Analysis Overview
Threat Level: Known bad
The file https://rodhigital.com/ambalwarsa/file_ver_9.rar was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks BIOS information in registry
Themida packer
VMProtect packed file
Reads user/profile data of web browsers
Executes dropped EXE
Checks whether UAC is enabled
Looks up external IP address via web service
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Modifies registry class
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-06 18:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-06 18:14
Reported
2023-12-06 18:24
Platform
win10v2004-20231130-en
Max time kernel
596s
Max time network
593s
Command Line
Signatures
PrivateLoader
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\setup.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\setup.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Desktop\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Desktop\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-433534792-1200107535-3148087551-1000\{A48FFED7-F9CC-461B-A44A-1B74B50CE762} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-433534792-1200107535-3148087551-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 843746.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rodhigital.com/ambalwarsa/file_ver_9.rar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92f6546f8,0x7ff92f654708,0x7ff92f654718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\file_ver_9.rar"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,13519188746262227789,15015910063087678903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Pictures\Minor Policy\hngODraBFRrEd8JcRTe9t8eN.exe
"C:\Users\Admin\Pictures\Minor Policy\hngODraBFRrEd8JcRTe9t8eN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rodhigital.com | udp |
| US | 172.67.159.175:443 | rodhigital.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 18.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.159.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.233.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.166.122.92.in-addr.arpa | udp |
| US | 2.23.92.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.92.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 2.23.92.217:443 | r.bing.com | tcp |
| US | 2.23.92.217:443 | r.bing.com | tcp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 199.92.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unrar.online | udp |
| DE | 144.76.102.94:443 | unrar.online | tcp |
| DE | 144.76.102.94:443 | unrar.online | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 94.102.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | ik.imagekit.io | udp |
| AT | 13.32.110.91:443 | ik.imagekit.io | tcp |
| AT | 13.32.110.91:443 | ik.imagekit.io | tcp |
| AT | 13.32.110.91:443 | ik.imagekit.io | tcp |
| AT | 13.32.110.91:443 | ik.imagekit.io | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| IE | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| BG | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| BG | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.74.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 34.117.59.81:443 | ipinfo.io | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | extract.me | udp |
| US | 172.67.159.133:443 | extract.me | tcp |
| US | 172.67.159.133:443 | extract.me | tcp |
| US | 8.8.8.8:53 | s87.123apps.com | udp |
| US | 8.8.8.8:53 | id.123apps.com | udp |
| DE | 162.55.236.39:443 | s87.123apps.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 176.9.21.46:443 | id.123apps.com | tcp |
| BG | 172.217.20.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BG | 172.217.20.195:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.206.156:443 | stats.g.doubleclick.net | tcp |
| DE | 176.9.21.46:443 | id.123apps.com | tcp |
| US | 8.8.8.8:53 | 133.159.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.236.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.21.9.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.206.125.74.in-addr.arpa | udp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| DE | 162.55.236.39:443 | s87.123apps.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s88.123apps.com | udp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| DE | 162.55.69.232:443 | s88.123apps.com | tcp |
| BG | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.69.55.162.in-addr.arpa | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| DE | 162.55.69.232:443 | s88.123apps.com | tcp |
| DE | 162.55.69.232:443 | s88.123apps.com | tcp |
| BG | 91.92.243.151:80 | 91.92.243.151 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 163.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.243.92.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 67.132.240.87.in-addr.arpa | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| RU | 109.107.182.3:80 | 109.107.182.3 | tcp |
| RU | 5.42.64.35:80 | 5.42.64.35 | tcp |
| US | 193.233.132.34:80 | 193.233.132.34 | tcp |
| US | 194.49.94.97:80 | tcp | |
| US | 8.8.8.8:53 | 1-hh11h1h1h.sbs | udp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.2.102:80 | 1-hh11h1h1h.sbs | tcp |
| US | 104.21.2.102:80 | 1-hh11h1h1h.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.2.102:80 | 1-hh11h1h1h.sbs | tcp |
| US | 104.21.2.102:443 | 1-hh11h1h1h.sbs | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 34.132.233.193.in-addr.arpa | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| RU | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| RU | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| RU | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| RU | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | psv4.userapi.com | udp |
| RU | 87.240.190.76:443 | psv4.userapi.com | tcp |
| US | 194.49.94.97:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f0cdba3e639a70bf26cf85d538ce1a8 |
| SHA1 | b457faa0d6c55d56d61167674f734f54c978639b |
| SHA256 | c1e48c2dfaeb607efc713e1b5c01d1ee8a9491d8f3a2a5f4f3887e6c1f8c2f63 |
| SHA512 | 3c270fc58170c37f51427aac2d3092ddbbc17832556718612cebb0c32c04e7e3b7e157969d458a4b9c3e8bf781c23489319338960cefb5cf530673f2b8f81609 |
\??\pipe\LOCAL\crashpad_368_QDEOPZNWFZMZSZIC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1055dea5b48c2ac710babb9be1a5ec98 |
| SHA1 | 43021e20c41f205eeeefcd1f17b30a0ef68da463 |
| SHA256 | e91e9a5e4e0ed59a155c0fe57d09d64373e60526a6316596f15c5e53cf7aba10 |
| SHA512 | 121f81fdd37a3e5e98fa2ab01e17cf28c846f76cb4ae6bc9d22ab7dd585e177fc61e014391c4f588510e56a304ef125adf3c1732412b86680895e6354d573887 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\file_ver_9.rar
| MD5 | fa4d5ba8567bffbf8ac098079ef8c25f |
| SHA1 | fba4a16e4b2cc027c44be2553488452d136e28ac |
| SHA256 | cd1207e5e78c68c0ae2e3b6874c53810b19bf4aaa67d51ff67a9fda8837ac846 |
| SHA512 | 0c57f09ef8a26cbc9d9d49e01aa75dac3813969c7916ca7d6c46a8965d5c398dd81bff1f0b74181d689de61bacbab16fb744bc5f5d496b7a30833ab177ef055a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 40367b30a4ad825daae6e6ae27c08176 |
| SHA1 | ec899cced64d2c5e97aec3c7188563317fd13b11 |
| SHA256 | 269bad4490e97a8d34f4f395b83215772ef810c609164341f1aad4aee830ef6d |
| SHA512 | c85a481513a9c657db700a016efaa6d618c8066b4fc50a8aa62dc2192d16cc7738aa46c08067b982f74c345c1bd4aab4e7c7f7753af7532ffc5b7e6bfcf96ac5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 452504d9c4505739129fb9435193fc7e |
| SHA1 | 562a1cafdcc6fb7dbdc0e7ab5207d658c16d9f4b |
| SHA256 | a06531b04d403ce5718d32b077b160c79ee4c50c570bbb6bd717313667e72812 |
| SHA512 | e2040f6acbfba7bd78eb5f4856f30bdb2b3538f7d7e26408382025e365adb04a9e8a4327c2343924e16edf7d457c22af0af595c44904e20ca4ed2a65e66474e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 8f472f5706f7f7e9508673402592ad03 |
| SHA1 | 18e3a5699bbba3203e3876d0d28c560a5e6a9c03 |
| SHA256 | a98515127ff6537a7c2249265c6f4385320472a03127dc3d47c0d19eb2510d09 |
| SHA512 | 7f1cfd39e3e078b180c6636822265565d07ee13929043095db13cfbadfcda476893244184aae3b204eee4f46a481e317455a8a96301982faac30ae3a82898234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 68daebe701e0fa188b5f5bbd0a8f8a9d |
| SHA1 | 3e1f32a2cace7ba8c98ba2c7234eaeee8cf59037 |
| SHA256 | 0897f2938f841c707866df4994d59c721f21a56d04adf716e6efbf3f9355eb27 |
| SHA512 | 8bd36710ee72225855c3727553cd8d03f59d80ca66133c54fe92310ea1aba80a5e22a3ec065ce006fd9e4d657a208d46a7bd4b04ec065520718956aab90ce746 |
C:\Users\Admin\Downloads\file_ver_9.rar
| MD5 | fa4d5ba8567bffbf8ac098079ef8c25f |
| SHA1 | fba4a16e4b2cc027c44be2553488452d136e28ac |
| SHA256 | cd1207e5e78c68c0ae2e3b6874c53810b19bf4aaa67d51ff67a9fda8837ac846 |
| SHA512 | 0c57f09ef8a26cbc9d9d49e01aa75dac3813969c7916ca7d6c46a8965d5c398dd81bff1f0b74181d689de61bacbab16fb744bc5f5d496b7a30833ab177ef055a |
memory/3928-162-0x00007FF756BA0000-0x00007FF756C98000-memory.dmp
memory/3928-164-0x00007FF91E2D0000-0x00007FF91E584000-memory.dmp
memory/3928-163-0x00007FF936EE0000-0x00007FF936F14000-memory.dmp
memory/3928-165-0x00007FF91C3F0000-0x00007FF91D49B000-memory.dmp
memory/3928-166-0x00007FF91BCF0000-0x00007FF91BE02000-memory.dmp
memory/4284-167-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-168-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-169-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-174-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-173-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-175-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-176-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-177-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-178-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
memory/4284-179-0x000001C3CC720000-0x000001C3CC721000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 105ec7c688ec8176c05a2a7ee8825579 |
| SHA1 | 9e99c61db260c667045b0c7d2ac3c410015ac1e8 |
| SHA256 | 974110567edadb05727b0854ac9601b98022bd3b91bfc2b4a08dfeeb68d8302d |
| SHA512 | d7ed9d1eca93c800065b740d362a93246e1d2ae961c3065ebb9a59b6fdf0007d776d2346aff5ee9d087c061565a13518e4b1b6832c2ee5ae13e5948600589f36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32c44f0e0c925b37eef5fdc71d805eb1 |
| SHA1 | 361e6b0e65d9faaf7d1a4ffb1858cd17eee27e76 |
| SHA256 | 852e9735f5d75368ee4edee422755b7eff22e68ef762efce8ddd568452dec95c |
| SHA512 | 80c92a33d4643160119d51b6fbd89e8d7d4225d2e8fdcdf9876f8665ce6556d5355e2deb6d3267fd67f04fdcf60fe5aa37ce794e9236a3d5c74bb951f443689a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 808625ed661ba7bc6dd8486d6999d11a |
| SHA1 | 6dcecfe6ef5c8ca68db04dcad30b8925264df874 |
| SHA256 | 2259984420b29dd0ed534582476f9779f9c9ecad7d978a6537e468f3e65e0759 |
| SHA512 | 9daac3cfa9515d4dc1999f4eef410b649583815f2b17af0dc6d02e23fbd6f12cc913dd3e6e336d19a4b17f13efc6a01b63a5502a6c0c06969cc6e3b6d9326346 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b4775.TMP
| MD5 | 09d55dbfa9d5155979e0029aa6551456 |
| SHA1 | d53ad7354198e6a4b10c8c3978457a85aa5e9e64 |
| SHA256 | e1ac039946e7d7a0d97f95f621fed07420afdd9040121ff7fb6032d157fca50b |
| SHA512 | adac6d498dfc68a81988eeb747e2fdc4d965642de7de391c77d4fdbbfd76975e0b0003c14b145409be5d22a95d43ded2490f96e821d0a5bb18a8c940d06bd32e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 68f6844974a0844128ee7d5dca7732a8 |
| SHA1 | c65901d3f6b7a9dc5056f0b225ed262f67f4c600 |
| SHA256 | dc18bc073dc0781ba3a45b8763cdda6bccafd24d68e359fc4d897fa0c094a980 |
| SHA512 | 89774cb40218af97e713cac8e75c4cf899afc130f91da6de7a37d2f7ab43bb4933c32d476e84c118cb63db082b4ab0602900a242795077e6ab9ee0fc4bee3e1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35e58af01b96c29562db898ccfc9a8bc |
| SHA1 | 1fdee94d8fa8b76c30832ee7a18b37a23c742958 |
| SHA256 | 414e942bf228752bcd0bdf8c67b64e0231a1d5c0b40b4f13a70d77a111d68aa2 |
| SHA512 | 7f56372ec87f411e91e009594752e0f4356dfa4178167b1cc5b8a230f83b250e638c59ad70fc17a3bf03e7a28717dd5874fb6a89411e08dfbf47fe1e521560a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19a69626af3211e7db9aebca919221bc |
| SHA1 | d468ab7c122279f87717a2c5caf77682ad360c45 |
| SHA256 | 7996c687c73998250faa995074d67e7f51f6bcc2022bab2f0490c7100d2ed856 |
| SHA512 | 8137929f5308ae081f3aaca7baa1df59abb27241474cafc3d9be63139479baa4ddc80bf1209ac4381e005d6b776315af1e470ea003ed7103f22a22ce30c44a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cf9b36a0a5a9af3aae43be5e0ae402a6 |
| SHA1 | 86273f82ad0ea640eb144ff77686421b15b38fbb |
| SHA256 | 7754c4bad4eb49b38e58726746f079c08829adabba215f40eca102a8d089959b |
| SHA512 | ac54081413162291735e64b435ded884adfcfd948faf97e13629ed8b600144a5b32cc13333b9fbe39c8a18450870ec79a5a78b34e2e36e91883171d4fc1d1d17 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0bad24340164374c478ca3354897e705 |
| SHA1 | 3c70661866dbdebb7a40655329bfe9aea0334f25 |
| SHA256 | 44d010675fcf70a9cd604f7b63a03d8a0dc5cc5e8ae8f7429eba817ab42246de |
| SHA512 | 3fe8a50d242e4b4f80cfb2e3dd2e3f5d7455c948cb22487db592cdcdc0d9ac63a72781f67996e5f7e430e980610057aa174d43e8cf212b1d16a2d99bf3b377da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 8f9408864e7999049c767649cdbac612 |
| SHA1 | 944cb0ac7b5c149ef05eaf723a5975d658b1eb1e |
| SHA256 | ee6fbdfaa9e75db0fdcf089aed167cf2f305f847121a725493e096d591e08f22 |
| SHA512 | 3d3f115453e3dab03e535eac6420bb9c8e0cd600ae6d55a8053cba1a4e9552b6b8c8db3ea732bf2514aed14f7d0965e73a66b51756e22ef2a1e76f578992b9bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 684fd31362e7a7d373ed19c56772fdfe |
| SHA1 | 5faa94a7f4b6cb23365169addbf82f4333d31def |
| SHA256 | c7c8810a5f91cdbc1bbc8bc8dc3cfeb8faf1337690d3534432f6ce03f5b57a7f |
| SHA512 | 6c12fe9a16e0ecb635f00b3fbccd3ddcaa9ccedc1b36b49aff50f01cd8277e9861cf2dabd2dd9d6d54e481ef3efe9e5df91faef606175bf0a10fdc6675fceca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ebcfeafbee069d4825285d394028edac |
| SHA1 | bb6fc65012e7a07149ce3484722d773c986decbc |
| SHA256 | 998db08f932b889b96c4eddf3ab6cd4adfabe3bfcd627939c67b4046179712f5 |
| SHA512 | 496d2bcbbaa009ce3e790b6e9cfceeaf2c0993155f1b6da0cbcd1988759a1d1bbaf18be9cc6c455d55eeb7fd810fcd2ad9c6df44edbaa0d51db9d356451e8496 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b4586413da603ff7e0059d03294b0908 |
| SHA1 | 4a0483f6a4efb3bd5702ca49ec9f4d61c1695ce1 |
| SHA256 | 4124af86794cd710be895d7044a724c6c44b84ebfc6a59c8383184d3182a66b1 |
| SHA512 | 7e66a6cea94d8509f00b56daa5cef5672851b58bf8185151f94c5ffafe35eb2566166fd1e8c7adb646397f29ed28168cbd1eb0b06c349d61b54aeceedac5a119 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 06816b42fbb66f783ca54eaaf6f55f73 |
| SHA1 | 2dccdfdc9caa8be043b54f5fc892e6dbfd36ad3c |
| SHA256 | 66b1f05d8c7d68d4d2cd49d29827b2250f9ffdca829bc87266a01cc5177b9a70 |
| SHA512 | 503dcdd5eaf1aa2c6a69a236f868523039016601aa86cb7c5fd1e9124134a58f054dfd29fca382d1d993cd0e7668e255e7b1391f46a219c97ca09319fdc85b77 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b02e74b81c9ccf822ab25205d3ed9fee |
| SHA1 | 5423c65628d1dd2ccab8a4c5029e4eeeb8ff9396 |
| SHA256 | 6c7f8dc90a536a8f50bc2247097c8f9fef3bccd084c2cc19a996228efab3bba1 |
| SHA512 | 7f80c5340e5861437de258eaa93b9d91fc39f5f475dd6b9f0ef1cf1b4a616e9704a2e92582f666065ee6c7a21f10c9bf66229019eeaec43deb85b81ca1376202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d53524bd87e53b37aa3ff5c40dcf0c36 |
| SHA1 | fc2641aa5825c0a03009ef15536b82ad004b3114 |
| SHA256 | 0d2b57ea06f3d00cf60bf1a2fcd146f4e26e04b7059223d98723c91c1b5ebde1 |
| SHA512 | 12309c11454115f9db1a058db451866e512f51f5eb85de668c6befb1331afa84eeb43adc4fa5f530a8af801e37f65da681f35d690f3851ed55466a442ce5203b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 29a64aa5ba52178a8b8ffe7670adee1b |
| SHA1 | 3e4fcf6c3e6344ca0a06b77bf650e983aa0b15b8 |
| SHA256 | 578960d43799fa29e957e57341dc96851d46549d2d4fe708ff62dbb4eb9f97c4 |
| SHA512 | f006ca2d3c63ac053c0145b68f883a2aabd4f7f7415f5543fa96c30a20aa0024adf0266fd6ce7b4ff45916bc126761ab31812dafac88484d88c6025623a5c5b5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af84e4f6fc78de83f0807c37e4ad79cc |
| SHA1 | fd8bd538ba30ef4984cfb03442215452f3c04f3c |
| SHA256 | 0e944d799d500b14548c562b64e0009e5bbeefc0ed5b3ecfd97fbd018ca08d7b |
| SHA512 | 65bd5c742bd7a00cf39961f9e4567a737b851187ce6907f8ca2a13425227286d4b91a7be48c409ac11657d0864e03e83943f0c8c59b0244efff11bd5f03304a9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5305dc5a1f3ff9a3746e3c1d983356b6 |
| SHA1 | 725160f5fb64b527c8e57391bc029c44c5a2d784 |
| SHA256 | 3eb2513f90f64029b4615f2ba565c3dafeb81a1e34171d3ba5087e76322ed6b9 |
| SHA512 | 294a9ca71f68f7612ee0ce3da9de9b63b7fb2c192825d7c6af7620fe4269bf90e08d10462e8a4c7fcda46db2b30b513af50b09a0e79a758f053a48a620d6edbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f58b96db36679aa7a1e584a65b18601 |
| SHA1 | cd5ea89d2252495e5882944e088c993cea63649a |
| SHA256 | 0550b3abe54ffd84859e8c57ba7a7e2b82b78b354b4aac63d9efd2d80bb46cdd |
| SHA512 | 93ad92f2f7cdf04e8f1376cb6f9d3b32c56c2d8db779ffaabfd2ab74eebc36f7f3d07bae2043b8ecabf94c98f922375b395d5be2ebcb045d7af03ac1f8ef6e4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d66b0f96b70116eb724e5bad507af77b |
| SHA1 | 176abeb6666b1159261f25c43d2fa4d5a9229a88 |
| SHA256 | b1b367322b58624c918476fff30043585a8aa4063800b272187d27bb74787c2e |
| SHA512 | 0418066f3c320dcc706390ef3f73197288786ee30efae16ac62d25edd8056ba8ee827e589a4bcf46e04715e18e8b9ca1623f2524e7b31300ebd246aaab55fa14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5c44c3477a1462bea6495c28241cfceb |
| SHA1 | b42680301d797b45db621791773e56fbd4269b91 |
| SHA256 | 707cf7f5d8b998a4b3ec8e1ad25f5514e62b8fabaa6c6da4acc300b3f50add0c |
| SHA512 | e06e30d3a7c4e184d87410c6c7969dbcbdb2486864ea3c57ccc55412299b0793d1d9b51a030c0cd3c3e30cb4c3379ac9d6c57cd64962203ec0e9094090f74377 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 76cfe2dce2b2a74ae30119d3b17a0830 |
| SHA1 | 5e471afd15070c0fa5da544f9cd9373273842368 |
| SHA256 | 31184e8f5145b452184410aafd35a9b91ea9d0a61b4b75eb4309b1e26a2a4187 |
| SHA512 | 8c3447b36c25d10a34aac5d053efe4ffc532ed364ddff829fdd3aafdb52d8c1e1a5c1ae204e379e12dddd2298002fd09292709e7001a8ac53546441366fd5bd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0b42faafaf6ba1f828b14896f719532c |
| SHA1 | 7a6f97f1bf5d1c132776e24710d8e4bafe2e6973 |
| SHA256 | af73c0528024d8cae1bec7e8a1f786b6f26fd4bcbf2cc8e54bd52cebb7accae9 |
| SHA512 | f2fe13958a9cd69335c79f080464690808b0a0f63df94fba996efaff0d905f1d6f3db5f50c2f6aeac9bdc8743df47ce371a8d32cbcebcf4feffd6693abd2f35b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c5dffdf0c5a9ec783a516195b9075529 |
| SHA1 | 29d49a2714e4ac6936bc89173349cb334e529845 |
| SHA256 | 4cb5dbed1b9c45ddba2235c47c2842d86b56d2f0af9b066a558bea32db4c7db6 |
| SHA512 | fc8de07933c643aad8e0dbe83f37d2ee5081fc75ead5fe3a0022b650835d2c66f666e5bb6f2a97e69c70384255745c55b91558b0413471f282de50c9a386e83b |
C:\Users\Admin\Downloads\Unconfirmed 843746.crdownload
| MD5 | eaaad146ffff87dda7fc056def2c6b5c |
| SHA1 | 67943fd5eda233e68103460696dcc7c385c8ca1e |
| SHA256 | 8172259cef515398235fc22b3c051f2500c5e3ba45e28a0d315da8acc669c157 |
| SHA512 | 68fd76cbbfa4e74c62921cb9eda7907f8bd22b7dd9365563e71d3d1c79ec76c15af932d9521c7e1af392fda289fe08d7bb873f6a0a35edf3cce9faff4ad9ec5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b6d3cd1ab8eea4c19b117a76b04719f7 |
| SHA1 | e8ce4f21501db80c3d500d049bb91e5ed2bf1286 |
| SHA256 | 3f710f772e95d4797b5b01a046d50ae53d138cba6bb87ac566a857937e3fa87f |
| SHA512 | 6ade9230e0ee92ef4a5f5903432a76921c49de6d7f22e74b505acab7d2f3710d41ee702f736cb7bd5a5ef086014d4af2c24d39a5b0f2f8f41d00fca706356cd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b201a1c53115c109462729562b29da9 |
| SHA1 | 0cf582ef18e5fda970b44d59a45c2829db5e8275 |
| SHA256 | c6529932aacc7909cf0a663496c1bb2a8c4c77d1deb7fe34cf6dc85537287ae6 |
| SHA512 | abeb26d0d5a80827b87725224074240ae2dc6b0ce7aba1c879ee5a20fb30e3331d79bedfecd7b571b8910824c0691fc5c0863db8078c99e57027badd3f68fe7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 41f847a183aecd66e4c696603b8efde6 |
| SHA1 | f3a0e83ec1e95c19f6b8d85d6489adce19c3a51c |
| SHA256 | d825356d45f0f7b826a62ede0a71f0dbe6f254facc51d36d0e56072b02f6ea89 |
| SHA512 | f3053a13b9ed6759f3d2591b26296b43a440ff4246fcf4fb5797dd577467a237258b3c26e93afc03b0f029726c0c3c9a6024401ac76aaa8e1cf211289146e478 |
C:\Users\Admin\Desktop\setup.exe
| MD5 | 93bcef2e0497255424b02372664360f3 |
| SHA1 | c410893ef671f402da18258a0c859b799fcb8199 |
| SHA256 | 1d1811c61dc85d9812fcd840c3f553fed5404be0bbbae6da304430302be90d1d |
| SHA512 | 7b6db6f531a6884d816599eb90f2ebe539f1721850d1a9c4ea5025fc51825297d38df0f82cb961dedc112f41df608ac5d07182afa8b38014ee1cd15df71eefcf |
C:\Users\Admin\Desktop\setup.exe
| MD5 | 1d1293a41e3a9a7e2fe3eb34c8b65211 |
| SHA1 | fa9f759bcb1ff44a6ce16f05e0ee104afc1a366d |
| SHA256 | 7653fe1159d2e01e14404e6427f576248286ffc9024663a1c3d4a6215c4b8614 |
| SHA512 | 8b49739066cb71b939e602556435e82b0a9b21353b4f3e1fa11b31f34df65d3735c18ea1121cd5be1e9739e0e59a7d8afd735365a6318b62813a315f6bcf9595 |
memory/4760-1080-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1081-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1086-0x00007FF93B7E0000-0x00007FF93BAA9000-memory.dmp
memory/4760-1087-0x00007FF93B7E0000-0x00007FF93BAA9000-memory.dmp
memory/4760-1088-0x00007FF93DD50000-0x00007FF93DF45000-memory.dmp
memory/4760-1090-0x00007FF900030000-0x00007FF900031000-memory.dmp
memory/4760-1089-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1092-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1093-0x00007FF900000000-0x00007FF900002000-memory.dmp
memory/4760-1091-0x00007FF93B7E0000-0x00007FF93BAA9000-memory.dmp
memory/4760-1094-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1095-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1096-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1097-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1098-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1099-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1100-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
C:\Users\Admin\Pictures\Minor Policy\hngODraBFRrEd8JcRTe9t8eN.exe
| MD5 | 34b781b9198150f170186ab0d9609963 |
| SHA1 | 20fe73fbf9ff7560a2f799e1969253cf192033ca |
| SHA256 | aec1e6e5c3d2f77eebacdc0e1934133c10ee06cb633dfcc15ac03c53fc7e9121 |
| SHA512 | 88bcc956c59a2b3aa4e7173216fcb14e692af2c25a70b8eee9d34733262bc57f41000fa85072d70cef171886d94278e5e3a7b161a1a76f3585ccc66cd6580923 |
C:\Users\Admin\Pictures\Minor Policy\PNJre5x2etnPthe2HvwYrTmc.exe
| MD5 | 9fa9314623b44bf818b300c594059c49 |
| SHA1 | fee6c0ef0cd01d695284447baa52483c970ce6f0 |
| SHA256 | 6e374870a01d3dc74357c7fc4fd3c31ef386b9ecfa7b076a39e37d8812f380de |
| SHA512 | 4d200f61aff1c89cbd1ad49ae587ff2045f8e04dd6e35fed3ba1415ee387fbd33ef92221c0211cd9204cb8ea1acd32c88a24a9664efd9d5024b18e87db03cea7 |
C:\Users\Admin\Pictures\Minor Policy\RpHYvEZ1t8Ud7BO4YUTUmWgo.exe
| MD5 | a0677e4334cfb859fe2d35eff3be7953 |
| SHA1 | cda31204e54cf54b7b83a3c10f2dfc4385bb4e13 |
| SHA256 | 366d66b7668f5000fe69520ffe0702f472939850790fe40e7db85575af3ce292 |
| SHA512 | 125b32e684495bfe5f7e0e24f38ef761d43de1c5cb8b5db69a9464a83f50dc69e682452622d92eefcc2400f4b5a6be21faf063eb63c0e9f1b6ed016720e5ecbb |
C:\Users\Admin\Pictures\Minor Policy\meHgDnwaQtAKWDx6PsxfQutE.exe
| MD5 | 4e4c1e82295a9b072596fc514f4d3711 |
| SHA1 | 4aa80e7543d1e20380d0d0e7efd8341ad6231d72 |
| SHA256 | 4906f727709a2acc63c9a01b56a66e1a29703e259d26f8dbde9b40426385c0bc |
| SHA512 | f616a1582af6d7361ebeaed6a6629e6cd25e0bbe66069c2ce822fc7d181023088906456313a3ae0a2088ffa9b9e92560ddc780fd480752a565a9d70ceaea9789 |
memory/4760-1147-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
C:\Users\Admin\Pictures\Minor Policy\fSbL5hhHD4q0dowrFFw3yOmS.exe
| MD5 | 0e92a8764b8f3e3070b0ba90f7201e72 |
| SHA1 | aac31e91efda884b2c90a35fd8fec0331aebae20 |
| SHA256 | 2291965dc164bcb583972b38ed7624e00da9624fae8a8dbd923b291c0e16ce5c |
| SHA512 | 40d5f91d70bbdbb7144be140b2a3752f8857f42c8f5bf3c7d362c5c0da5ddf5b26f8cf96c6d2512a95711bd13b6f7e5d0985f0588efec5ece9e4ed039d2526a7 |
C:\Users\Admin\Pictures\Minor Policy\5NsP_Gu_laoWrxZUCH5CfDqI.exe
| MD5 | 037df1ff782550bad1065b9416dd50ca |
| SHA1 | 59d7ea9ecd31833f2b7296a31908a5686def0a8f |
| SHA256 | e290ea782eea1af1c67fc985e851ddda547be4afb3f0e501902520ba3eff556f |
| SHA512 | 93c1e782c1e2fc83d4de8f4d8b780c8f1146b8a0d7d527f25ca6b72983ae190ea4c49a94151dc2c4c4c6b254a5fc7a62f1fc56800c467c83051ccc8d300ad368 |
memory/4760-1204-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1205-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
memory/4760-1212-0x00007FF93B7E0000-0x00007FF93BAA9000-memory.dmp
memory/4760-1219-0x00007FF93DD50000-0x00007FF93DF45000-memory.dmp
memory/4760-1220-0x00007FF7E8F50000-0x00007FF7EA15C000-memory.dmp
C:\Users\Admin\Pictures\Minor Policy\J6omxOvjh1FOhyu2N0tKW5gc.exe
| MD5 | b0381e427930bc3dbddfc2b3acfa5dc6 |
| SHA1 | fbcc79dace49199dac15df42fd1713dbbc1786ba |
| SHA256 | e5525c0cc38c18efafa4e48acd35b106ee0debd8c4ab1f45c6e64866ba8b6dbb |
| SHA512 | f50a9e0be4943d0cd64ef52343ac19d93b7b817e8d5f0f57678527747957ab0c25758382183c909e16c013f169a31b2581bb703da5dc3a83992bdb09f4ffefe7 |
C:\Users\Admin\Pictures\Minor Policy\asZhMf6ZN4QGni8ZFcpAzmUs.exe
| MD5 | 5b6f1c515e6803f811fc59644327098e |
| SHA1 | 9e3a7631c202471ae23b900c054388a2a884671b |
| SHA256 | 3fec2deb427250097c9e53280c4c1262c44925da4249eccea323db5eb803fd65 |
| SHA512 | ea692307d2484d6e1baab980ce7c9be54b39952fedc2ceac6073dc93b6bfe28a45d3167cf48d15a9eabcb5104ecda9a366d4b036634e0590265621406f9d9219 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-06 18:14
Reported
2023-12-06 18:22
Platform
win11-20231129-en
Max time kernel
267s
Max time network
313s
Command Line
Signatures
PrivateLoader
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\setup.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\setup.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Desktop\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Desktop\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000006d791ce3dd22da01baf46894e322da013f2790387028da0114000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \Registry\User\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\NotificationData | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2379530898-3444504291-4008811794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 448066.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rodhigital.com/ambalwarsa/file_ver_9.rar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f9b03cb8,0x7ff8f9b03cc8,0x7ff8f9b03cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6508 /prefetch:8
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5752 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14435025311365464905,18335183967805453553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Pictures\Minor Policy\mGQb8kgBUBZGM4XX94s5UaeO.exe
"C:\Users\Admin\Pictures\Minor Policy\mGQb8kgBUBZGM4XX94s5UaeO.exe"
C:\Users\Admin\Pictures\Minor Policy\M2_JlR4wTs55CcvJ0KzVH360.exe
"C:\Users\Admin\Pictures\Minor Policy\M2_JlR4wTs55CcvJ0KzVH360.exe"
C:\Users\Admin\Pictures\Minor Policy\qzvo3q0DFiXKkhfWIvjTO9Cf.exe
"C:\Users\Admin\Pictures\Minor Policy\qzvo3q0DFiXKkhfWIvjTO9Cf.exe"
C:\Users\Admin\Pictures\Minor Policy\tvo7mxGsFtKybaZmbh5wmHeN.exe
"C:\Users\Admin\Pictures\Minor Policy\tvo7mxGsFtKybaZmbh5wmHeN.exe"
C:\Users\Admin\Pictures\Minor Policy\jZPYws7fchcK_G5U0nxQlwb2.exe
"C:\Users\Admin\Pictures\Minor Policy\jZPYws7fchcK_G5U0nxQlwb2.exe"
C:\Users\Admin\Pictures\Minor Policy\Ui2yTvmXvWu8rarjQYPvlEYd.exe
"C:\Users\Admin\Pictures\Minor Policy\Ui2yTvmXvWu8rarjQYPvlEYd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rodhigital.com | udp |
| US | 172.67.159.175:443 | rodhigital.com | tcp |
| US | 172.67.159.175:443 | rodhigital.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 18.179.17.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 2.23.92.199:443 | www.bing.com | tcp |
| US | 2.23.92.199:443 | www.bing.com | tcp |
| US | 2.23.92.199:443 | www.bing.com | tcp |
| US | 2.23.92.199:443 | www.bing.com | tcp |
| US | 2.23.92.199:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| BG | 172.217.20.174:80 | google.com | tcp |
| BG | 172.217.20.174:80 | google.com | tcp |
| FR | 142.250.74.228:80 | www.google.com | tcp |
| FR | 142.250.74.228:443 | www.google.com | tcp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| BG | 172.217.20.206:443 | apis.google.com | tcp |
| FR | 142.250.75.238:443 | consent.google.com | tcp |
| FR | 142.250.178.142:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 142.250.178.142:443 | encrypted-tbn0.gstatic.com | udp |
| BG | 172.217.20.161:443 | lh5.googleusercontent.com | tcp |
| US | 172.217.218.94:443 | id.google.com | tcp |
| US | 172.67.159.133:443 | extract.me | tcp |
| US | 172.67.159.133:443 | extract.me | tcp |
| DE | 176.9.21.46:443 | id.123apps.com | tcp |
| BG | 172.217.20.206:443 | apis.google.com | udp |
| DE | 168.119.136.78:443 | s84.123apps.com | tcp |
| IE | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 46.21.9.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.136.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| DE | 176.9.21.46:443 | id.123apps.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BG | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| BG | 172.217.20.195:443 | www.google.co.uk | tcp |
| BE | 74.125.206.156:443 | stats.g.doubleclick.net | tcp |
| BG | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| BG | 172.217.20.194:443 | www.googletagservices.com | tcp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| DE | 168.119.136.78:443 | s84.123apps.com | tcp |
| US | 8.8.8.8:53 | 57.166.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.104.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s84.123apps.com | udp |
| DE | 168.119.136.78:443 | s84.123apps.com | tcp |
| US | 2.23.92.199:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| US | 2.23.92.199:443 | r.bing.com | tcp |
| BG | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BG | 172.217.20.195:443 | www.google.co.uk | udp |
| BG | 91.92.243.151:80 | 91.92.243.151 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.9.59:443 | api.myip.com | tcp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 194.49.94.97:80 | tcp | |
| RU | 5.42.64.35:80 | 5.42.64.35 | tcp |
| RU | 109.107.182.3:80 | 109.107.182.3 | tcp |
| US | 193.233.132.34:80 | 193.233.132.34 | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.97.2:80 | 1-hh11h1h1h.sbs | tcp |
| US | 188.114.97.2:80 | 1-hh11h1h1h.sbs | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.97.2:443 | 1-hh11h1h1h.sbs | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| US | 8.8.8.8:53 | 3.182.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.137.134:443 | psv4.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 194.49.94.97:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5d6afc2bfd830a32083c64d184e5a220 |
| SHA1 | 3d83d57733d0d717e32a7ece2912e5593916b08e |
| SHA256 | 05d7bdda813544520f5a4b50509e7b29c24733b233b1333cdf9d5f6016dc7c88 |
| SHA512 | 29db7c4e85dc41eabc07be506a05df8dbf8b8b9380eeb719ae0e6413afb29e9d823ebe901ed3f924746ca1b99f86f58d93a0a7a7263ee6efaea3eacd6f30b47b |
\??\pipe\LOCAL\crashpad_4372_AMPXLRWSGQPBRMZP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 76494344a40fee1c21531868fa36a88e |
| SHA1 | f3caf6a5f9dc3add23ce4057c733be3d5e68d888 |
| SHA256 | 0ebade92fc20bcb60fa087d14ac9d234bd3f9c9a3274765e95b6b2d16e3568e6 |
| SHA512 | 6dc12f2829df7ef237a2b0149998c9be64bf319bc14e6b5ffdcba3c2f2530d795f3b531098d915e4bcb267eaacde10b42226305197d59c89c06f6cda3349ff82 |
C:\Users\Admin\Downloads\file_ver_9.rar
| MD5 | fa4d5ba8567bffbf8ac098079ef8c25f |
| SHA1 | fba4a16e4b2cc027c44be2553488452d136e28ac |
| SHA256 | cd1207e5e78c68c0ae2e3b6874c53810b19bf4aaa67d51ff67a9fda8837ac846 |
| SHA512 | 0c57f09ef8a26cbc9d9d49e01aa75dac3813969c7916ca7d6c46a8965d5c398dd81bff1f0b74181d689de61bacbab16fb744bc5f5d496b7a30833ab177ef055a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a742ab0f533b11ce9bfff3f9a8c86298 |
| SHA1 | 3cc2aecbedbbaa7fdadd80eb16b14393537ef5c9 |
| SHA256 | 252ee644d6d8a8282aece6a286f1035d74ffb8f5e0bc5127457cbb255cd8285e |
| SHA512 | 0165f5778a58f78c6f9b03669b5ddde25b38b0988d6a66f6f1a5008269e7f05234e9b799f0deddf77a44e9d451516b9e73d8a395c6a6f389b1e758c6ef25cc27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 24264849dcb8bc54bcda9170d3640bb7 |
| SHA1 | 9be663223a2a8acc47acfb774eeab21ee0acc95d |
| SHA256 | 2df59cd57b50a61a2404e6c153ad49d62bc46e8931351964041fc0895e517b37 |
| SHA512 | 4c63c96685aecc3c424a3a1c815cd844d441c2fc3e63187de03c54d467ad07867681a33ec11e4804422afe4cd511c00d9b3b1022f86f559bb2d2dfc314f4a788 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19f21dbfdb0cd5dbf6a3f17467cfdc09 |
| SHA1 | 02e200ab8a17a12f8f1a41b078b6e211f2cb8b58 |
| SHA256 | de3159fbe15e3b039e3a9cc6ad7a50d08b36f94d6c0deff6e97650927881b87b |
| SHA512 | a26a14b89064e1451c23dddbc83b6a80a22c71ef55aba7d06ad321f9505481690493faf66e706d903488c5bc98aadc9f9dea5574b2db6bd4c0cdcbf80cbe0fc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 84ec7d932354e9320f1245f9eeefe912 |
| SHA1 | f22bb64b4efc991d749f98815c4d95483b31f251 |
| SHA256 | dc61f603b2007545d12b5607094d052bd8089823bbe3fedd63d8483c3585d703 |
| SHA512 | e901c438aad2b663db261c46cb41e0d8ddd134b0ba278b4a7d73e9438e76ab408948aff59ad9729bed7da909b9be9a304a189a85afab5138dec3eaef1216edb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f1d28fd43e48cc4081c7edb02644505 |
| SHA1 | e1e0909d83416964cba9c73134372d40e84d751d |
| SHA256 | 68fd6d26886df8d32182397eff7e1e19c763e7fc0150a02a041d8260b078ec68 |
| SHA512 | ce3cbf4a99181f456050a3d861a6b6e981ff365bb3d12e3f5459116165812b02d9d3fc6d532194aeba6a7cda734564c60babaad73ca56f449248a0cb0c2994ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d37.TMP
| MD5 | d98ab4041dbeea35ac95ee50c6d45c02 |
| SHA1 | a29817d569b3678f53513bfc6f80610904f7510b |
| SHA256 | a061ac2b42e6636c396ab79c3ce612ffdbc7dcec364c14640d0a832339da57fe |
| SHA512 | 90bc66a4b85423716cba56c022d201031c59afd8bd9f0d9d7c9f11f46ad888fe29107f7081e604b01d67ec4ba2ad0b5bd6f7660ebadaf98d5b1fe561ca84e788 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63bdf198-a5ef-4fc3-81e2-267d31ad4b53.tmp
| MD5 | a9247f8e991c62359bf268ebee71fbe4 |
| SHA1 | bc986e851efe9808f4933ce380fc545e7aa3f164 |
| SHA256 | 063a95f9c3c44a2fc0edec04030ccf95cde381afc0661ea043cba74c21af9021 |
| SHA512 | 2fc07210ce7bbe41b939ab8ba083196d46bb6eff91fc91533b60101482dd768341d65bd510fe227f41f352d1946ed6f44d988b1f69dfd1cca86f50233211a876 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 14bf6c49254640090a8eeadb4af500a1 |
| SHA1 | 6d890051006fb5941e17786fbe66ce129a4422b7 |
| SHA256 | e5b5c35ea8e1774c0aa30aa91cf7e8045236c0b869fdce2a8d8874c4a21ab6d5 |
| SHA512 | c5647139ba27718baf3c78f158abee9833c834cb6023d90f41eac413c8faaeffc6d4a5f5bca006148052a6b6335014001c4853930fe98dfef873917f15c3d4e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 336593b067ee5b560657d3dbef71c2d9 |
| SHA1 | 96c2c3e34e72fdc7c4956fabbc3bff48157f405e |
| SHA256 | e2d7f4901bb64a30937f70015eedb03642d23d259ad9fa8d698cfab5e86080b5 |
| SHA512 | 6766a5bfcbee46e26ff1f02036e801c83a0a2e8c92f1a597280667449aa22aa3df86576b115a8525b2f7e4a75500b34a19b021b5503e77556498c1c6886526e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ca00d4ce-02ba-4b20-9958-9f75689860b7.tmp
| MD5 | 75ca0678b76bd2ba164ea12887885a4c |
| SHA1 | 1ff01154e27ed68b9d97bee683f61d28fd5dfade |
| SHA256 | f139b3e9c8dae496cb1b4bf573f85c454c7f325dafb44fd40e9eb1a9e28a6dc2 |
| SHA512 | d43a6c7e02b73308bb4fc2f908d032ada00a74561c37228a80626c4d0adb030b3c02576648bb3b6340e0f3f479e2f37461a6138339324b3b20a8504bfc30cbf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5be62c8401f182831567f925e9f8eff0 |
| SHA1 | a52f6efdf5f9ea139433e92d8b44125903ac05ad |
| SHA256 | 26ffbf6537acaf49426435d4733f4dc7d3d827a1ada161652515456d603f2e31 |
| SHA512 | 7f7816072064e45b3f4b045a22ab7dc2714d3404b6c39a641873ee45fff462fa2f1f6e1812b992eb6db189239790b3377b925e4cb14f18d1afd55608d8290611 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bbdf9cc22bdaebcd517165483165b553 |
| SHA1 | c36f897726b651d1f5d121cc066007e227f7521a |
| SHA256 | 3649127538748bac066f0e514f2f702379a294adea25186baa0a10924a14e957 |
| SHA512 | 01041c2b42c2f21755062a3a4c4b27027ec7b531619df1fd2957a4e4580d49b7b52d9382c7e9c17ef656e9d616b354f6f8cb02f9c34a17cf49f93f238007a9ed |
C:\Users\Admin\Downloads\file_ver_9.rar
| MD5 | fa4d5ba8567bffbf8ac098079ef8c25f |
| SHA1 | fba4a16e4b2cc027c44be2553488452d136e28ac |
| SHA256 | cd1207e5e78c68c0ae2e3b6874c53810b19bf4aaa67d51ff67a9fda8837ac846 |
| SHA512 | 0c57f09ef8a26cbc9d9d49e01aa75dac3813969c7916ca7d6c46a8965d5c398dd81bff1f0b74181d689de61bacbab16fb744bc5f5d496b7a30833ab177ef055a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b6429c868cf5c1d5e4255e8e525a3bc |
| SHA1 | 2c24fba84ba9d4beb6686dd7a86cbcb823ec2fab |
| SHA256 | b403021bb77d1e35208cae8f346e851e271c47dd7ea75933c358c29188352b55 |
| SHA512 | d473801f02ab55064377f5f4070dc81bab63c20768cc8457b066be64c221bf3c0b2947b0668c4f42b6cb28eaeb9901851ba68395b99f9271446615a0d7515a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 18d0bffbb3922ac431513c1eb33d2132 |
| SHA1 | 41582d89a963dd702de8a0c3809c147d8e7d6305 |
| SHA256 | 5767c25c0a88c6c20cf6621bc697b9ba7a72bed9c6c8ad32a3b688de27d85472 |
| SHA512 | abd7ac21aaba9ecd5a4f198cc82adad6e0f82700da1cd769286c1734f7dc0ace5b4ac5c5044f086a2a5932e85e09b7e592462b540029c0a3e5aea5daaa33698f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2763b65a682411b5096275f12a3f25a1 |
| SHA1 | bffbcd9150c330bc609c4cd81988fad298ec98ac |
| SHA256 | 76e975f2be0562283d5525eec408c0c5b17b142facfe9aaec4bb886a8b02503f |
| SHA512 | 57f21b57b6dbc70c2b119c7e07425b10541e9d39396444e00857d5b1a445cb2d67acd38bd6cd51e953e50bb5c21ba76fc92febae16d30967612a462bbfcac4f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6016d8cbd44213b1a363e28319fb77a |
| SHA1 | 79937eba7c9ce1dac95840acb68bb871f48c88b5 |
| SHA256 | 88ccfe11622e0de70e5c542d661771a6dc6afc0782863dde637626e4ed2e9652 |
| SHA512 | 50b4d09be3a543f38b98de9af3957483ab1cd6cdbae48546eeedd7b3966a4b34cd2e223432ee3ca5f20fcc7f4376e0c4eedc57c4aba4d85a32ab253226daa823 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2dea076cdc2cd1133e7f754dede803bb |
| SHA1 | 81a43b5be730fbf9366e29302ce3bf833d7a7ebe |
| SHA256 | 129a702e46b7b0c2909a5934845339ab42580351c0e90620b4959a8d6e9e13bf |
| SHA512 | 2ff2d739c907c2f1a6ff96b7b33c76a6f32efc16d3481f0337095a5df222fccd264276261dba898c9c58b8061415979f555eb0de4e4414ef7b2a697490807290 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0251ac54f1b0ed7d2c41f4ae75d9f4a1 |
| SHA1 | aba7998910dd20ec5312a870f075c81f5f7ce34e |
| SHA256 | e233bb95dc7f9f3aba4665bc19f3ecf4febcb1a66e509a41de26ca20fa731d26 |
| SHA512 | 2b496bc20f4e8d14b83eb60002f663d9601e040f3a0ea9b0f41640d456914c366f174ae9e862212bb15b64096efc6799c2a0701ecbee1d4be19649d3620de800 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32bb4707f61a1920a5235bc1f7d24838 |
| SHA1 | 98dc5eb90430121f015d147ac15ef2af2cde670f |
| SHA256 | 55d4b5f643f5733df1347f9ed70a04cff11b8226e578a6403634b10a881c8274 |
| SHA512 | 76296a949cf1d23c397bdcd3268fb3bc557dad68dce3d4db7ea5112751b5befada2a804092833b9e8ac398eb24b7697de2f3fb97771e7e0621392239749f2117 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 074c63967440c508edeb13b763b3c9d2 |
| SHA1 | 0eb65a35e2b1a13099ba908550f41fb15c97836c |
| SHA256 | 4eb1d035d2ec66dd1f189edff01761ab3f6783b33cdcb1b183c62e3e6f3a9503 |
| SHA512 | 4515bb67d25e77a1fb71914eb8b90adb472f2713ce64d2f0bf139f9cbfd4e6521418009baebe6a0a9014b541a4d73a7ad2e8d2c5ca005ffda45b69563a83b0b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 605ead38f5a5b63c2c47e9c19f4396eb |
| SHA1 | 04a6f8c1304db57eff3caf59153693b500aa0604 |
| SHA256 | 6e3ea184ea98468413f5b0259354de4e29241845197448870ea68270d96e277a |
| SHA512 | 75d1e4e1107804ec474fc83818797573ab14b2ef01d7fd88a3f5c4f65fd84a8da3c7f9c6e008668c0af3a1d6fbe18ae26ebe532a5f4982df814f38db1d052688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea0bdcc1af5d56a450c3e5886f2eae6a |
| SHA1 | a264e02566dee9c82b8e66e0a4b33c083a17f08d |
| SHA256 | 9ec569b7c4b428a80c995c60e95dfc20cc715de38aa755667d5adc9f55b8d600 |
| SHA512 | a494a31ea8d0a8c61020e9ca43e730ab05ae83cc15b1a3ab7a02f81469290ef48b34554bdff934fc37ff8791ba9cdb393dc1cc144539a80b9038f459e651e44a |
C:\Users\Admin\Downloads\Unconfirmed 448066.crdownload
| MD5 | 9ca986be3ddcd99536bd9cca76ce7689 |
| SHA1 | c8478095373808d431c2ef7715e8b7d8e043aea0 |
| SHA256 | ffeb5b7a8cd4091104b79b738d5dcf9b0346336e1d6c735432a439b7cce05c0f |
| SHA512 | 220135b935004aa91872023ac09517a0e4d91d8620532d820276892bcc0d4f393b3d9c270026e272333f200dbfd2e9245c765ee315781bdc096d5467cd7aeebd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d37630368461d7a9c57aa78581e41eef |
| SHA1 | 1b6181ceff31d0ccfc861cdfcb6905e2e80225fd |
| SHA256 | ca77190748cd65ae3c70facef58610e484edbd82ec049b7446939ac3bb68eed6 |
| SHA512 | ac1847ed277df7f6a6aaa995c8e310e345fa43a71afabf8437d72e4425e8240bb7783f6d336b060cb657a1236b7db8490059dae567dc645c44849721193bffc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c8e0e1be6dfc371efc5c29daad91634e |
| SHA1 | 29b80052a65290f5ddd06a96fd1ff81d852b159c |
| SHA256 | fe6db576370172528c42d53e3d20f1637b9144d8d1aee1c52325a8d38d8ae281 |
| SHA512 | 6213e99486a8d3afece76db8d8c44ee2b6cb489b1aced89b6e8ecd0e29ca5860b8e9afec21f4955cf2369c50a14b68519cb136cfbb74caac8afa444b2ffce1e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d40275a682e816072428b499a10c51b4 |
| SHA1 | 112c89596c1ff1198aa7fb5d564a66aec3839a55 |
| SHA256 | 98bd081f1313e0a225647c453d134ab2f3426ed662c876075ef2bc749880f60f |
| SHA512 | cc573896c27fc676daa9581c638e5bdbd9778f3e25522a01af64394ef27dcdbebb73c947212b117c0d73dac17245c59f9a7f42ff87729dcae05995fabdf0053c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1dccb6cfbf5557e99e110e1c88971dcc |
| SHA1 | bea4891349f510ab586da6304f99ccc0eefc8282 |
| SHA256 | b13e021c0aa2eab302a1ed8934825d6b884a5f86e44810507458e0462f266cb4 |
| SHA512 | 6d4876ba1ac513c9494186311eb9134817273ae3020bff649c42d74cba516ff250eefff727881e62655fe6961b4cb663ff6e288fa165dd6fc02e5f965b080359 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3f7809f4142310044e180851130f1fd |
| SHA1 | f99ad34df21bef164a50b6783ac556c1883914f4 |
| SHA256 | 11a9705e137a71aab3f474048b42a6d98a0ece9987f8804790f0c73465a915a4 |
| SHA512 | 7157912529b0e951fd28a9ccc3a9317963d40fb97248acb34696d45f48b733bfa08e766caf7304bcecace0eeea13e61a867e1b8ea1cdc8c1a200d53a73be6339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7dc2ee5-e8d9-465a-a463-25e12416b828.tmp
| MD5 | 8ee28872a5cc934ee923b111b94308f4 |
| SHA1 | 7e5333812840833b404469162b4cc7178d8f52f9 |
| SHA256 | ed0fd0845b79732474cdaeddd017cfdc877ed984764534165c9b1d7495b707af |
| SHA512 | f501937a1a56d3734268f2dbf7d6383cf2c6d46b16a648f00841e166ef6044d5fd72437155f5e89aeed34d9898b585af1a089d3eff6e8076232806b9bc72f0b9 |
C:\Users\Admin\Desktop\setup.exe
| MD5 | 358d1bde6ec08a262e7cc121cda91fb3 |
| SHA1 | bf49d196bd77a897eea404e4b371c90c47edbc64 |
| SHA256 | cc6166ff8efd299688107802cd339dacbf67c311a7532294294222af6e2ac671 |
| SHA512 | 2d52b65680cf2d6eee3a8f32e7fb3049427f1225d36c5143deb54316ad1256be37484b7290fc5aa779136857e82eef313a3999b6a334ce66a718f01ac2b63e21 |
C:\Users\Admin\Desktop\setup.exe
| MD5 | 358d1bde6ec08a262e7cc121cda91fb3 |
| SHA1 | bf49d196bd77a897eea404e4b371c90c47edbc64 |
| SHA256 | cc6166ff8efd299688107802cd339dacbf67c311a7532294294222af6e2ac671 |
| SHA512 | 2d52b65680cf2d6eee3a8f32e7fb3049427f1225d36c5143deb54316ad1256be37484b7290fc5aa779136857e82eef313a3999b6a334ce66a718f01ac2b63e21 |
memory/1848-656-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-657-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-662-0x00007FF9080E0000-0x00007FF90819D000-memory.dmp
memory/1848-663-0x00007FF9080E0000-0x00007FF90819D000-memory.dmp
memory/1848-665-0x00007FF909160000-0x00007FF909369000-memory.dmp
memory/1848-666-0x00007FF900000000-0x00007FF900002000-memory.dmp
memory/1848-664-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-667-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-668-0x00007FF900030000-0x00007FF900031000-memory.dmp
memory/1848-669-0x00007FF906890000-0x00007FF906C04000-memory.dmp
memory/1848-670-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-671-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-672-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-673-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-674-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-675-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-676-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 8ef9853d1881c5fe4d681bfb31282a01 |
| SHA1 | a05609065520e4b4e553784c566430ad9736f19f |
| SHA256 | 9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2 |
| SHA512 | 5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005 |
memory/1848-690-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
C:\Users\Admin\Pictures\Minor Policy\qzvo3q0DFiXKkhfWIvjTO9Cf.exe
| MD5 | 34b781b9198150f170186ab0d9609963 |
| SHA1 | 20fe73fbf9ff7560a2f799e1969253cf192033ca |
| SHA256 | aec1e6e5c3d2f77eebacdc0e1934133c10ee06cb633dfcc15ac03c53fc7e9121 |
| SHA512 | 88bcc956c59a2b3aa4e7173216fcb14e692af2c25a70b8eee9d34733262bc57f41000fa85072d70cef171886d94278e5e3a7b161a1a76f3585ccc66cd6580923 |
C:\Users\Admin\Pictures\Minor Policy\Ui2yTvmXvWu8rarjQYPvlEYd.exe
| MD5 | 9fa9314623b44bf818b300c594059c49 |
| SHA1 | fee6c0ef0cd01d695284447baa52483c970ce6f0 |
| SHA256 | 6e374870a01d3dc74357c7fc4fd3c31ef386b9ecfa7b076a39e37d8812f380de |
| SHA512 | 4d200f61aff1c89cbd1ad49ae587ff2045f8e04dd6e35fed3ba1415ee387fbd33ef92221c0211cd9204cb8ea1acd32c88a24a9664efd9d5024b18e87db03cea7 |
C:\Users\Admin\Pictures\Minor Policy\mGQb8kgBUBZGM4XX94s5UaeO.exe
| MD5 | 4fa22c00fcb52b1ca8c1a98129598dc0 |
| SHA1 | 969e16fc4f57f63436c386bb818105842775f38a |
| SHA256 | 41cde2045ee22f3653af266c7e0eb384cef5f532f55c375a7550821679cd3f89 |
| SHA512 | 3994f0a6db3f0b026b8d7187dee30c5a1954a545b1cfed4c62571e937819a74d25193292cb773b902e4da560fcd34eac1ddd6cece3021d5efaa508415511c5b9 |
C:\Users\Admin\Pictures\Minor Policy\jZPYws7fchcK_G5U0nxQlwb2.exe
| MD5 | 0e92a8764b8f3e3070b0ba90f7201e72 |
| SHA1 | aac31e91efda884b2c90a35fd8fec0331aebae20 |
| SHA256 | 2291965dc164bcb583972b38ed7624e00da9624fae8a8dbd923b291c0e16ce5c |
| SHA512 | 40d5f91d70bbdbb7144be140b2a3752f8857f42c8f5bf3c7d362c5c0da5ddf5b26f8cf96c6d2512a95711bd13b6f7e5d0985f0588efec5ece9e4ed039d2526a7 |
C:\Users\Admin\Pictures\Minor Policy\tvo7mxGsFtKybaZmbh5wmHeN.exe
| MD5 | 4e4c1e82295a9b072596fc514f4d3711 |
| SHA1 | 4aa80e7543d1e20380d0d0e7efd8341ad6231d72 |
| SHA256 | 4906f727709a2acc63c9a01b56a66e1a29703e259d26f8dbde9b40426385c0bc |
| SHA512 | f616a1582af6d7361ebeaed6a6629e6cd25e0bbe66069c2ce822fc7d181023088906456313a3ae0a2088ffa9b9e92560ddc780fd480752a565a9d70ceaea9789 |
memory/1848-742-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
C:\Users\Admin\Pictures\Minor Policy\4TffaLgcvwZ7LjadTHwY5Ot8.exe
| MD5 | 6236701ea29df7e27122613352beacdc |
| SHA1 | 0c2b047812abcab35e3a78d3d8dd3323f52a7d23 |
| SHA256 | 00b4d8c7e037d9851932a1ad6775973a7b39eef7fbb0412c7443708cf53d7312 |
| SHA512 | d286ff907fecc1832c1d7cb5d1cbeef4d35c3a8e560392c8f860a20df569e697a8ba957174ed5ce3953575e0e1956153d753075f300b0991d8b59358bf95da7d |
memory/1848-777-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
C:\Users\Admin\Pictures\Minor Policy\2rdjYYkts3aG3lQMgSG0OMRG.exe
| MD5 | 72ff1a0979f2db84d51cc0b9806ea2e2 |
| SHA1 | 6dbf1a85876359ce8746860817eea4bde56c6450 |
| SHA256 | 93332b06dbc2a5b150c21e002c830cba728beeb29356b7b473e025cd4c8ac8cd |
| SHA512 | 41b6a1bfc103b991942c41297f92e9660d77614d3f7d0c29070f257afaa52e40ce6a7ef1751bdd2faaf861062d6b535a50700d9cda8ed33dd2d755ec445d6d7b |
memory/1848-788-0x00007FF909160000-0x00007FF909369000-memory.dmp
memory/1848-789-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
memory/1848-790-0x00007FF906890000-0x00007FF906C04000-memory.dmp
memory/1848-797-0x00007FF7402C0000-0x00007FF7414CC000-memory.dmp
C:\Users\Admin\Pictures\Minor Policy\UGu366WhAufowkJdnYBe9eWt.exe
| MD5 | f891c2dc78d2ccd6551f958ed1db1d2d |
| SHA1 | 22886b33befd7b548ddb504a8823e4bf3294cd57 |
| SHA256 | 17b96d2ab2a4a2c5ba1bade194243ccc3026a0950d926e979aab0d3ae6c242e6 |
| SHA512 | 8fd4f85425f7bab21b8ee8880db76f34348a434d1fdbae775f14fe38d651b89095a43be819baf34010e9f4712d301d0a38a70d0eb5a3d40c24e03a6323e0391b |
C:\Users\Admin\Pictures\Minor Policy\M2_JlR4wTs55CcvJ0KzVH360.exe
| MD5 | 1ddd1bcb548e165f425aea4f8f588033 |
| SHA1 | dd3661e41749304a90ba9c8734a145eb7e9e9b11 |
| SHA256 | e71f9ace11cda5f410a79b132c59c2f09777f7e2df936d7f252a9784bb87603a |
| SHA512 | d8986972b4272b224d82000c2034ef47168872bd9b5f978515d408743545db842c1f28e439061c95ec8e9d69e543afb05a5e26d68fc62d230bdec7dbfed9de9b |
C:\Users\Admin\Pictures\Minor Policy\R9o0wno9r79FOm2UTLaF4rGS.exe
| MD5 | 32a1137a619207777942b2ec6938c211 |
| SHA1 | bc63126045d34cbc2e84c3b5cd310ddb4876237b |
| SHA256 | ea6a39ed9e8e3ab24d9b6f92ed24c661817924d6cbed9ab6f23ef0970c8d308a |
| SHA512 | d2589c40bae34da8bb90c64059e8c19615d24b21c4471c78b03ede6336a44259932cf54f5ea17c1c14535593c39eab19b195fa50fac2e08941bac47b9fa15d12 |
C:\Users\Admin\Pictures\Minor Policy\mGQb8kgBUBZGM4XX94s5UaeO.exe
| MD5 | 63e3d9b34142e55125441e717fe4e6f7 |
| SHA1 | a06e38098089e495293e6088f076b4202bba3633 |
| SHA256 | 485ce554fbd74e7e2815d76c79dc91cbbcebb5ee2d59f76dc79ab79de84c0ca5 |
| SHA512 | 29bb03094fef2baa96aa39b424d90ce327d1d63217ea627ca7587d0a137eee58278e424bdcd01704971a737c051b886e2bff3f2015a2e04ad115d4d8cbb8cd68 |
C:\Users\Admin\Pictures\Minor Policy\XNygK3f_Ui8YtHjrwrxmS5h8.exe
| MD5 | c2467c0757832f860007fb1ce228fc42 |
| SHA1 | d1e8f1ec78b19a98e5bcbfb0888c16e5fd1c9d50 |
| SHA256 | f421c256d4de1a3dfa74bbb4b48e0376bdc2ee18fa3808dcca085621fdde46f4 |
| SHA512 | 42f8a6947f29d4dce4118f7cc917f40222595c0df5498f2a2fba8a10fb43a285f8e6a2fcc31d6583f79c4d196830d2bc005bd6da81508f2ab8f165f3845990bd |
C:\Users\Admin\Pictures\Minor Policy\MXi5SZBR_vkuHdBHBwEcJJx6.exe
| MD5 | 2a8552c70ce830baf75d1ee2a5217010 |
| SHA1 | c37fc8d7ad0567b5f7d7d735ca18acb59ced9b56 |
| SHA256 | 67d528420503e6d8992c77565586e3027728bddc7487e7d0cb3b6c0bd28e2cf0 |
| SHA512 | 0d9dc94eb95af40438bbf8fc9c7e56acb692886b942d11ac0ddd6939ca6662cbe4e9ebf88905ddd507893b5ee72456744ebead9d8699f8af5e055afa9bc10c0b |
memory/1848-854-0x00007FF900010000-0x00007FF900011000-memory.dmp