Analysis Overview
Threat Level: Likely malicious
The file http://www.classicshell.net/downloads/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Modifies system executable filetype association
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Adds Run key to start application
Installs/modifies Browser Helper Object
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Modifies registry class
Modifies Internet Explorer settings
Enumerates system info in registry
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-24 08:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-24 08:13
Reported
2024-03-24 08:18
Platform
win11-20240221-en
Max time kernel
260s
Max time network
267s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ClassicShellSetup_4_3_1-es.exe | N/A |
| N/A | N/A | C:\Program Files\Classic Shell\ClassicStartMenu.exe | N/A |
| N/A | N/A | C:\Program Files\Classic Shell\ClassicStartMenu.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Program Files\Classic Shell\ClassicStartMenu.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Program Files\Classic Shell\ClassicStartMenu.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\StartMenuExt\ = "{E595F05F-903F-4318-8B0A-7F633B520D2B}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\StartMenuExt\ = "{E595F05F-903F-4318-8B0A-7F633B520D2B}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\StartMenuExt\ = "{E595F05F-903F-4318-8B0A-7F633B520D2B}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\StartMenuExt\ = "{E595F05F-903F-4318-8B0A-7F633B520D2B}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\System32\MsiExec.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\InprocServer32\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\InprocServer32\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3214FBB-3CA1-406A-B3E8-3EB7C393A15E}\InprocServer32\ = "C:\\Windows\\system32\\StartMenuHelper64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\InprocServer32\ = "C:\\Program Files\\Classic Shell\\ClassicIEDLL_64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}\InprocServer32\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E595F05F-903F-4318-8B0A-7F633B520D2B}\InprocServer32\ = "C:\\Windows\\system32\\StartMenuHelper64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\InprocServer32\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E595F05F-903F-4318-8B0A-7F633B520D2B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E595F05F-903F-4318-8B0A-7F633B520D2B}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3214FBB-3CA1-406A-B3E8-3EB7C393A15E}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3214FBB-3CA1-406A-B3E8-3EB7C393A15E}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Classic Start Menu = "\"C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe\" -autorun" | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\NoExplorer = "1" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\NoExplorer = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4} | C:\Windows\System32\MsiExec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\StartMenuHelper32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\StartMenuHelper64.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Classic Shell\Skins\Windows 8.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Windows Aero.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Start Screen.lnk~RFe590e9c.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Classic Skin.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ExplorerL10N.ini | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Start Menu Settings.lnk~RFe590e7d.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicExplorer32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Smoked Glass.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\StartMenuL10N.ini | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicExplorerSettings.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicShell.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\~$assicShellReadme.rtf | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| File created | C:\Program Files\Classic Shell\IE Settings.lnk~RFe590e6d.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\~E Settings.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Classic Shell\Start Screen.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Windows Basic.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\IE Settings.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicIEDLL_64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Start Screen.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\StartMenuHelperL10N.ini | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Full Glass.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\PolicyDefinitions.zip | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicExplorer64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Classic Shell\IE Settings.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\~tart Screen.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Classic Shell\~tart Screen.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicShellReadme.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicShellUpdate.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Windows Aero.skin7 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicIE_32.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Windows XP Luna.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Classic Skin.skin7 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\~tart Menu Settings.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Windows 8.skin7 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Start Screen.lnk~RFe590ebc.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Midnight.skin7 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicStartMenu.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Classic Shell\~E Settings.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\es-ES.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Metallic.skin7 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Metro.skin7 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicIE_64.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Classic Shell\~tart Menu Settings.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\ClassicIEDLL_32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Classic Shell\Start Menu Settings.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\Classic Shell\ClassicShellReadme.rtf | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| File created | C:\Program Files\Classic Shell\HISTORY.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Skins\Metro.skin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Classic Shell\Start Menu Settings.lnk | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e5907b7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}\icon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5907b7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF837E4A96E6760FFE.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF7D00CB7DBBA10550.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}\StartScreen.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}\StartScreen.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}\icon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5907b9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFEF47A2B67CBBE42C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{CABCE573-0A86-42FA-A52A-C7EA61D5BE08} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFD22DDC4F85A3BC98.TMP | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000707bd4850afa18e80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000707bd4850000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900707bd485000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d707bd485000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000707bd48500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F}\Policy = "3" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900}\AppName = "ClassicShellUpdate.exe" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900}\AppName = "ClassicShellUpdate.exe" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900}\Policy = "3" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\Policy = "3" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900}\Policy = "3" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\AppPath = "C:\\Program Files\\Classic Shell" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F}\AppName = "ClassicIE_64.exe" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\Exec = "C:\\Program Files\\Classic Shell\\ClassicIE_32.exe" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\AppPath = "C:\\Program Files\\Classic Shell" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\MenuText = "Classic IE Settings" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\Exec = "C:\\Program Files\\Classic Shell\\ClassicIE_32.exe" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{553891B7-A0D5-4526-BE18-D3CE461D6310} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\AppName = "ClassicIE_32.exe" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\AppName = "ClassicIE_32.exe" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900}\AppPath = "C:\\Program Files\\Classic Shell" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02E6771D-8375-42B9-9F83-B4730F697900}\AppPath = "C:\\Program Files\\Classic Shell" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F}\AppPath = "C:\\Program Files\\Classic Shell" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\MenuText = "Classic IE Settings" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F}\AppPath = "C:\\Program Files\\Classic Shell" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F}\AppName = "ClassicIE_64.exe" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56753E59-AF1D-4FBA-9E15-31557124ADA2}\Policy = "3" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0393554-9B48-458A-B91B-3F684D003B2F}\Policy = "3" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{553891B7-A0D5-4526-BE18-D3CE461D6310} | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E595F05F-903F-4318-8B0A-7F633B520D2B}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA50A1E-B8CE-49DE-8D17-B034A84AA280}\1.0 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\TreatAs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\Implemented Categories | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ClassicIE.DLL\AppID = "{DF3255F4-FF55-44FA-A728-E77B83E9E403}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}\VersionIndependentProgID | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ClassicExplorer.ShareOverlay\CurVer | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\ProgID\ = "ClassicExplorer.ExplorerBand.1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1678625-A011-4B7C-A1FA-D691E4CDDB79}\TypeLib\ = "{BF8D124A-A4E0-402F-8152-4EF377E62586}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ClassicExplorer.ShareOverlay.1\CLSID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BF8D124A-A4E0-402F-8152-4EF377E62586}\1.0\0\win32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\ProgID | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BC4C1B8F-0BDE-4E42-9583-E072B2A28E0D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2576496C-B58A-4995-8878-8B68F9E8D1FC}\TypeLib\ = "{BF8D124A-A4E0-402F-8152-4EF377E62586}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\ = "ClassicCopyExt Class" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\Implemented Categories | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\Implemented Categories | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C698A81E-5D02-42B1-9801-5381CA8BBC2F}\TypeLib\ = "{FDA50A1E-B8CE-49DE-8D17-B034A84AA280}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{DF3255F4-FF55-44FA-A728-E77B83E9E403} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\TypeLib\ = "{BF8D124A-A4E0-402F-8152-4EF377E62586}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\ClassicCopyExt | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\VersionIndependentProgID\ = "ClassicExplorer.ExplorerBand" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ClassicExplorer.ExplorerBand\ = "ExplorerBand Class" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC4C1B8F-0BDE-4E42-9583-E072B2A28E0D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\ProgID\ = "ClassicExplorer.ExplorerBand.1" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}\VersionIndependentProgID | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\375ECBAC68A0AF245AA27CAE165DEB80\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC4C1B8F-0BDE-4E42-9583-E072B2A28E0D}\TypeLib\Version = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA50A1E-B8CE-49DE-8D17-B034A84AA280}\1.0\0\win32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C698A81E-5D02-42B1-9801-5381CA8BBC2F}\ = "IClassicIEBHO" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\FE47A977ED3217C4CA21E25E5A24DE43 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\VersionIndependentProgID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA50A1E-B8CE-49DE-8D17-B034A84AA280} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{62D2FBE4-89F7-48A5-A35F-DA2B8A3C54B7} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\StartMenuExt | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\375ECBAC68A0AF245AA27CAE165DEB80\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC4C1B8F-0BDE-4E42-9583-E072B2A28E0D}\ = "IExplorerBand" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2576496C-B58A-4995-8878-8B68F9E8D1FC}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BF8D124A-A4E0-402F-8152-4EF377E62586}\1.0\0\win64\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC4C1B8F-0BDE-4E42-9583-E072B2A28E0D}\TypeLib | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Launcher.ImmersiveApplication\shellex\ContextMenuHandlers\StartMenuExt\ = "{E595F05F-903F-4318-8B0A-7F633B520D2B}" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E00B97F-A4D4-4062-98E4-4F66FC96F32F}\TypeLib\Version = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2576496C-B58A-4995-8878-8B68F9E8D1FC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ClassicExplorer.ExplorerBHO.1\CLSID\ = "{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\ProgID | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}\InprocServer32\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer32.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ClassicExplorer.ExplorerBHO.1 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\375ECBAC68A0AF245AA27CAE165DEB80\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BF8D124A-A4E0-402F-8152-4EF377E62586}\1.0\0\win32\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer32.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\ClassicCopyExt | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\TypeLib | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D3214FBB-3CA1-406A-B3E8-3EB7C393A15E} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}\InprocServer32\ = "C:\\Program Files\\Classic Shell\\ClassicExplorer32.dll" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ClassicExplorer.ShareOverlay\CurVer\ = "ClassicExplorer.ShareOverlay.1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ClassicIE.ClassicIEBHO\CurVer | C:\Windows\syswow64\MsiExec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\ClassicShellSetup_4_3_1-es.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 165364.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.classicshell.net/downloads/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ff95e6e3cb8,0x7ff95e6e3cc8,0x7ff95e6e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6836 /prefetch:8
C:\Users\Admin\Downloads\ClassicShellSetup_4_3_1-es.exe
"C:\Users\Admin\Downloads\ClassicShellSetup_4_3_1-es.exe"
C:\Windows\SysWOW64\msiexec.exe
msiexec.exe /i "C:\ProgramData\ClassicShellSetup64_4_3_1.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\Classic Shell\ClassicExplorer32.dll"
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\Classic Shell\ClassicIEDLL_32.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Classic Shell\ClassicExplorer64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Classic Shell\ClassicIEDLL_64.dll"
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\StartMenuHelper32.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\system32\StartMenuHelper64.dll"
C:\Program Files\Classic Shell\ClassicStartMenu.exe
"C:\Program Files\Classic Shell\ClassicStartMenu.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7FAF11EE9704B792F316136AC50837FB C
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Program Files\Classic Shell\ClassicShellReadme.rtf" /o ""
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1760,8456611113242863123,7888311692296238417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4944 /prefetch:2
C:\Program Files\Classic Shell\ClassicStartMenu.exe
"C:\Program Files\Classic Shell\ClassicStartMenu.exe" -settings
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.classicshell.net | udp |
| US | 107.180.48.116:80 | www.classicshell.net | tcp |
| US | 107.180.48.116:80 | www.classicshell.net | tcp |
| US | 107.180.48.116:80 | www.classicshell.net | tcp |
| US | 107.180.48.116:80 | www.classicshell.net | tcp |
| US | 107.180.48.116:80 | www.classicshell.net | tcp |
| US | 107.180.48.116:80 | www.classicshell.net | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.16.113.74:80 | www.mediafire.com | tcp |
| US | 104.16.113.74:80 | www.mediafire.com | tcp |
| US | 104.16.114.74:80 | www.mediafire.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.114.74:80 | www.mediafire.com | tcp |
| US | 104.16.114.74:80 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.21.63.106:80 | www.ezojs.com | tcp |
| US | 13.33.158.112:443 | cdn.amplitude.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| NL | 142.250.179.206:80 | translate.google.com | tcp |
| FR | 35.181.89.222:80 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 112.158.33.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.82.161.3.in-addr.arpa | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 172.67.142.121:80 | g.ezodn.com | tcp |
| US | 172.67.142.121:80 | g.ezodn.com | tcp |
| US | 172.67.142.121:80 | g.ezodn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 172.67.142.121:80 | g.ezodn.com | tcp |
| US | 172.67.142.121:80 | g.ezodn.com | tcp |
| US | 172.67.142.121:80 | g.ezodn.com | tcp |
| NL | 142.250.179.170:443 | translate.googleapis.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 142.250.179.130:80 | securepubads.g.doubleclick.net | tcp |
| US | 35.167.65.36:443 | api.amplitude.com | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.65.167.35.in-addr.arpa | udp |
| NL | 142.250.27.155:443 | stats.g.doubleclick.net | tcp |
| FR | 35.181.89.222:80 | g.ezoic.net | tcp |
| NL | 142.250.179.130:443 | securepubads.g.doubleclick.net | tcp |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.168.238:443 | analytics.google.com | tcp |
| US | 172.67.142.121:443 | g.ezodn.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 185.64.189.226:443 | ut.pubmatic.com | tcp |
| NL | 142.250.179.130:443 | securepubads.g.doubleclick.net | udp |
| DE | 65.9.66.122:443 | tags.crwdcntrl.net | tcp |
| IE | 34.248.72.127:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.215.126.161:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 161.126.215.52.in-addr.arpa | udp |
| FR | 35.181.89.222:80 | g.ezoic.net | tcp |
| NL | 142.250.179.170:443 | translate-pa.googleapis.com | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| NL | 216.58.208.97:443 | e3a03475b5982bd1aa1d8ad0db0ff04c.safeframe.googlesyndication.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 52.222.236.48:443 | hb.yellowblue.io | tcp |
| DE | 52.222.236.48:443 | hb.yellowblue.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| US | 172.67.142.121:80 | g.ezodn.com | tcp |
| FR | 35.181.89.222:80 | g.ezoic.net | tcp |
| FR | 35.181.89.222:80 | g.ezoic.net | tcp |
| FR | 35.181.89.222:80 | g.ezoic.net | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| NL | 172.217.168.238:443 | analytics.google.com | udp |
| US | 199.91.155.184:80 | download2443.mediafire.com | tcp |
| US | 199.91.155.184:80 | download2443.mediafire.com | tcp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 104.22.43.210:443 | enlisted.net | tcp |
| GB | 93.123.11.62:443 | static.enlisted.net | tcp |
| GB | 93.123.11.62:443 | static.enlisted.net | tcp |
| GB | 93.123.11.62:443 | static.enlisted.net | tcp |
| IE | 52.213.66.57:8383 | uep.gaijin.net | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.27.155:443 | stats.g.doubleclick.net | udp |
| GB | 143.244.38.136:443 | consent.cookiefirst.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 143.244.38.136:443 | consent.cookiefirst.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| IE | 212.82.100.181:443 | sp.analytics.yahoo.com | tcp |
| GB | 35.178.163.160:443 | script.anura.io | tcp |
| GB | 143.244.38.136:443 | consent.cookiefirst.com | tcp |
| DE | 18.66.147.40:443 | ads.anura.io | tcp |
| DE | 18.159.105.57:443 | stun.anura.io | udp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| GB | 185.64.190.82:443 | t.pubmatic.com | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 23.20.146.115:443 | 1x1.a-mo.net | tcp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.170:443 | translate-pa.googleapis.com | udp |
| GB | 2.16.34.107:443 | tcp | |
| NL | 20.50.201.201:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| DE | 20.113.200.164:443 | 2d7312ae3bee3bcf635300a240c18961.azr.footprintdns.com | tcp |
| GB | 2.16.34.107:443 | tcp | |
| FR | 152.199.21.118:443 | static-ecst.licdn.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce319bd3ed3c89069337a6292042bbe0 |
| SHA1 | 7e058bce90e1940293044abffe993adf67d8d888 |
| SHA256 | 34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3 |
| SHA512 | d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7 |
\??\pipe\LOCAL\crashpad_736_RZORACUULJXWNVQP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 12b71c4e45a845b5f29a54abb695e302 |
| SHA1 | 8699ca2c717839c385f13fb26d111e57a9e61d6f |
| SHA256 | c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0 |
| SHA512 | 09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adc0932308e046b04e0024a119f3d951 |
| SHA1 | e0ced5ad1bbceb5e47c8da228fbbf6b2cc09ae24 |
| SHA256 | 4565c71b41a30b62600ddd4241373e4b00b2e161f421a617e587ea0984fca784 |
| SHA512 | 8ce47307a251f2cdfd07a87e30a3847b4919667096fbe0e9d53d8cb6fc39a032ae9f3cf0a335abc501b2392b78c426b1e45e9b29adea8e3376c7e2893c73c37c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cb8d4ea6fd4326f1b556aa476a48464b |
| SHA1 | f5394bfab3ce685e64b117e2a98d53e80efa0b4e |
| SHA256 | d015ee9ccb39a8bcd14bb1292aaf8a24e1fc48a3eddac63d9ec920b8d6fd2dc7 |
| SHA512 | 2d9aaabc427110885e3315cdea0824704993716382416a147f5bc818f8806141430acf3bc79c0e14d004208ebfe2fe967c7d60a5fcf2973f46d22506a3891568 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1213bf079db916d06380a610790e0649 |
| SHA1 | 8e4b8d02bba1f1789db80158df481a29431a0ada |
| SHA256 | 8229d97f90a957024bf0ba144855fec5c121832322bcf9460fe2e64baa359159 |
| SHA512 | f38b93791cdeb4ddffcc4df40cc2f3f33191c3469af8362d31433068af0dc80025beae530fb43205bf4414bf5b5ebc9f055a095302c2bca79b1573d2d26e5d6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 584303520fc145b2a8bddff20f43aed7 |
| SHA1 | a6155755f76060f8b4fdf5261f62e78ac9f5626b |
| SHA256 | 91c60e6a0d43d6466414cf35735d675de673eb1dd583baba7239640c002646f9 |
| SHA512 | 890c92b9c707f092c77836c0001e47bc5513bb03c62f955bb66705bc23e4b310fba7d4080676109008030d118e167a2b174b230984e334007030cc0c7ec3f106 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | fb0cf8d0f002f99a0b6f09b48779ab99 |
| SHA1 | 399e4a053dc357820bd0b711db15bbdc2547f9d7 |
| SHA256 | cbd661a07dacc1116d0c59221925bd403fb75c5f9fe341637385680d72a02777 |
| SHA512 | 35879dd96ea33aa5ab7b2582b183fd4c3fbaf96fa9398982b5355ca4cf041fec15cafc87bccff16119c5c89891a78319cde0d4d0054fddd3f1278a667cd03c35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43dc34608e33f56198105b170c4705f8 |
| SHA1 | 5cd9e24e79793e264d0aa234fba9d0c7a38c7f60 |
| SHA256 | 02f64dbd04d575e69f17f162459c697454ef925384b315ccb3740768b3beb045 |
| SHA512 | 7f1151780dac275bdbc4a8f79939c6a5314fc48f7a152add26c4d073743869c349464a0534c3b75abde9fddfdb29311d7a21c58a5a001b69ddd5fe3ae2950bc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c02683bb0396cb9ee24bf3f05247bfd2 |
| SHA1 | 72346d9842b5c4737ad9c28b6093adeb4778db52 |
| SHA256 | c3e19c1f51fd00f516134dcff032b3b497b95db7268eac198292d5dd5e526a5f |
| SHA512 | c80ac1a9fa2cc56d009ca9757c3d15e2f5acc59ac2fb05e31176331768deaca347465e6aaeaa910273589bbb78349a4cc94c393e83cfd013c158bd78e1dad940 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584987.TMP
| MD5 | 1e7727e7dcb7da3ed14d55a01c81472e |
| SHA1 | 01f7b02a1edb3cb38737d4466ef580fb8bfd71fc |
| SHA256 | 762b804dca75ca335d81ec5d7d74c5205b5d8e3265ae3f17a92d7c773ee8405f |
| SHA512 | 99ce7b671d10f5737eca60765744a0e3009276558f07a56717d0af275fddde10244bcb335646f4f3da9c7121cd0797ffefca9d91f9aee6e290b9aa52ff3adf37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e91f23b19b403774aba373f7bfe8a37a |
| SHA1 | 698c9dc01ccb6820b97de90ba9b45c06533ecfc1 |
| SHA256 | dd593682b75a5f868d0d8284fe5ce348d86f1d94cf7f4eb21c229e796ecaeb8f |
| SHA512 | 15f98df04bbc47feb8226901cffe0528432770cad5d62287201010df1d5f53571e4c7c9bd759006ae7386f8f2ec6a907e64d1b602f7f993b14a93c6053fcad28 |
C:\Users\Admin\Downloads\ClassicShellSetup_4_3_1-es.exe
| MD5 | 747a38e4337b99968834674da7db062f |
| SHA1 | 60faf95ba0511f0d16b12a745349029afc57fcb4 |
| SHA256 | 25801774a679edc391bda01f60692eac7384f6001f27f7523768aad14d176208 |
| SHA512 | e9c45796ed73dac3955021193ae25dc31f111d9fdaf51d9fc0830ea75a8addac40311fed9fc7ca2e2f59531019acb3a45e4aa0fd9a96155fb1e99fa06439659d |
C:\Users\Admin\Downloads\ClassicShellSetup_4_3_1-es.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f79f27faeaea289afb256e420a90515 |
| SHA1 | 0627b7483a49558c57ccdc76568ee62500ee3a24 |
| SHA256 | 53b15efc05a3660f67de913ea8ea1ffae7476a678c73a16e90df4350da394174 |
| SHA512 | e2b68a0725bbfbd60484c38cf41e14706aa36447969695b89b4751beefcdbbda5a41153034684886380f5596623f9ecd43af309000f0b821780ad94295aedac3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 76c1ca1bce8db841a80d005c92379cde |
| SHA1 | f8aa944c0d4033f40b51869b7293e09133cd3316 |
| SHA256 | bf7566ef8fca0a8f0b776f503c0894ffd276d26c145a2f2b896e49f106d3de69 |
| SHA512 | 96c1f317e77ae0c0294488f34c44dfa7ad9ca6766c0b15190f46c0dfa2f2c510265c8e9cac96eb2fbbed500c5a2ea3c11976114a05ebc31735c7fe7a68c4f75c |
C:\Users\Admin\Downloads\ClassicShellSetup_4_3_1-es.exe
| MD5 | 54cd52bfca8fdfa36c475b3757be1432 |
| SHA1 | 4558d6b206505afcbac275a7d9e08ee18be26dc5 |
| SHA256 | b3402945e8d214aa040b29fd9aee221d439a39696928a31736d6319eee2cc686 |
| SHA512 | 58a0b53a708bc29e6134757e2de6c9e9c0f42b2448c5057e3ffb7014eaffd59fb8cebdbeb95a07cfb3466cc333bedb3e02f7b6b4c5beba664489e9d2dfd986c4 |
C:\ProgramData\ClassicShellSetup64_4_3_1.msi
| MD5 | b3cba80ecf25224296bc11d11410458d |
| SHA1 | 826c56a5860844ca16bd2bb98b9be86437831c7a |
| SHA256 | e4a7e911d5fbbb0fd1b9744900a871ba314f90530a000474a8dd8e4273488400 |
| SHA512 | 39975ed91fa347d3edb65f87e38daa646928831783d4acace1552bb34d3049bca0bd2d65c235fbe7be57ca4e98c7585ea792d0cda815fb786bd4c4b07a5645c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_0602B4943A2FCB32C8E00E4BC52232F6
| MD5 | 35c39cadc3524c3263fc3cdd4c228eea |
| SHA1 | 0147775826c6a8dc01f3d720c8d6026b3f8232ae |
| SHA256 | 55b7601fa875aab0c83bc4f9894563fd1dacdc680ef15877ade7b7440c585da9 |
| SHA512 | 649be6391f1453ca4c454d7ca085431bdbe86022a6f60fc9acd95e54755bc4c38e3cf71d2a1730b5411e66b40f3648dd4685b0e491171b6bc8f812f05fee1af8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_0602B4943A2FCB32C8E00E4BC52232F6
| MD5 | ac1bc034cc941b276cd9c2d58d21e63e |
| SHA1 | d2373af9fb0ec22d560c7b36b6c43956c4fe10e8 |
| SHA256 | 736ddfb9b5c8288d21cded12ce01b35bcd4eda8e3a75385501c26fba33e149a4 |
| SHA512 | 7cd253bdd92ea52a821eaabd129c38c8568fbdf14f21aad103f8f8cc3098750bad062b5a09cf982ed617f6e97afce0bb89fd03436ac6f0d1c86a467a96e7e433 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | 01e6c534d2c674de8ec8214121156074 |
| SHA1 | 9dbdcb4fc02b968ebe948e939db9a8a56ee376da |
| SHA256 | 4d97a86e4ccaea2a4bec9019d0bb923304a8c851c286cc866ca38a61d87b3504 |
| SHA512 | 7626d0835476ef7653dbe269a87409097b6c791dda9564834e203ccce00a741d11913c93e90e7acfb1ea7918a01e1fc7715213e6c456acd22e0c99d2e864600f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
| MD5 | e4fe4d7705999c8d3557082983db2b50 |
| SHA1 | de52f899c32fbe385c01cdbd154851aadfc5d6cc |
| SHA256 | 53a934516837634c112f4e86850392baee3c25d111457eaa3d660c8a33a5c309 |
| SHA512 | 717e172338abe1aae04ed1d0369bb3aa360ae4a5c892f26db77c88d74b9947d0432ca11af7d80f78276ad783c41f799b90707c41d4f7ee338d1e972f75388e6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a9a248e2aceac2616849afb3bbb81e7 |
| SHA1 | 6ecdf2893b7f5df106f09247c842c5b425eb6817 |
| SHA256 | d6b17f353a565f88fd5fc827ea23745c8b347cf185bb15868f90843d7fb096ba |
| SHA512 | e188398a4ac1be1cddf32292c7878cf412704f30dd3a2388b6c8ae5b8a7cc1f3a79df02817b322d54f87652cbc0d366e3a0fb771b86e9fb295bffd99a9ab094e |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell\Configuración de Classic Explorer.lnk~RFe590e10.TMP
| MD5 | e38831968b66eb5eeb28d957faddcecd |
| SHA1 | 140b7b5025de0f94e1825df058932b1de413dd2a |
| SHA256 | ab8c1788728462cb3bed832acb7b42c1857c9d7ca56c86d225d794a5a04fdcfe |
| SHA512 | edf61586a2a947e94043b6f3908395a2173dc91bc98cd9a103cf8173a66579a4d52c06cdac17a7953f537e859c8db9eae19ce9a6629b261b09b81d9d12ee42dc |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell\Configuración de Classic Explorer.lnk
| MD5 | 920db0f47d62706539631eefdf4da9ad |
| SHA1 | 01690695f630d6e4691250cf1661fe305a71d827 |
| SHA256 | 6faa7ce491d140e05fce5519515621ea9a2dbb07ea2e0b56dfb275d3b6ebfac6 |
| SHA512 | 5d7369f9301f26bd3af8122aff3b8dd39d41a62a4dc5bed3d73a5d6ff2080716771163c53dd07ec3c8b02245f8a157aa12b427dcef13cbb82db66c45fe5bca76 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell\Configuración de Classic Start Menu.lnk~RFe590e2f.TMP
| MD5 | 7d7b7d906b76ad38d60536fb87f31d67 |
| SHA1 | a9a323695ae0b4151f99bada4f2cc183d6951be7 |
| SHA256 | 5d6bcbf3abedf387884dcd0206b30365a49c3f7a8d81bfe90825d4ec416ba2c1 |
| SHA512 | 0509874092d83eb558c6426cd9df3fb365374fa61287a18f5725faa2497036f8a1c684524bf4ad75513e1c3f10e3e87a4dd9ea3d08f34b9050785afb12dd309f |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell\Configuración de Classic Start Menu.lnk
| MD5 | 773bf220e614101477e9dc4e80566442 |
| SHA1 | 09a0935aaf9c3cca44b72380529ee9336cc2eb2b |
| SHA256 | b67223db00c2d8cc381341079da971bcd2664bead80eceac645d3b7afc4011b2 |
| SHA512 | 1cf068af7fb7b8828d082de41c8476d3a113694f16847af1e59ba6b5562785811b078a7cc5541fe02e92eb9467b696785f5a9f3853b7567dd2725131ef2f8948 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell\Configuración de Classic IE.lnk~RFe590e4e.TMP
| MD5 | 923236f8639d4c588210fd18244d46b5 |
| SHA1 | 6ae245fab471f38feb751b9dc934f7155bddd098 |
| SHA256 | 42143bdd25d9b0bc6f8ae8815767a867099cbe3d3a8a6cd506d7e8ba812e1c0c |
| SHA512 | 326e64ef04022324e0bfac601ba0a0bad5e3b5c010f6441d1cd5638d71986078038c905be4cb2a126785c7e9673c1028e88cb8d431e632fff37a8bc46c00aab2 |
C:\Program Files\Classic Shell\ClassicIE_32.exe
| MD5 | a1c24588503cd2c1690ef94bbf341829 |
| SHA1 | 5368795d2a0c0bc404ef2d108a4812979f4544f5 |
| SHA256 | f37f3bd363d1695e0a151c3302fcfb8be770eb107b066d05f10c4fb6c946318f |
| SHA512 | 7c2e079dd59cd3c905db6ef1c41356d38e000c9d1fc7e4867be4b2039ba866871f310c096b29b93d07b71b52b78ac9274ffb77a8257f4a8d7ddf8dd4af8b4b7f |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell\Configuración de Classic IE.lnk
| MD5 | 37c7e63c686a53921cc239e1999cc0d9 |
| SHA1 | cd4322f2a76b2a891acf8a47a4bc16e170a3d487 |
| SHA256 | c50994f9e3de073a7210618a4411bdd9c132d95dd6c472cd4e66395651945b4a |
| SHA512 | 628d17f4db314cc6b5146b28381e3a975f27b1cb3d7b6f3b8a4fcb649c9a56dfbd7110ba08dc17c61611804806bfb26cf772636efe9ab6f273533303eb054b0e |
C:\Program Files\Classic Shell\IE Settings.lnk
| MD5 | da8d67291bed499d9b88249a9120d8da |
| SHA1 | d7e0e5bebbc16e515cef075c6b611ec3900114a4 |
| SHA256 | 553b1cb74476169a451f8a534f61ca867908a90ac8c917c3a7192aa778444b1e |
| SHA512 | 7c1866919bdee726aa478d3a3d9db3b862b4a00e3fb4badd1c40aeac5fc61dbbcfd6f0868c3f0a81f5595e201dd258db954a04b0cd7685f6b38d38a0bbf8d25f |
C:\Program Files\Classic Shell\IE Settings.lnk~RFe590e6d.TMP
| MD5 | d77b2eba9235041cbfdf1c5ee28ac33d |
| SHA1 | 623496a1cdae808757286a5a17d3ff35e6d025dc |
| SHA256 | aaee6c769a6380ed04c5f9aaf232f979796e54c0de8d3595611f5d4638e4e88b |
| SHA512 | 672fcde593bd146f4bb6879544dc853cda189dc2b3746a185aa05852dc5fd643f027aa53e79a9aec91e89ad3da6cae41e557083afddf9b225f926c2568f5ec55 |
C:\Program Files\Classic Shell\ClassicStartMenu.exe
| MD5 | 6776a3d1c644bfe33932189b00165caf |
| SHA1 | c109b9b2f344748daff26fcc0b55fa0d2cf8322f |
| SHA256 | a99adf420ef6498e2e665703fcd1dc76bdbaa5a2e1f38d72f7229a9c3cd932e7 |
| SHA512 | 4db70c69be312d8065b2013d0a83b235969c7f38b31a8c54c63f8f6c0a888f139df45eeeb6c245bb7d4dd07f24a18be9507c4a80dee2cf4d274f7bc8cbbf8aa9 |
C:\Program Files\Classic Shell\Start Menu Settings.lnk~RFe590e7d.TMP
| MD5 | 071817adb1b53bf507cc26a2e44ddcbf |
| SHA1 | 6b5ce6ab91cc2d32ad5c2e8f42357880727beaaf |
| SHA256 | 407298e61444aa686fe84d6699813e9af0d2ca356913f425ab8f00cedec2420f |
| SHA512 | f666c1e48366b36b4168ea17e47066508fc5851783f2c140b287c7fd289c6dc54d857a5ff5718f8b6259c823ed500b00c79dc2172bf8af1b07292ecb964ec5da |
C:\Program Files\Classic Shell\Start Menu Settings.lnk
| MD5 | 1e6ed4b7647e93e164299b5034d22157 |
| SHA1 | f3e7ef1cb2cb6041d6a226b3f712c0b4a03b1e9a |
| SHA256 | 53a01e40b1a1000cf0bb3f1595532e09c64063880ef8a14af84e1f3be7f06b4e |
| SHA512 | 00e72b1efc0a4f3039ca51e744b6ae605119757c15edee4ded3f1de8a0aed176cb0522d69104cf64bb84ab230cdbebcf68052a0cbc28af09a71546fd06ec6741 |
C:\Program Files\Classic Shell\Start Screen.lnk
| MD5 | 68a9994be927b7996bde8bd3a6d868c3 |
| SHA1 | 8aa08fe82bf58d9a4c93daaf1556c708fbc48a45 |
| SHA256 | a6f1aed0ef060ebeb64ccd826b882d5849ed1b8035d116666ac1bcd2a1260202 |
| SHA512 | 54f21a21fe9495e1e6c1e80044dbf425db5174112ef8c500a8e7087f47108932c357b62e807ca3a9142db9f7bf580407f43644a2614fc9ad1ba74d83e5783f31 |
C:\Program Files\Classic Shell\Start Screen.lnk~RFe590e9c.TMP
| MD5 | 9ac8c4d6a5e4609161aa7192066eb6c9 |
| SHA1 | 49843c0603888f0a27f2379b6bbdc81094135b66 |
| SHA256 | 6f1f579cc0a1498362cfce9aa1b8442ad274ef63ae95b8df36828c15c4757254 |
| SHA512 | 1eacf10513165377ec37eea6ac6b03e542aad237be08ca8f0b2fe52e889a6babb56e7993138ab5c0a3af094b01386f604500e26918d01ef0f078ea58c2a89967 |
C:\Program Files\Classic Shell\Start Screen.lnk
| MD5 | e608fd31d31ac4fd67e418128ef28599 |
| SHA1 | df7eb0d62d85fe8b40746e2c12493d37ebf56fb0 |
| SHA256 | 6e265ff994372414b72d809bab34b1f043a96c77f5efc06ffcb0489146db7b99 |
| SHA512 | c41f9676e1b81e6f0be4e1a05f12c571c582b8b6abea03d98454c360a8c9eeacdac50bcfe6e6b8131f07e9f7d4225d1453ad1273381a1e5e331890a82a344824 |
C:\Program Files\Classic Shell\Start Screen.lnk
| MD5 | 3644cf450d916d4d01f350b43836b3c1 |
| SHA1 | bb6ab144e440b787464c87af106674aa6d73c262 |
| SHA256 | b2ffb3b0cbc342c6a3f9921f8940c6540ad0c96feb00011c7331c12b3fae30d2 |
| SHA512 | 42fad71d2fdc363ac8584feaceb4967712d1e438f821a7f78fe5835d3eaf3ac4011715fb5ceeb033d8eb4e86fc2740f334afc60bff271c04c5cca70ff0dd46dc |
C:\Program Files\Classic Shell\ClassicExplorer32.dll
| MD5 | f239f9186bbf10ef438b0b0c5a71d9a9 |
| SHA1 | 6b1b562c59121049bf5c15187de51a507710e5d7 |
| SHA256 | 5cd5193b50cebefb65ddfa227e2806425b35327d6b545145c6e65a946ed43928 |
| SHA512 | 7f63ec4ace5679c6c2775cfdc7c21f77d0481bf779c78b51d2806551b61ad5e39d18e1786bd9a0db968afb2a1279c7543d7067b84b4907a2817d4ffe737f5f94 |
C:\Program Files\Classic Shell\ExplorerL10N.ini
| MD5 | c89e164a7d30247919fae38c7512ad24 |
| SHA1 | f42bc1cdc66e4822dae63f0ae2f640e4b217615a |
| SHA256 | 7974a14e02b91a3bcb1e15fce3aad7d640d2800989cdd1ba3c5a82f847de5b98 |
| SHA512 | eaa448ec09ee02bff711a2101303f80fc608f6d5b9760c3f3c963cc4d36c4f88eb4bde16573955321f0166a171f4f98d3ae5a8aa805c5d972de855491dc98031 |
C:\Program Files\Classic Shell\es-ES.dll
| MD5 | ddd39bc8d1af57d280b99381224d2dfa |
| SHA1 | 1f3a17f1d012c9e4d8cae572d65993bbe45aaa6d |
| SHA256 | 1a828be23b1527d6df50c60fe34e217ffa04c57ccd70cf336ee60cf81f924f00 |
| SHA512 | f8bcd9b288f0009cb8c5b8f9e0e7fef7f9883532573cd6f55c7c8e63d95e65359b0358022cee7fe9fc45c84953183d65220e801d8f272e65580e38c8de05d9c8 |
C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
| MD5 | d82c55ef5c9f4dea2151907d45040b4a |
| SHA1 | 605aaad9c12ab3fd3a44c9b9adbfd9c75196d565 |
| SHA256 | 336f2689d81bc7c2b623c1e1fb67b6d32d4b615dcce94dc9e37ed9e1bf59eac7 |
| SHA512 | f8d7bf2397e73dd718b4553f45c2b28cbb44834992da87832ee71d686c845938b068a2be34af4366ccb5894618d89fc5d911d04cd1e0461f7096243d6c94cfe1 |
C:\Program Files\Classic Shell\ClassicExplorer64.dll
| MD5 | a7bdf136014cc2be258ccac078f437eb |
| SHA1 | ef1108633774f52e406f2a787a2102035db21858 |
| SHA256 | 363809b264b915bd640580f05195a61f308b351555667072239835ec51f4405c |
| SHA512 | c90637f3d5d6892abdef506566b130d6816ce0ba8c9f6506742144b63678b22e80ce7839dcf7b9bcbae53bd4e8c355781b06a9b64cbbd1b901176b1779fb5b8d |
C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
| MD5 | cc19cd33a861f4768e2a747d71ad5f79 |
| SHA1 | 7b39a2468a0928e76ea096f17ea1ef5c6837619f |
| SHA256 | 20280766ade26aefc3c1f9fb69f9c7a9d8d85cedeebf6b8b156adb49f1ee3c0b |
| SHA512 | 78873ad62e3d655b20865146da8a4df7c1cb9730f5a5172309cb4bc8bd1e6f0fd28f9a7b65e14dce1f6ff5bcb75c0d0e50e12961e7c01b005b6e4d8e428067aa |
C:\Program Files\Classic Shell\StartMenuHelperL10N.ini
| MD5 | 8f13bf2f1f487b6b4b1580322c95b1e9 |
| SHA1 | 7acf79e62409413f83ea6a86b8672cda9a92f81d |
| SHA256 | e082504eb91d7e5ed60f5a6b7866c77349c566d7185f167d24ad022e02e83c2c |
| SHA512 | 49bd5e70912ca70326460b6223a4257e5658a445135e446b49616f903cfb685086bcd606b16a4f17d18849f91d1726fc904237e6663aacf55ea47530347e0bac |
C:\Windows\SysWOW64\StartMenuHelper32.dll
| MD5 | 5679c87e409ea2271c65daca31581604 |
| SHA1 | d10d16f08dcf33bc50d9a706d0ee94e0f71e7483 |
| SHA256 | e662bbdd855b13de2391d543d8bde824b59b47ea0691147fc0e86ab19444ac19 |
| SHA512 | a26128178e9a39589753680714b5f9de4ba60a0e8674103c63dae0793facf4e0b43fd57b6270fe29501bf1031f80bf4f6d285801f2120096ecab2e15f0a0c4f5 |
C:\Windows\System32\StartMenuHelper64.dll
| MD5 | bdc5a9ac0c6437ec7c272cb06c6bb5a6 |
| SHA1 | 5df8e23bf820b47a2eb0d3b86e013e86d5362646 |
| SHA256 | c85fd8fc877b9e360766592774f9e1fdf3fb9a74258b52b0d53e1e6723fd0f4f |
| SHA512 | 0fe0741fcb28892d7a9b5443bc8b81916ea1723ac91310943a8f5d5c51421c921c9125488c6f54ad0bc69b9522ad8cc11998644705e6eb7d3c5919a3fee5b32f |
C:\Windows\Installer\e5907b9.msi
| MD5 | def86ff336d0058126792a97d574b2dc |
| SHA1 | 7fe6f46ddcb7de051f2d16ae801f51ab917a4972 |
| SHA256 | a59d21a669008a4724b5a8018119bd47c00709719a095582a2251ac0eb35430f |
| SHA512 | e822f9f5d2bd85c7a3a6cf771b4fa665d6d426b3a8a413fd3de9e36d578b08fe3aefbef57ca6000fda54d78add88a60198b60030fbd390a5660c6206c65683e9 |
C:\Config.Msi\e5907b8.rbs
| MD5 | 79bc14861ebc978f345df2cc406e75b3 |
| SHA1 | 57e9e8757dd8f8de05429dc5cd9d2bdbde3e23e5 |
| SHA256 | ad7ceebeeb33750f579a874de3091129141cd312c254179a47cb063bef3a3d56 |
| SHA512 | ccd6afb28f62ded60a49dcdf5f89eb05879af3d679c93c57f3b62b650df32d02f96ffab0ac787075a6a8a6d922a628ef781630f7f6c86ffd6dd6a958a270a7a5 |
C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
| MD5 | 1434e96c86a3b5a9ba9c9a95f1be1584 |
| SHA1 | 04c81a71e96940dddc13a097bef440343c8d197b |
| SHA256 | 3ad92e7759614d08395ebdeec411035c7d68cb2fa7532b70fc564546f9dec4b1 |
| SHA512 | 9e9c37047671c5b67180612771d037d332139ba46c6cac16196e9a863c120d4b45e72a287e6df41759e04a990f9a77a04c1c841bb89fc6b88c69189a197601d4 |
C:\Program Files\Classic Shell\StartMenuL10N.ini
| MD5 | b53021bc0d4329a1567faff97cdb624a |
| SHA1 | 2b2f8d5147011eb1174d9d7268f1838e7d71875f |
| SHA256 | 8b56c1a8881f34ad52e6530becb21be691cb6739472befa06835987b6602d9e3 |
| SHA512 | a262769074ccb5909188f28afd0473be7a0c1dac905424fce6b6e7850003ed0388ce718872010dd64a67b2b488c96e6f69cecb690851fa113776347abcf9beb7 |
memory/3544-655-0x00000000028B0000-0x00000000028B1000-memory.dmp
memory/3648-657-0x000001F37A7F0000-0x000001F37B2B2000-memory.dmp
\??\Volume{85d47b70-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{64a59389-eed2-4cda-a931-2909618d6bd1}_OnDiskSnapshotProp
| MD5 | 8ff5cc6f6ac8d48cdba3e05f4d45c366 |
| SHA1 | eeda0f8837ac5068ad0d91a7f4f093c2c26a5aaf |
| SHA256 | 1809185379057d98e51d0e4f5dd88333b6d692bd11694ffa5ca58f59ddf60e9a |
| SHA512 | b7f6f663cd350b24a57fc6e5ad9819f1ea7db8ce59ca08ca2229f78b1d5cfe07f24a1d1c36c8d75c00678a1ba2bbcbb666d0d2023616a8ea0caa0961681ca383 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | b0f04d71252bf51ab4dc4ed5c14172cc |
| SHA1 | aa44a650993f2370460de59d177d6ec8aec662fc |
| SHA256 | 27753dd90b4cad18fd0fdcbe347cc708d77347ee64e68f8b2bcfa9963bc2a1cc |
| SHA512 | 7e7ad4d1295b0be21b49347e96f1f9c936b098ea545369185f592c575dda83f8cffd334df40c8f33733de6603a01c66e447c7569de1f16a57dcab9aa255d7c91 |
C:\Users\Admin\AppData\Local\Temp\MSI4FAD.tmp
| MD5 | c62f1d994bb13e677211bbdba96433f8 |
| SHA1 | 3a00d34df6ec81035234e339194fb49fbe317dbf |
| SHA256 | 3585ccf92c60150cf863e26c0eb2948e206841ca8ff91dac092cf567eef0880b |
| SHA512 | c3269bcc5a639e7b8ebffc6f75313e12b27c8ad83abd99708e2aa7b5adfbb46a9fad1ebee81c2c53b9f84ea0e5ef200611a6db7b9f7165d43af04d853d47bef9 |
C:\Program Files\Classic Shell\ClassicShellReadme.rtf
| MD5 | b8660693b53509bb231fc2315ccf1bc7 |
| SHA1 | 042aa1fda05de59251532763f11c42003f1a918f |
| SHA256 | d5c65e9e7f91510ca7b2405bf223b0adf6bbab3e0141acc62a41bd5fb80e6b3d |
| SHA512 | a4d5e4a8c7f736f7245c8a39dc8a1dc9b42dc90f1825b2eb4de54783fa07e62a0e974454b5513779214dff97f5d67906a3b8a63d19a53198f3828442f156069d |
memory/2124-675-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-676-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-677-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-679-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-680-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-682-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-681-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-683-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-678-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-684-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-685-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-686-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-687-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-688-0x00007FF93C4E0000-0x00007FF93C4F0000-memory.dmp
memory/2124-689-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-690-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-691-0x00007FF93C4E0000-0x00007FF93C4F0000-memory.dmp
memory/2124-692-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-693-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-695-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-696-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-697-0x00007FF97E5A0000-0x00007FF97E65D000-memory.dmp
memory/2124-694-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 780a728e7ea00d0e8c83ab4bcfa7c05a |
| SHA1 | f4a3a7dc1098612385ce5cdaae36f168796428d6 |
| SHA256 | 0002dcd6134ae0d49a2fa832a36abe2e1412a73b6a932cff93a512e7b9bd50a5 |
| SHA512 | 01154e24e6efdbf1dad940bab65746490e45bd8fe68f947d8c091bb9340229d31fc778111613e1e45f9bc79513f4293d69170e03d33fcfa39610af3541327c8b |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 00aaa2977fdaa0c39437d447a304ec4b |
| SHA1 | 82aafb000e744d34d72c125e47e3ad927ae9e6a6 |
| SHA256 | 98236229f7b06965358eae791577ffc101019153899e613a3dbedf00855b766d |
| SHA512 | 32ba0edccc917c192b93293d62df084d2ffa6c5052b9ec5ca2ce315c25c97e211aac99984ebdaecd9ef3f15be8b30efa803570120a93ad9587dea74fb1355fea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 83d1cebb3a65aeba6a1c3b15481b6b61 |
| SHA1 | a0488ee4372554682bdd7f9d83f3639fb3954cab |
| SHA256 | 28f11ba99cc62f6ca090b989a9a21636d477f860650b9f075d66aa1c743fbac2 |
| SHA512 | f99431b8a4da4fc1c24a332e93fcc2ba9b1192e3617dedd2c2625290e8ceebfea7bd22900a3b3dbe12fd6de4998cd05dc796e14f85d8eb09005a087b7a6c5b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\23927bc8-eae2-4f42-95e6-dd0149644f58.tmp
| MD5 | ac9567249933f88251946c67451221dd |
| SHA1 | 1b321d39d138dc98fd72d167c50857792d969f6e |
| SHA256 | 2cfd3ccbe3a4223d6267d8fb1f6ad694e4a8ed072d2a5cb938cfeae4832eea66 |
| SHA512 | b45f758f2cf82e60eacfd65d09851dfa40a54f71057ffb1632ba7f5d89a5116081b9c9e56b5ff986f191bb25506233e8ffc575a82d2ae11b29da990c2a9a4b89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b989413cd4f02596ef9aa7c311183fcc |
| SHA1 | 3b35a3fddecce1757e12f065dd2152ccf8528c77 |
| SHA256 | 56956eac1f47c72a166ec4478b476eda1ef2effea64373424269f61336a12be5 |
| SHA512 | 561289e831ca4eac547419ed39cef2fa5d2ee804710ed64dc86932ad7fad9f6616e05e8b4ea19c29e3fcb45d04abbc1748bf885a20b5ce0d7a9ae07b05f27b32 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 2250871465719a46bd1d7a3f4fe315c4 |
| SHA1 | a56bd5aa05f64f0fb1931ba49a8679da3185b1fd |
| SHA256 | d003336348871e8139bdf5fca6f037d0d87225e63c5fc53ac4544f055876d9a1 |
| SHA512 | 2cf2349ebcd8f7b0bf2f5b0b01e7e90899f88fd2e8947df2dfa8d381e3ac28b250c41f40e37ca13188a2bebff1795b60e617b9b421c484b8309f3de65e45fc01 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | d8ddd7cb9fdc738df8d11c466d70e60a |
| SHA1 | fcf12ea4027cbd3c77310fe0f70882eb5d0d7fef |
| SHA256 | 16430c74621bc7830e2cbc9636361284af25408f71a7648c1273cd9f06fa5c67 |
| SHA512 | e94cd5cbe26b1a1c1ce33306bbe9ba4cf681633841b28a24836eabb4dbfa1f83161162c02622e22c30c677835a0c8ebe97fa739f80c85f5c925fc376a62468f7 |
memory/2124-866-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-869-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-904-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-905-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-906-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-907-0x00007FF93EBB0000-0x00007FF93EBC0000-memory.dmp
memory/2124-908-0x00007FF97EB20000-0x00007FF97ED29000-memory.dmp
memory/2124-909-0x00007FF97E5A0000-0x00007FF97E65D000-memory.dmp