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd00779758,0x7ffd00779768,0x7ffd00779778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd00779758,0x7ffd00779768,0x7ffd00779778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd00779758,0x7ffd00779768,0x7ffd00779778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd00779758,0x7ffd00779768,0x7ffd00779778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11095840377123272537,15381671568638233814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.209.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adobe.io | udp |
| US | 8.8.8.8:53 | ns-1159.awsdns-16.org | udp |
| US | 205.251.196.135:53 | ns-1159.awsdns-16.org | udp |
| US | 205.251.196.135:53 | ns-1159.awsdns-16.org | udp |
| US | 205.251.196.135:53 | ns-1159.awsdns-16.org | udp |
| US | 205.251.196.135:53 | ns-1159.awsdns-16.org | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.196.251.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 131.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.techworm.net | udp |
| US | 104.26.14.95:443 | www.techworm.net | tcp |
| US | 104.26.14.95:443 | www.techworm.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 95.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.cloudflare.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | ia803403.us.archive.org | udp |
| US | 207.241.232.193:443 | ia803403.us.archive.org | tcp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.232.241.207.in-addr.arpa | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.17.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| NL | 104.110.240.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 104.110.240.59:443 | th.bing.com | tcp |
| NL | 104.110.240.59:443 | th.bing.com | tcp |
| NL | 104.110.240.59:443 | th.bing.com | tcp |
| NL | 104.110.240.59:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 59.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| JP | 23.207.110.184:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | 184.110.207.23.in-addr.arpa | udp |
Files
memory/4588-7-0x0000019865230000-0x0000019865252000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2oyzmuhp.rrg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4588-12-0x00007FFCFA270000-0x00007FFCFAD31000-memory.dmp
memory/4588-13-0x000001984CB50000-0x000001984CB60000-memory.dmp
memory/4588-14-0x000001984CB50000-0x000001984CB60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.ps1
| MD5 | 77a8d3ca91cdb8259c205891832d40af |
| SHA1 | 0635077ff4a866b672756b81a0835bf03d860775 |
| SHA256 | 4954c3748da152bf700dda3606cfe618dfa3c2e6747be47f486a89336c3c6773 |
| SHA512 | 5b9247422f563534baca73d967a461dff3292f17278020fdf94bea3bb683e16721d57784017aae09d0859816198c38ced5c0fe5e5b7c3db0c0ddf07ae26d1fb4 |
memory/4588-16-0x000001984CB50000-0x000001984CB60000-memory.dmp
memory/4588-17-0x00000198652B0000-0x00000198652C0000-memory.dmp
memory/4588-18-0x00000198652E0000-0x00000198652FA000-memory.dmp
memory/4588-21-0x00007FFCFA270000-0x00007FFCFAD31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_1072_QXOHDUSVFVJUVQKG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3e42964d-b863-441d-8e53-43e30b5769bd.tmp
| MD5 | a206a332d57d926092defb974139f09b |
| SHA1 | f18a90ff07926ee6630141a02624ec7a3e1d8fdf |
| SHA256 | 6a7d45a6a8cac2a4fefb4efccaaea15d84c7cd24d96e9f7cf9114491d75eee24 |
| SHA512 | 9bcdcb917f0a613479a5404c2534854edd0c38bf2aa0850dc0a9ef3ec4d5294d6a5cc6d85b6e90302be896a0c0cc117edbd363cf90afaae70a20b9a153b18611 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fc094825554ebf1b61d476bec9221509 |
| SHA1 | 4866352f5701d8833b419c4469fee55becf9694f |
| SHA256 | 1e8a1aba374d5b9ed6f808dd3eb11039a8905655c9eda4fc91e5d3d52c50d081 |
| SHA512 | 9c3f16c7e94d99015c0d3d90a44cc61233919dc205418dde24fc562892b11faf293a517d87d213c0d0fa915f62722857a2a8bd6ff1d8ffbe6abdd4d119da2aed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96cf44c1f2797ff5ecf8483783c3bddb |
| SHA1 | 93f62c9539488e0b19413a35ec6d5c86fce1dd57 |
| SHA256 | 89acc3206af517e4e7959596a6ac00d504840fcd83010855a3e4d132a2f77f3b |
| SHA512 | f88c27842117da9c30f76695b81b212b9d185a6ad8c5413e3732478abab50375142f142ade5157334fb69d4e01dd4ba27b2d46389c4649a991b5918a3a25ac57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e05436aebb117e9919978ca32bbcefd9 |
| SHA1 | 97b2af055317952ce42308ea69b82301320eb962 |
| SHA256 | cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f |
| SHA512 | 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 20e29a0c1d34ea8f344bc6fbe79879f2 |
| SHA1 | 393da7126113c972bc677d6ee54fe20b88167ab2 |
| SHA256 | 615c0743fb37e27da2b564015aabce06b4797bb8bdd2a92964aab4188173b4c4 |
| SHA512 | c2e96cee1e7ef001eaf729816da20dbf62fb326d68e1dfb5cbe8273d2d2fc06fc9dcf30e97f764464b578db01a58764df9072649f65613047365b26113c5b347 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 05531fc19368c8f9bc74de3ec47acb9a |
| SHA1 | 2974120cd4c54f9fabaa306cd77250f6dcdf5370 |
| SHA256 | 82f5b2f00a4772c3a7176b17ae3b24273416825e5be7e6070eeccb79c9fbe12b |
| SHA512 | 92db7d7b2f8c4606f5d05677a80293be3666dbcfcf272ab2beb18c2bab969eb5890860c25eb26e7bc1e27b8dabe8aeeede5b3f7f92e44c133efa7b9a57c29ebe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009
| MD5 | aab2532f8363e63359dbf0c31981f57f |
| SHA1 | a21523eb85636a0455977ffe525260a1a8568043 |
| SHA256 | a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13 |
| SHA512 | 7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\debb6f67-3464-4b61-aca5-6100219a5db7.tmp
| MD5 | c1348d2775bed2d049d466beb617beea |
| SHA1 | 828e3ff9a9975c59a0a4a5960c2967cdc84541fa |
| SHA256 | af20d8d5fe7d8959aedef144bdfcdd03917d903ae3359b4789c464fef099ff47 |
| SHA512 | 6a5f3c74518bd24539d553ea72cc9b5e02302c6b87fccccb825c203d1508fcf5aeba2c133cb6972cd58f45b28e57680bd7d5234e536db43d5a83dabbd6705cbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7c165a790a0abf1bf0451346f54cb17e |
| SHA1 | 51ec655683d3b32b226057aee7e26ff4091166d8 |
| SHA256 | b43a4ee626251733828eff29d3af0687fce559b6dba36e1788d050cb1049bafa |
| SHA512 | c988c40cadd7bc7271d98a26b06ad02d107c6285a4b0a9f86dbeb1bb54344d4fc8a042f501b661c7008729d9c6525e567f6856b9e06577ae6d7dd7e8c853fc26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 31d3df2d462b89af98e90d19a7d9557f |
| SHA1 | c74b9cbfc3567ec9aaaa59cf1f327a31fad76e6b |
| SHA256 | baa43ac6268aa46eb13d3ba7bac2248a0533eb6ee2417b02f7c9f84c7f514aba |
| SHA512 | f44110410a8749d5886087dd8dbf7a7ebc704fc956e7f3ba0fc70aade6968bcc76f9c9263b2b1298d33554d22a5ade2055913ce5268a9e3a73b036a97adc40fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a18b9.TMP
| MD5 | 0beaa5baba7775c8e8cc65cb48b68c68 |
| SHA1 | 5f0cac9bbf268039a27fe7539e629cbca918a126 |
| SHA256 | f00c7e7dce74a3eb83fca45154af7bd6056a03f33ea2aacfa9906dd6f211d585 |
| SHA512 | b95e51d38c59511cb14a56714956c12ac6a5b02621b2e6d3ee9145eff1b283ea7e4c991bd202c084c016d04a8979a3f538999c7ac2e93f90dc300e2d778c8947 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a634e918de33f9b85758ec787f88d76d |
| SHA1 | 26ae48902d647862f85b070f7e7305ed2055cd3b |
| SHA256 | 17a97a17b2fa09ab730af887bfcb41e170286484afbb0ee206118c3806c17b2e |
| SHA512 | e9ab8778f1a79d695ab12e4bdff4ab9b27a564f55ad54fd4bb3ae76be449c3b759c8c2f62851ce50a3f8e45e3ca171b21a7c1400516800166ae987e4898c59bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ec4c8804cbdc36e4609e3f57fbdd4b1 |
| SHA1 | c2e15304888f7380730b4222a5ca9261cbb5b0f8 |
| SHA256 | c7ce89510627d992102ea991dfb5ec170bc19cc8443cb3e408eae2cad9b9aa2d |
| SHA512 | d5ab3e26dfb5dab6b4a3a41112662f5724e18765c68d2bd4541924882bc69d96f80d808d454f4b3565b922a797a58c12be0a526eec00086135575a112d8a6bad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c0d190214431abeff7a644e6f967c9c7 |
| SHA1 | bd3f20a0469f1f5e3481a68d63ecf1700a55eb15 |
| SHA256 | b6fc213e35eb46400e600c9ba3709cfd566217f633d0a3024e3820ea1a57db2d |
| SHA512 | a6d72b8340b3acacf351b15b58c668102a50433d8ff3e208c712433d38d94c98e9b6765873503710575948167424fe70a81d0a370a16fe37e15ae4e0633650bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c0d190214431abeff7a644e6f967c9c7 |
| SHA1 | bd3f20a0469f1f5e3481a68d63ecf1700a55eb15 |
| SHA256 | b6fc213e35eb46400e600c9ba3709cfd566217f633d0a3024e3820ea1a57db2d |
| SHA512 | a6d72b8340b3acacf351b15b58c668102a50433d8ff3e208c712433d38d94c98e9b6765873503710575948167424fe70a81d0a370a16fe37e15ae4e0633650bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7baed7dbaebe7ebe64d4a2118f0db531 |
| SHA1 | 9660ccead44db85a9759ee638ec27eb7a10d81ba |
| SHA256 | 6f10af0edbebcd9d5b1b08d117bb82c6640eb469dc0741aa6883b58a56da686c |
| SHA512 | 049d90852fd2af22b831fc87bd6aafe5eba4cb645331b566591aa09843d474dc1bbcefc54bd34e0577013ffa1ad0208df898d293f16ad67a70adfbae2a49b5f8 |
\??\pipe\LOCAL\crashpad_5360_VDEJUFYNYMWKKZHD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7dc78f146e3aef412c7bab08828fb84e |
| SHA1 | c2fa89e797c890afc3a7018915df0d2fa0f16817 |
| SHA256 | 0a10b3b982be3d9e33c985910b132e962c71aa30de7249cab5da9cfba0421915 |
| SHA512 | 79a965a2ac140a1a473966a17d56ab146f57b52c21ffacc7e826445d99a25adb2fcde1560915a8eb4b87500bd903a3803d305bfbc31ef9dc4e9069d8b3faf9f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 29f5ff314484bb2c52e5b9759cb124b1 |
| SHA1 | 7a11c1a721c7aea142ce829d403d10594a87a75a |
| SHA256 | 15c8b0048851420a71a032dee6a99c648b7afb80587013ad57fd7d1775d8d6bf |
| SHA512 | a47b70a868982bf1498d1c17c08f365a830a46d783e3a2442da08c272ed9c760ac8a1283dc329f2818e5ff959c9bee118103aad2b8e72c00b47eaa72c9c8335d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 0e8ce49f6c0be17b2c82f219a2779600 |
| SHA1 | 8d0d98e05cc5c35c2304e996a4d8d476fd69ebdb |
| SHA256 | c0ba0fb9b1ae4001ea374b3200ded32c80eeb5d13e57bde4037bcdd2639bad25 |
| SHA512 | ea7e0612055c6fc1e5c39515867bc6a85f0d8eed4332ec0d732fe079bd7ec63166814648b73a16cccf72f1b4fb444a3992c0a94e9cff4f97763e2c9d85eaf242 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | d94e0e0a05b178d5f668021e14c7a1d9 |
| SHA1 | d28e00ff7663ba19bc80a379643ef1cb20b4d2a6 |
| SHA256 | ce471ce8016410f68616f0b1f122fc43f2dbaa7fd747877fe19955f492c630e2 |
| SHA512 | aa62a9b26850343db5b05ba623b1db75281ffefd7d5b168fd1a4a85c28655b1f3f900edfab3ac57ee7c4ace83769265c9a44d7b19b1b0e9c7fd3e11dc6267831 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 45a177b92bc3dac4f6955a68b5b21745 |
| SHA1 | eac969dc4f81a857fdd380b3e9c0963d8d5b87d1 |
| SHA256 | 2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb |
| SHA512 | f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | c86991f008c5297f7b9ef145cd855c3b |
| SHA1 | 8079fedc592fdcabf829fc5f7ae7a5c071fa9022 |
| SHA256 | 689b1d7fbbe1de4757b2cb2a14081d6ad20de9e42269d8040c707de815e57f64 |
| SHA512 | aa52699578b0ad08e61748ea5fd4a51e40d1d2f8e00d6b645aee49bf0bcd1eb1de558de0a52fbf39b7da435aeb1775f4f2725cf664cd2e0c660ee2b6b507bde7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93a93c0130112235f5fcfaf3996180fc |
| SHA1 | 86fdc17cb694c112093bd0dd52fd12c0e9f9cff8 |
| SHA256 | bbe09012cc7fa5becc561d1aa421bb0cf02b385e3ff6fdfa7b7b39753d1a1a8f |
| SHA512 | 2d14073223dc1e3b8506be4352e6f7cdf35fee42bb95e01bdcff6c464c6b29a08430cd1b72bd0f5ba4a19029ccf66246b79a797a6db070ad0170165673d21cfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 492e0dfca7f8e530b33eccd7c8fdad9b |
| SHA1 | c29140117cda3b467c76ec80978b65c12a66f70e |
| SHA256 | 5085ad9ea40966ecab06179e973fe0454e826c8c21fee0e087768f4f83e81554 |
| SHA512 | aedb76fd6f896731a641a0acce48fb739c44b5ae5f770468d3c55a458bbce94bb44a4507e2949f7f7b5b5ed29e67b877df220df58588b1657599b8366e96a3fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f672941448750963c0ad00e95592d6f |
| SHA1 | 6e718aca5fa176382627bd518ec78b63a7e090cb |
| SHA256 | 132672d9fc02a25339826b709c57ddbacb4a8c0c892c818c3e2e5f6488542991 |
| SHA512 | 8ebb62a8e9902df6c2c7439fce3c774c73bb5f1a962b8d452cd6f2783d6c050e005a3e12985f82e6f7e85a76c9fd6536ef1150c73747788f13b24549597669d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | e7ace289d808f8d9887b8318676ca1fd |
| SHA1 | 11b4a96e6ba4cb77580a7f476c999487b261dd68 |
| SHA256 | d21836a0cbd21fff056be2bacc5b55582ec1e310b55106082677dde0d0079eef |
| SHA512 | 848cb7419f2529d886f8f41bd1281789be03bfbafb0c4fd3a1f684421bbea8d6011414369d297d186bc4b948bfcc3c5d35c7c92f872445b2e308ea5c5732edb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 2c52b6d959f4b8c3588dfa66f3fe1099 |
| SHA1 | 23458335ee3c966abebccce8ce693dcd6ba993be |
| SHA256 | 687468de68e4beeabe7e2541ac1addd2a0a1975f17cd551e0f2fe5fa466c5931 |
| SHA512 | 0f5f8c4397b53500b9a8b2b86e660188dc67d27d31ba3c53f85d58e300a2b7b8a7486fbbf3eca969f409c261f2f766242828f8d9e55df17f187e0e768f5c17a5 |
C:\Users\Admin\Downloads\Unconfirmed 546872.crdownload
| MD5 | 51149066a9ad438c816619ef0de7a0bd |
| SHA1 | 4f153e673d3f3763f3881eb969034bc5e0d8530b |
| SHA256 | 5ed108674b29709483871f48c307a11739c0c5bfe834770e348a5ce939e89032 |
| SHA512 | 388f3263bfe6657a9d7bc32d49994294530cecfa172a1900f3a89d71215be38218d7168b4d6315f73089df3ab169d949d7db870097dbb1065663b557e5ad6928 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 808e4f9883b3ddb81c1d31636afb1554 |
| SHA1 | 77f8006821a8b2f95705ddc23430e93e4df3b7b0 |
| SHA256 | 62a8039b2018d662c0f9bfeedbed57e4391ccf4cb569e79f5d9abb35c45fcc6c |
| SHA512 | 8287357db57dfc17967dd606a7122290ab05654e9d7c764435ab844b1fd47ef5dcf442a3258d865fd662b27fc194c1b5c97b7299ccce0484024a5e97328330d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7fb3877f8338d0b8f673eaf5cc6c4800 |
| SHA1 | 2c92b4703221bf807d197c9014274a79d925572a |
| SHA256 | 6b675e2fdce5e71607b0f95ebb2bfc69a1b9a14243813acbfdf47b9c57c0cc1e |
| SHA512 | 4018f44e815d75d1df843542171aee8076f6a0f75aba95770d3b4e24b06035ac5ada60a3ece262c736be30f86e15f01d5089519bb10dc50ae238575cabe2f355 |
C:\Users\Admin\Downloads\RegFuck.exe
| MD5 | 51149066a9ad438c816619ef0de7a0bd |
| SHA1 | 4f153e673d3f3763f3881eb969034bc5e0d8530b |
| SHA256 | 5ed108674b29709483871f48c307a11739c0c5bfe834770e348a5ce939e89032 |
| SHA512 | 388f3263bfe6657a9d7bc32d49994294530cecfa172a1900f3a89d71215be38218d7168b4d6315f73089df3ab169d949d7db870097dbb1065663b557e5ad6928 |
C:\Users\Admin\Downloads\RegFuck.exe
| MD5 | 51149066a9ad438c816619ef0de7a0bd |
| SHA1 | 4f153e673d3f3763f3881eb969034bc5e0d8530b |
| SHA256 | 5ed108674b29709483871f48c307a11739c0c5bfe834770e348a5ce939e89032 |
| SHA512 | 388f3263bfe6657a9d7bc32d49994294530cecfa172a1900f3a89d71215be38218d7168b4d6315f73089df3ab169d949d7db870097dbb1065663b557e5ad6928 |
memory/3732-889-0x000002225B5A0000-0x000002225B5B0000-memory.dmp
memory/3732-890-0x00007FFCF4850000-0x00007FFCF5311000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 943967c0ddf8e7b2a218d013e29e9a28 |
| SHA1 | 36c1504a899ccd911f01695403d9f254f97ab523 |
| SHA256 | f6ce3e8a6916290113656bcff71b264294b270f5ba92129836af3926dccb4c33 |
| SHA512 | d9af43ef2e4ac69c3b7342940ad5df168a07be97b89d660ff77643c02c2899e9343314b1adf12230a72af74ffa6177c2f5dcb36c3358df10349e5bbac1687f6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 825c00bad9995ce187e21a9daa8a456b |
| SHA1 | c7137086d521bf6c04d88e46bd6a278f2a8ac1c5 |
| SHA256 | 848782eb7055eff4f494e5e3772cc9c6fd8fb651b0c09bbfff30da3b36da019a |
| SHA512 | 2aeee96ca05ab94d664961cb1660827f8edc5a5881d0e0ac5c6a0ea8ae0c53d5938cb8ae6645123f4a111ad90f0459f3b331c628c94c9a3c86fb584a9eb5e7ee |
memory/3732-918-0x0000022275CD0000-0x0000022275CE0000-memory.dmp
memory/3732-919-0x00007FFCF4850000-0x00007FFCF5311000-memory.dmp
memory/3732-920-0x0000022275CD0000-0x0000022275CE0000-memory.dmp
memory/3732-921-0x0000022275CD0000-0x0000022275CE0000-memory.dmp
memory/3732-931-0x0000022275CD0000-0x0000022275CE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ef7d7d012180fcc812a440d429ed705 |
| SHA1 | 445e418560b9c99adaca8b20ce669932780190aa |
| SHA256 | 7d4bd946a52e1499e528b6a1d13453badbbdb8ec39a2857ca6944736169da986 |
| SHA512 | c29ac70972918df723eb6b117b66491211c0411fbd56d2a2d0e8fa793aeb157dfbc6c32e97b4248c9a8ceda30dcd6177ed723bbca954a762630798e34ad8b919 |
memory/3368-945-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-951-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa3aac1bad34a6b3c84395f01c140e1a |
| SHA1 | 9f671a1d7af8c3eee06fd742202d181f4e4324b9 |
| SHA256 | a72f0799c0a58181074cc2143fbd144975abad3e9956170723f357eba946410a |
| SHA512 | d5e0f1e2fee68f79dd73b5fe2d7ec11d112c241af3b3b019684fc0805d6cc41c9258080a9e8d110871ba08c872bc1177dadf633a308babaed8d53f39e06ae793 |
memory/3368-967-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
memory/3368-969-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7779fc5565faa6a0f4406f4caeeda4d5 |
| SHA1 | 28c672ff290c5afea372294c6752b56f684c7ec6 |
| SHA256 | 0451da055832f1d458881f5ee30034d8c078e9c51332399c8fdc67d4744816ac |
| SHA512 | 408c54416604e4b54d9651fb6b7f8a10041b2118d15fe9ab6294351f3ab361bbef5110d0b629bc8fd31728f094c4bcea613e1b5e544ba4d4fb61faf8636ac2ae |
memory/3368-1002-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
memory/3368-1003-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d436272349a02fbea97ad845e35c6ef7 |
| SHA1 | b00504d23bc23ccb02ab5ee52c95f79c2d44a955 |
| SHA256 | db67f88d5b43388c754539ee4fe96fe968b22c88e374e1316b603f5e0c408ff2 |
| SHA512 | 754ab5335fe9658570c7ffb309a91b88f00fbe2b1e74dcc6e64d0e6a38e91c023a6774f7cd19e054530d778a9b99f59b98c8152f6c4fe1399df7ce0909ada947 |
memory/3368-1026-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 474cd1591d8bd634a871b3d7bd6dfb60 |
| SHA1 | a206f7916c4fca4a7d97ab13e049e5d16f04a166 |
| SHA256 | ee79042e5d6786f46b3804a041c4a8ef96c6bce17b76304e040e265f15e77344 |
| SHA512 | 9d5c4e02ac1b10b740d3bc41bc5e67b3d1b4513c523dc53d97fe9141b7a15b1562c5a581c29a165032093bcabf444d93099da9b9c340b6c0f5f8c3ba737afcdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\20d11932-5ece-4978-bb22-1753ac6c85df.tmp
| MD5 | dce3548ce31f1360cf2a31a52d90f114 |
| SHA1 | ab025b2594174a3460456eca1373e4ca29396ab0 |
| SHA256 | a2c1c86540cb46e88e50c782d03f58a49f4da68fc5e0484fefb8b4a2cc4b2487 |
| SHA512 | 66885b76479cf4febae2877f38a69e4f846cce557c0fb21c8db59d90c6072f5560503ddbbd3c371f8c455d4f9b5481f4b845b7bc8ae6dfa277cee5ee2d9b05d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7c1df8898c501b784b98d4d1ff9b2be |
| SHA1 | 2363d90f21b8d3f29fd0ee00dae071e753e5729e |
| SHA256 | ea03cd302034dfdd26458f8d4b894a7148a53cda1be945e23d1396e6139c7c6a |
| SHA512 | f324597e5e2e856e2bfdf9009e311dd24b88f00e3eb8d1bc2ef4a3eaab32d8b8effb0aea8e6fd395e05a6696a590a0d20f186edb1bc0c28608463d8c78cb9953 |
memory/3368-1068-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
memory/3368-1075-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-1078-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
memory/2164-1084-0x00000000040B0000-0x00000000040B1000-memory.dmp
memory/3368-1086-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
memory/3368-1100-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-1106-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-1110-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-1111-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-1127-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
memory/3368-1140-0x0000027AEC9D0000-0x0000027AEC9D1000-memory.dmp
memory/3368-1152-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | c093a694d134a52674da64a3172f5faf |
| SHA1 | f2e55715cf3f0b24a8610a785ac7b629cb4b2782 |
| SHA256 | 67fb130d8240322089abd3049f6885922b8d2c9c1d7240787aa4359271ec6b91 |
| SHA512 | 9d111ea3bbc536aa5daac5293099728b0c71ea4143b5e2a0116596e43958ccc972eb9006baeb7bfe77a52a57d2cdd8a064a05e7739629738e948273718cf07d3 |
memory/3368-1162-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-1168-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
memory/3368-1196-0x0000027AEE1F0000-0x0000027AEF1F0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 7accc65a616f1e84aef19c211dd13950 |
| SHA1 | 81046e66fbd29e4176ce4f816e9e8730f84b5847 |
| SHA256 | f444b4ede4cf0be27c8912b34cfb115237b892725a9d4fced3347141de251bb5 |
| SHA512 | 812467797d8870d02c26578fa0ea2dbfd0da81ddd8a9999bc4fc7abbaee34aca89936c443f74f8e62200ca1c8ff2386421ea449f2b35895843d9134b4d6a6c6f |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 7accc65a616f1e84aef19c211dd13950 |
| SHA1 | 81046e66fbd29e4176ce4f816e9e8730f84b5847 |
| SHA256 | f444b4ede4cf0be27c8912b34cfb115237b892725a9d4fced3347141de251bb5 |
| SHA512 | 812467797d8870d02c26578fa0ea2dbfd0da81ddd8a9999bc4fc7abbaee34aca89936c443f74f8e62200ca1c8ff2386421ea449f2b35895843d9134b4d6a6c6f |