Analysis Overview
Threat Level: Likely malicious
The file https://checkm8.info/es/libre-bypass-activacion-icloud was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Manipulates Digital Signatures
Downloads MZ/PE file
Checks computer location settings
Themida packer
Executes dropped EXE
Loads dropped DLL
Checks BIOS information in registry
Obfuscated with Agile.Net obfuscator
Enumerates connected drives
Checks whether UAC is enabled
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-15 05:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-15 05:48
Reported
2024-04-15 05:55
Platform
win10v2004-20240412-en
Max time kernel
389s
Max time network
391s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION" | C:\Windows\SysWOW64\certutil.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL" | C:\Windows\SysWOW64\certutil.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION" | C:\Windows\SysWOW64\certutil.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation | C:\Windows\Installer\MSI9204.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSI9204.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\USBAAPL64.CAT | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\usbaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\usbaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\USBAAPL64.CAT | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET389F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET389F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\usbaaplrc.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\AirTrafficHost.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ideviceinfo.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevice_id.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\plist.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\amd64\libusb0.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\Apple_Mobile_Device_DFU_Mode.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x86\usbaapl.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x64\usbaaplrc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ASL.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\AVFoundationCF.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\iproxy.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\boot\boot-old.raw | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Shaman.CurlSharp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\x86\winusbcoinstaller2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\bz2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicerestore.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicesyslog.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\objc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libcrypto-1_1-x64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libdispatch.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\pcreposix.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libusb-1.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\MediaAccessibility.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\OutlookChangeNotifierAddIn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\APSDaemon_main.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\iconv-2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicebackup.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\lzma.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicedebug.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\QuartzCore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\Apple_Mobile_Device_DFU_Mode.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\icudt62.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ideviceenterrecovery.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libusb-1.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\iMobileDevice-net.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\amd64\libusbK.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicepair.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\SQLite3.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\MaterialSkin.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicediagnostics.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\amd64\winusbcoinstaller2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\dpscat.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\readline.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\WTF.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\jose-jwt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\x86\WdfCoInstaller01011.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\CoreText.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\crypto-44.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libeay32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\lskd.rl | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\dpinst64.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x86\usbaapl.PNF | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\imobiledevice.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libtidy.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ssl-46.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\boot\patch.raw | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\plist_cmp.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\usbmuxd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\zip.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\curl-ca-bundle.crt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\getopt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ideviceactivation.exe | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI89CE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8DBB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI91A6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9802.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b8897.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8D5A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E489471F-69DE-4243-9B3A-838F081C29D8}\Checkm8.infoSoftware.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b8895.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8D3A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9118.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI904C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI93EA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9F94.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{E489471F-69DE-4243-9B3A-838F081C29D8} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9204.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\e5b8895.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8D6B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{E489471F-69DE-4243-9B3A-838F081C29D8}\Checkm8.infoSoftware.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA37D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8D9A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000fb52bddf7f22308e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000fb52bddf0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900fb52bddf000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dfb52bddf000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000fb52bddf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4FBD7DFEF531EE246A95B5DD8F9D05D9 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Checkm8.info\\Checkm8.info Software 4.7.1\\install\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D\A918597FE054CCCB65ABDBA0AD8F63C | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\ProductName = "Checkm8.info Software" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\ProductIcon = "C:\\Windows\\Installer\\{E489471F-69DE-4243-9B3A-838F081C29D8}\\Checkm8.infoSoftware.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Media\1 = "Disk1;Disk1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\AuthorizedLUAApp = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4FBD7DFEF531EE246A95B5DD8F9D05D9\F174984EED963424B9A338F880C1928D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\PackageName = "Checkm8.info Software.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D\C4FE6FD5B7C4D07B3A313E754A9A6A8 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Version = "67567617" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\PackageCode = "772D0FED4005D9F4DAC8675692E4DCB6" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Checkm8.info\\Checkm8.info Software 4.7.1\\install\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2288054676-1871194608-3559553667-1000\{21FE6007-5F54-42C7-99B0-63B7FFD7DAB0} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://checkm8.info/es/libre-bypass-activacion-icloud
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbada046f8,0x7ffbada04708,0x7ffbada04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Checkm8.info_Software_Free_1.7\" -spe -an -ai#7zMap11091:122:7zEvent17121
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x438
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7064 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap3420:124:7zEvent5958 -t7z -sae -- "C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win.zip.7z"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\" -spe -an -ai#7zMap16318:124:7zEvent4857
C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe
"C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6C70300B2EDBF133710689E0F56DAF34 C
C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe
"C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe" /i "C:\Users\Admin\AppData\Roaming\Checkm8.info\Checkm8.info Software 4.7.1\install\Checkm8.info Software.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Checkm8.info\Checkm8.info Software" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Checkm8.info Software" SECONDSEQUENCE="1" CLIENTPROCESSID="3100" AI_MORE_CMD_LINE=1
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DD9E3FBDA6666649829E8915EE69555E
C:\Windows\Installer\MSI9204.tmp
"C:\Windows\Installer\MSI9204.tmp" /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" C:\Users\Admin\AppData\Local\Temp\simple.cer
C:\Windows\SysWOW64\certutil.exe
"C:\Windows\SysWOW64\certutil.exe" -addstore "Root" C:\Users\Admin\AppData\Local\Temp\simple.cer
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 56A750B806B89997012CD3F8200A25E2 E Global\MSI0000
C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe
"C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE336F.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE342B.bat" "
C:\Windows\SysWOW64\attrib.exe
C:\Windows\System32\attrib.exe -r "\\?\C:\Users\Admin\AppData\Roaming\CHECKM~1.INF\CHECKM~1.1\install\CHECKM~1.MSI"
C:\Windows\SysWOW64\attrib.exe
C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE336F.bat"
C:\Windows\SysWOW64\attrib.exe
C:\Windows\System32\attrib.exe -r "\\?\C:\Users\Admin\AppData\Roaming\CHECKM~1.INF\CHECKM~1.1\install\CHECKM~1.MSI"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE336F.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
C:\Windows\SysWOW64\attrib.exe
C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE342B.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE342B.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" cls"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e776b2f9-12c5-b84a-bc83-8e872971459e}\usbaapl64.inf" "9" "44b456927" "000000000000013C" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x64"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap1246:168:7zEvent11127
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffb8c6cab58,0x7ffb8c6cab68,0x7ffb8c6cab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3868 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.apple.com/itunes/download/win64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbada046f8,0x7ffbada04708,0x7ffbada04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkm8.info | udp |
| US | 172.67.200.27:443 | checkm8.info | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 27.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| NL | 18.239.94.125:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 34.254.145.10:443 | l.sharethis.com | tcp |
| NL | 18.239.94.112:443 | buttons-config.sharethis.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.145.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 172.67.200.27:443 | checkm8.info | tcp |
| US | 8.8.8.8:53 | platform-cdn.sharethis.com | udp |
| NL | 18.239.36.75:443 | count-server.sharethis.com | tcp |
| NL | 18.238.243.97:443 | platform-cdn.sharethis.com | tcp |
| NL | 18.238.243.97:443 | platform-cdn.sharethis.com | tcp |
| NL | 18.238.243.97:443 | platform-cdn.sharethis.com | tcp |
| NL | 18.238.243.97:443 | platform-cdn.sharethis.com | tcp |
| NL | 18.238.243.97:443 | platform-cdn.sharethis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.243.238.18.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 108.128.70.144:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | 144.70.128.108.in-addr.arpa | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | p01md.com | udp |
| US | 67.205.145.220:443 | p01md.com | tcp |
| N/A | 127.0.0.1:51845 | tcp | |
| N/A | 127.0.0.1:51847 | tcp | |
| US | 8.8.8.8:53 | 220.145.205.67.in-addr.arpa | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.72:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.169.67:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 216.58.204.67:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| GB | 216.58.204.67:443 | recaptcha.net | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| BE | 23.55.96.225:443 | www.apple.com | tcp |
| BE | 23.55.96.225:443 | www.apple.com | tcp |
| US | 8.8.8.8:53 | 225.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure-appldnld.apple.com | udp |
| NL | 72.246.172.232:443 | secure-appldnld.apple.com | tcp |
| US | 8.8.8.8:53 | 232.172.246.72.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7e0880992c640aca08737893588a0010 |
| SHA1 | 6ceec5cb125a52751de8aeda4bab7112f68ae0fe |
| SHA256 | 8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2 |
| SHA512 | 52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a |
\??\pipe\LOCAL\crashpad_3336_SHIWYUIMOAFODNBK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5e2f0fe48e7ee1aad1c24db5c01c354a |
| SHA1 | 5bfeb862e107dd290d87385dc9369bd7a1006b36 |
| SHA256 | f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9 |
| SHA512 | 140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8698fa05d3431029114641f941375e57 |
| SHA1 | 4b0771c90e60686436ef601ab9ed5991744953b4 |
| SHA256 | fc30f9ee6f90202fac6b21e95c6099151976ab7b3f63c2e41bb9c09cb044d5f0 |
| SHA512 | 24a999271abae0b321095d6b15d2318287093d4ecf34fe638c22165da9c9b1a781081261d8898a8322392beeaf6879c11288e3ea1c14d64e90a38aeba8d638e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 789c14a83920e7af98ef3d0b32a65161 |
| SHA1 | 9d8329be545869e3fe1f4c1dd3951de18fafc7b3 |
| SHA256 | 88bc840c7fc022e3970ac69f132fe8b37429a8c63867f880729cc15c7b8fd030 |
| SHA512 | 23dd85f302093820b4c5c7d4d00929273c68ecb55c0fb9bcb447b8206f14400ca25f8753757773d158410edb14a0a9b643b4643008fb9aa55ee696ce108440e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c4c462e479df23a75c7dc0a4e2edaef |
| SHA1 | 8ef6b2659802c57f8a6b4d75f80db94b76d71289 |
| SHA256 | e709144ed53e2f73ffd8dc9bd047e215704638551e6a9e2ce077259b1eb72ac1 |
| SHA512 | c72ac51b2ca310e9277b096e7904c36cebe22e47ff10e16577b0b61a85ed14288da858ef8f9fefa433d8637b80143c4cdd45ed99d1712e613a6b7b5857ebdb86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 548fea23b3811024df31aac630d83736 |
| SHA1 | 29383301e5a6a38379c74e4751c2d5f2ea343876 |
| SHA256 | 1eba4126dcf65787ceed6a67c506ad77924957cfa5c1a45382441dfae8a059d5 |
| SHA512 | f7a12ae8ec4ba85c85e2566824d507e38c23e37a0bc3a9cbd70a99a1230dfeefb3fddf8e1cdfaa7abc98e65256ac0488a2e59f20e3dc0e799042447ebda59286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ccf9bd903f486f0c20d26302796b4ec7 |
| SHA1 | 50e2fb08f2dac2898d07ad720218d5e343721960 |
| SHA256 | e4e3970ee481dd3af131b4ab847d6c1398170f858b08feb1a73dd312e7134533 |
| SHA512 | d78270e8aaadd48badaf66efcef9c2b5232a464b96893f44d09b4b037b11753200d3c6420130d5bae1be1b4eeb5f7e2e76064b43c3b45b670d9f0c5ae1cb504f |
C:\Users\Admin\Downloads\Checkm8.info_Software_Free_1.7.zip
| MD5 | 5e86785a0f5fb697df23a3b0d7280880 |
| SHA1 | df56419bb201ca6deb5133e1344e81b30d6d01e2 |
| SHA256 | 1dd7149d04a48ead9a0a5052a2839d4329fec39dff9d34160b3da270aeeeb2ae |
| SHA512 | 159d31b5166135aef771ef1e1e508e7821241fcf31e233b6d386726c061e0ec7a6728088034bb64c0d5d9f71acb2d13dd9764471c2c2d74f93fb4402d6fbf073 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc3f220de9481a434062c7e707843a90 |
| SHA1 | e5fb0ff77be5e1fc41c2f1749c87f7ca7e1b80fe |
| SHA256 | a9fe746740c5b1c4324cf8109059855de4280553d4823825c80a2bbefcc97701 |
| SHA512 | 63480f9f983a6ca556a5e5936b4a039e859b5c9a548917b4e9a3a4af1be274a1716bbd18d1c04ee1bc91d699e888a273fcc797a032ad89ae5717122359f46461 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f169c0649561e84aaddaeabaa6fd0397 |
| SHA1 | 52d4fa71d9e8ebf74c4238a82d8ebca183a004e2 |
| SHA256 | a3430e42cc18f8eba13966ab71617401f50a6a36bc826d0676bec6856c06b0f3 |
| SHA512 | 38c0296ea36e4b440984b2e67ccc023781e1688f23c787c40eed076aae099d51dad4c57e683b465e1af5627675849a5e012d6aef1af85dafb4e405ec8d34e95d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b6f16c9c926c7b8eb8f60e6b4520a50 |
| SHA1 | 2e44213a4a4c165915785ecc7f3c9182f9145f91 |
| SHA256 | b0cb7dd750af93bba360803c804ca36bee2789235575da5abb8b4e84245a97d1 |
| SHA512 | 96e2d7f136ce554efa6bb3b4719b66b1c02397b703e4f17c315e84dee0003faa2102362e5ebd7fa0d2c898924113788484529641ca5c50cbbb9c5f3b1eafb70c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5875a8.TMP
| MD5 | 31632d4de329b871d18707e860a7465c |
| SHA1 | 83934f5e19c9b18e54a3f8c280e776b558f152da |
| SHA256 | 362b84dd6afeafdcb100d3656765c9451cbeca89799e889ed93e4602d9c4b613 |
| SHA512 | 1e31acbadaf326609bfff8b7db7b9a721f7da134ba2d3272fc16ac9c79893f0bc6f5509d321e7eaffd21211483c0ac1da614a6277c1eec0c8ec1a7b8c387edfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 156e5a996dd6c09fcc5ff96e29dcd522 |
| SHA1 | 8febd26a9cd808368e4a96e5c4b913daf8f7a0fd |
| SHA256 | 5fe1dbb659dd0542a12a1190f14baee1e7a2604e81457a4dbf809c9ef4ac72e0 |
| SHA512 | e66b277ca94dd6b5ca6b08aea459835a6961f281e0e89b27513324a1889eea63ef6af1e1a87388dce2adecaa669192421fa3ec7b4e56afc769d72ef0d9e628b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e53c79f9cb9f86920cd1aaaf428c051 |
| SHA1 | a6cb03faf6f820c9b220e4890177f5ae439dfd0b |
| SHA256 | dda320fdef0cbc32fb86f3dd513a26cb7ebea3774a16f0503430202c27e6ec92 |
| SHA512 | 06f944cb4178d5b2fe92f1572a97e6b8adaf052eefaf243dbeb249e4d3e0d788790039970726517fe4fd39afc5c4197a5ccb82927676d02da72d3a37b4b80f35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | aac57f6f587f163486628b8860aa3637 |
| SHA1 | b1b51e14672caae2361f0e2c54b72d1107cfce54 |
| SHA256 | 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486 |
| SHA512 | 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 1548c5f675f1d1fb0e51d7c1f506aa78 |
| SHA1 | 4170f4215c2c9ea4eadcf3770dac2ced5e11f413 |
| SHA256 | 2149403b038e0b92af4544cabd1b5b0cebe5b3caf3bfd17b0a4d8fe96fb3bc48 |
| SHA512 | b724040d3d6228f9b08c3f4a94148585ce385ee25af0eb83ccb78edbaaaf4efb94a81e19e27770adc5f34f34a8fd5ef90234e02f25d773aa09b4fd3f13c2664e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | d404b61450122b2ad393c3ece0597317 |
| SHA1 | d18809185baef8ec6bbbaca300a2fdb4b76a1f56 |
| SHA256 | 03551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb |
| SHA512 | cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff885ddde2c3a2af624b9c8fd00a041f |
| SHA1 | 1dca2971030271294e562198dddcb4ae3581ace5 |
| SHA256 | a2d46133d67be39ab9c99854d17537364fc60a1484ff4929beb653cd6d71e4b3 |
| SHA512 | b7b5f48400ba3298299ea9508c802891eb09766f72913c8ee2bd3dc4b1d88895f347ee204ec72fa489e81e632dd6c8469fcaac532ee79904efead3ba537f54c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11b57613931622db0de894beeb6a6603 |
| SHA1 | 3ec2fdec5ff3ae15a776ab470dcc935e59562d7a |
| SHA256 | 24bc4ad73a581ecd100f03064e4a7637227490448b3a17def3f3085c77741766 |
| SHA512 | 624a3a33ae8315257061290d733a861d4e4d14c180a58a9df0723c226ab243400abb5e0ea7f2e1c22e38df63f44b7c10e609f1da1bb85494ae827efd488ac0ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 895a0d04fca6dec272260e63a800886e |
| SHA1 | cc942df4e8b9a8ae5509e18897c44621b59e974e |
| SHA256 | 8cdc6c37d57e00f11685f137000cf1c5b421e548df647310f6f8051f562cffbd |
| SHA512 | 86ed6d26c8d25859b51d340f9be5474e5bece7b8f80cca174fa96f0503921fc65f7d76b5a658ea8a5519568742ebfca44b1efbfc30b442a86c4e8e2d8c2ee449 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8822c8e6f704f7efaf5590952df7aa22 |
| SHA1 | 1e1bc169a5d2643f3e97d3d02e5f0e440563b3e8 |
| SHA256 | 5b243660b5408c37b5d9e74cc0299af37c08391f07c93c23f7ecdab50e44d87b |
| SHA512 | 4a679867e9983087b15ebe669d343c0698e7fe7c2af255dbd5fcc6ff20ab786dcb491b6b73c88ac3885c2b16c8d3a16e943f8af2216a95ea2a92427be39c8fd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | dead7605761e6fb420b4890a25f6e217 |
| SHA1 | 57e3cabe9fa159d16adc2a9f33774e361127e12b |
| SHA256 | 756077635b6ed8ecb26db0b1c134e4ddcf6a9ebf2650e859700b1031f52fea95 |
| SHA512 | 51a594402aeeaad6548d378227970e5d38f8ab2eee2066ce521ac96f02ce390218083dc8a05022dbf1a53a057b50d882f1057d22a00593d0f79f3f933f851440 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9e551f781c0affb0dd2943131b8de156 |
| SHA1 | 57df8f8aae01bce9e60313565a6eab0094cd8107 |
| SHA256 | 974387068642f566d840c65eb4d999acd8ab72824877fafa8772e7db9a1d0147 |
| SHA512 | 1954836de00d7fccb4454070e80b84f05228d088b623b133688d8f0df00d751935789dd3e6e756e44089f45f195502ef8332bb1130f3d1b7b3312eb6078ae2b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | b9011d56355a8635ab81e60137c1c791 |
| SHA1 | 9a6388cd7f676e571a506e56e0807586a701b68e |
| SHA256 | 768a00ace58edeb647c6b05e497e62aa5c5b384db9f51e5747e767712e40109b |
| SHA512 | b6069e5b8fb63471ebff9bb686a2f41eb42f585b84c3e24c6f5331ca6d1ffc6e906fd4e2f93235f4914bdf010f1ea1b36f65c256c5a71127d8d8a814b49f8ca9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | b25bfdec4bfb0e03e30890d4e7ad42b7 |
| SHA1 | ff0c1ebbcf9dba1ea88e8075d747f32b03f8c8bd |
| SHA256 | e22ac8151e5a6346188f4a5d232ca565ae30cb6c62902afa41b06eb59d264f69 |
| SHA512 | f3e246277ba326b8ae7e2e604a4464c7ea8b4b6261548dd2361765e79efa1f6497008aafdf00ee31c66e9b7aa9665559c7ed457d401b5e549fb31e224dda5cbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 62698095d84c3f537ecaad46eb462f5a |
| SHA1 | b5d379ce4587afb0a099abc501b05c9405bfea82 |
| SHA256 | df7bd6f50fd9ff963989e1c6f92777c0b1419b35a27e60f19574b3f195632105 |
| SHA512 | eccdec53cebb3eb59f0bc2a387a1613d9634a1cce60418a876bb53319f0afe2bfdcea0cc0f360303ad637f493267c6e78b2ca537ee66c9fa7634586ee902423c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 32fb09ac7f0788f9f9f1d9e8df4a380e |
| SHA1 | a145c3966b889f9002a5571efe479091f5554d24 |
| SHA256 | 43c0680ed27a0637ccb9d05df800f2439fa3f654e47cf4ca9d71431d88926c38 |
| SHA512 | a97e46b3872cae49a8d66b17431c69be56fcf7f16e8a51fc588686715c55ad6a3e1c61c0f5eb3369ea78f82312205232bc7681b188e61fae747aa44da7d55eb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 05cac3c194cae9d365bdbf1b7130fdc3 |
| SHA1 | 3bc8bb00395396a09a4f815becc8a8377755c611 |
| SHA256 | bab65db0038cf38ea29aaa4dd635d61eba69dea6dd8729b1fb70de7df743069e |
| SHA512 | 29650a0db490e6c9d113f021aaa35ab255d0e750d7943df8d66dc13f5fb05337b17092cea56bd6d05b3d5a5bda85bcc240a6e8f29c59022b38087de778834cd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | f95a0faf6629fe55dba24478808491ac |
| SHA1 | c91fbfa760c6642f522038a7e90b9445cf8c762f |
| SHA256 | 3401a6c618e31c817b75f603ff2ecfd83b8b75e4309aa09007cad5e98878f1f9 |
| SHA512 | 06f2e5329db17deb104bd106cfc84ea2b321a4ddf64d6d4acf37462cc0d898530b3d913f2c48c7cc29063bb22430e9d12ebd6c9f8e32a2e980cd985a40923673 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 3cacb4c4c33664b76408f0da848b31bf |
| SHA1 | f5933b7bbe0a51168d1fc789607184c2c53c9768 |
| SHA256 | fcbaec9f0972adb8b67e1524dddfca26ba27ae917028fdadbb04d9434ebb7e55 |
| SHA512 | ad2b5b11c3e1d9cbd9f6e21bc14243277941c2199a84f19d3236099a35fe71b378f3fe9c5ce3af258c37cbd035fb7389759cd500635a1c2c56c348a506998cbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 5b82a7882cde846ddf2597b7020194d4 |
| SHA1 | 013e27a2c2e3224403c2ef9bfd02533ad68fdf58 |
| SHA256 | 7e1bbd06db6f0bdbdde7b03b8a42be0cf36daf511d2a338b753d641f48bf92a3 |
| SHA512 | 8678099d81684fe27073dfd2b72c57bc763457c2d09a0935dde9c94da991ba1c1945a051e11dafc49a5f10dcefc7057525398a3faa8787af64759451c8d75773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | be51aa72e7a36026ee724507516e71d7 |
| SHA1 | f17096435a75cdff6ca72b1101d692b32334c1fd |
| SHA256 | cca624c74b4d86f5ddce961df941138e47b156f70fc80450b553d5b5a0c10679 |
| SHA512 | f9cc9f29bdfa3875ae1d42aedb7a8933ad2ab126f8ee128884d7279f0ba6435da0c26043e1a3cc4e1462c058c73b68fc3318888f08a40082e7a4f2a20e2220b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 6ec92b447c8b2a24a324bbb9909e3e40 |
| SHA1 | 4ee5c8e2aae327cf2d0461472f09d89f7b9d41f2 |
| SHA256 | 44de068165813f35e2ffe4686f64a56989873fdfa0dd7e0c3b499d9cab854695 |
| SHA512 | ae8b980ca9a10f8432489aceeb346698e5ac06c3d0e6c97f849cdd74095a5284ae2297035acf8e1758c3e4b69fab8aae7c3078e5c98888f03945733778053c20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 2d403ff6258ec2358de0c00063351007 |
| SHA1 | bfefb27630edcb385262db455d4f00fd094b872e |
| SHA256 | 83bc8208930c3b68f759e2bf1ca934723541e8a9193e2aad2530de8a6ad5d13e |
| SHA512 | e339f5536e0ebc0cf633930d8598946d1532cb0280ea611bc3311a80ecc1682a89ad0f2227160881029fce80bdcb2e19f2b3411955d933e1b48a9288a0f2b495 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | f8dd1cb0e1c7b1d8c66f3eaa8c8e2f96 |
| SHA1 | 8214e855d8d8a55dded705bd7c439a9a21b6a237 |
| SHA256 | efb29f0021fee150cbda750ed7fba23f313c254466c848004383cf7fbbe4936e |
| SHA512 | 694d4b17df925ab5a15adefc6fbe9bf20a58479b504c343906e889d8824d4ecd0db35922ee50d66499d445a98ebd8dbe7b626e94a991eb1ce96fd60d1a646f71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 07be282907344c2ac0a78b8321932001 |
| SHA1 | 8343a0760fb174cc95b1deb9dcc1b630c529b0aa |
| SHA256 | b5ef679f93bb8b23ee7683ebdccc2226714d6cfc44ff29eadfae162853a3b75f |
| SHA512 | 6090b88c9ede4f4638749d5b0dde3e49146fcb2dd212777bb1ea33c11e146e8e349029112348c84369ce0c11ebc3f9cab686e3a052e326761cfc6bcde75e178a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
| MD5 | ba7fc36595027910c6d9878e4697f178 |
| SHA1 | ffc3b335c6e39815ba90c108e39585594bb9eaca |
| SHA256 | 55fa1ed8db4f5ebda47793a3e04865c9ed5527f63e638b1e952a0d86cb4c78c3 |
| SHA512 | c52a74ecd42ab1371ba0691d6210adb8f3e61b691477832325d298a41b2c20de0121b0a92c936232294f8c356888b49ecc4dd6d5ed5e108e15aa604ca3c7e7af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5385a82645c71d520f745202a650667 |
| SHA1 | c21bcea896ee070d8ed8b5a8319965d22c61bdac |
| SHA256 | 7df3567e8754c76c9097ea6b3d841ed70444c410a680aa919f4fe7548e839651 |
| SHA512 | 501517db81825f649aefd73f17d796a9117210f10c739cd07817c1c3966b01b1e17d4860a7dfb5867c8231afe59104d80d50a67371b7924f2944936a18a9dcd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5de8a4654c4a30c7072017732d2b9335 |
| SHA1 | 75eb5eef905756059c6abcf143fab75700f0f73c |
| SHA256 | db6270c35307384a05720b008eab7a23ea6c1464bf61be2c88675632a9a2603c |
| SHA512 | 663375c283fec3d86473f43212b1bb5dad9128938269ce06966db2457069cc45b02f9b7d2c16550fe422ffb0a70a702ba6beced8fa07b0aedcc1818c287fb020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b4951eca5f7ffc07b73925d9159c85f9 |
| SHA1 | 320b354cd6a2fa8274e5294e23df35768df6ba40 |
| SHA256 | 0a2dd7c4ce321afe0ea224f6313f30d29d8fd8788e943f663cfb32a1b7d21020 |
| SHA512 | 3e5ed4926d7140d1f549c3e9357289cd1ab376f8877a1715729426403ac8eaf01ac22ca07406c8766808ad6f39ea5e019dd52b03fb381af732d56628549da652 |
C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win.zip
| MD5 | a4c22b6e208afecf4565d982287ccace |
| SHA1 | 1ec6f5885624f3aba174cefce08e30396bc1095a |
| SHA256 | cabbe1d814c3718d7d57e953d3d88faf1b719e3455d34063abec6cb5feff3aaf |
| SHA512 | f90dbe3abbac1978df1e2c5d394d1c39a84dd179a6693f64241fb63b91083875fd70cc5a75cbbe4f1574187fd6a847d09644935b870dad6d8a5bb83084b13640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f422cb1771a46f407d44e155956ca438 |
| SHA1 | 876a742ae1d4724b003ae10ff6bbe597e75086ed |
| SHA256 | 1cfb9778e785a78ae2254373b77d200afd43fd3efe95e7d03bc56fcdd7fb97d8 |
| SHA512 | 4587986b0b7982939ab4ed5519fef8eaeafad7ae1c9827dbfcf9c056044b70e5d3336569403bace5e08d6727b59246fed429e2d24fdf15da9c216ede40a3ef9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f2bc85664bd5e4a13619234bde05d5fe |
| SHA1 | 7fc695930f33a624da0638467c53c75e935bf627 |
| SHA256 | e7c36477e5217716583bed12d4e10ed0c1302fdd0b8a602e75a1fb9304ffbbb3 |
| SHA512 | 41b709c7195f3ed8ed40b4736ee74e46548dad1f3a65a611bb25a7e80cb45bab1ab57a7c323efddb6d58075b38f5526a640d375563c8e050a6c89762eb9736e4 |
C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe
| MD5 | a5b6acf1acb70f2cdf0539d0701d103c |
| SHA1 | 269ef4e0f732bc5f0d2ee3fc28fa6351ee0cc901 |
| SHA256 | df8bc2dfd6961766452c508d84917c40c109b8920d9c617b08cb62dc7c6668da |
| SHA512 | 6404e5329e59062bbb650d74e6b9545dfc509748dd253096255372c0f25714b03201a1eab8270cbdcfbe20ea3ca8f0cdfd83fd74dafef15029384dec7dc32b55 |
C:\Users\Admin\AppData\Roaming\Checkm8.info\Checkm8.info Software 4.7.1\install\Checkm8.info Software.msi
| MD5 | 30c152f87f12ab86a690f12d6c426fbb |
| SHA1 | 7672e0681df44cd40370d5bc9dbc3a787df829a6 |
| SHA256 | 8eb7d687c3f364b997dceb9a88238baf9f9d4222994df7988513fba6b9ddda7a |
| SHA512 | db7642ee854a4ee4f9d738ff85ea726ab0d097157f6aa4c9731a54a89caab34293b4955c7705a863efe467bc38fe2e6084166e44aa87e92f700810a57725cccf |
C:\Users\Admin\AppData\Local\Temp\MSIF762.tmp
| MD5 | 5e33a5224c4d523a2517ba8a96aaff42 |
| SHA1 | 12e41a9380cc890053b5c7e19769c76bfa1608d4 |
| SHA256 | d64407a6d5a5d48ddefd8376d8e7732f6e5d2318cf1671cb367302d566ed958c |
| SHA512 | bdb2d57de5104db15c06e5aa4b852a007ef29139750eec050cd3ee013b7df1e15376b01528e32a1859a2132452032f27a4fcd58d163dd927b4b00a6b1b2ad8f1 |
C:\Users\Admin\AppData\Local\Temp\MSIF81F.tmp
| MD5 | 0cca4ccd0c4a2712301f4488180404b7 |
| SHA1 | ee44cd435225b02709bb4b904e97d630d4ebe7df |
| SHA256 | fbae7c3613e76953e08e58b4c48c9eb9cb2bcbca977cf4a04d614016d9b73cb6 |
| SHA512 | 362e20be4d993111a6b469c8bd5cf8aeb167ed4e3bb1f0685f4dc81cb906b60d77f38a34fb2a0734484a424e8d550bcfd70170b40fda950e44b131713a2b2553 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3100\banner
| MD5 | 495a895d0a2feeba59737c745aa3f8ce |
| SHA1 | 48d5ea108fe612904ad80dc9e4296107d566131b |
| SHA256 | 26fb568a4bf976c45eae8d0c948a6ec2361bd0c027d1c325eb2d4319febaafb6 |
| SHA512 | 7c11b9b9e14691b074ac507b1f37ba1ea107ef6fa617fc309dc29cc93b896486dc2bf575bc91334435457ac7fe4fa214c902c6c3d615093674c1828f9db2ba17 |
C:\Users\Admin\AppData\Local\Temp\MSIFB90.tmp
| MD5 | 2b6fa5bfa4831df74de91db162bfaad1 |
| SHA1 | 83c0bf7bbdecd65bcae1757a6a400ed8606cf8ab |
| SHA256 | 005e3260c33fb8c8033dec123d4e71613523fc5d11b32c93c74e86a35c876740 |
| SHA512 | fc4739b9fc23fb13765c107aa61ea57ae965d329874c4a57a62b980bb363939c53d8a966c0bc9bb92a794ebe6e3b52672bb403f684a273bce7193164d19ecc1c |
C:\Users\Admin\AppData\Local\Temp\MSIFC8C.tmp
| MD5 | eb6c9388e07bc78ab4503a4f81f7928e |
| SHA1 | 5e835188376fb2e1a1fd641009cb03e675acd475 |
| SHA256 | 5ff1e9d42d26f6b6324a5a4400c99d62d1c84a323c4f71bb2098e6478206d677 |
| SHA512 | 65e65d5b7fccc243bb8d0787c9cc9a6b59780ee76d3e2800b8005412788093c476ebd19b1a1e326581ad77e22ca93080f453a2aedfcc008755b494afc30ca41d |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3100\dialog
| MD5 | d1880a8297f8f1ff8cb4ee2dc1058a17 |
| SHA1 | 9fedea64be231c77c8c10b0bc6e4224632fd8dc3 |
| SHA256 | 893454cc12eb3b298cf50e5915f890c86a314fce41ca3062c524ebb83349161f |
| SHA512 | cb1f50427d04628f102eafc239ada43d72bc7371cbf86d4311f4a47e9223b511a375c92b22748d54a88586b4f0436cb328c992f424c6873c9a1a5b88fdfad699 |
C:\Users\Admin\AppData\Local\Temp\shi4572.tmp
| MD5 | 77d6c08c6448071b47f02b41fa18ed37 |
| SHA1 | e7fdb62abdb6d4131c00398f92bc72a3b9b34668 |
| SHA256 | 047e2df9ccf0ce298508ee7f0db0abcb2ff9cff9916b6e8a1fbd806b7a9d064b |
| SHA512 | e1aeb8e8b441d755a119f45a465ca5660678f4131984322252bfb6d2cec52e7ee54d65a64b98429b23915eb5707b04b5cd62a85446c60de8842314130a926dbd |
C:\Users\Admin\AppData\Local\Temp\shi8D77.tmp
| MD5 | fdce43712079c189e993ff27df2911bc |
| SHA1 | 6f0465aeedb699de995e1c3b25f8f902bc05545f |
| SHA256 | 47267b3ddec6deeb0b018afbde2b99d17350329a52f0ae49f66b5edc5fcc4366 |
| SHA512 | c09215b7d0f567ed20e08c8b16a6738f07c7631e25f4bcf68f4d072016f509378eb1e9b4d519afa1e19c0aa11d104051d8c47732e39bc48d78be8f5d5696fc71 |
C:\Windows\Installer\MSI93EA.tmp
| MD5 | dcb6b94b4a41fabdbdbb6fe2a362681d |
| SHA1 | efd8d4c271178a6cc37a265f287abfbc6ea91e13 |
| SHA256 | 7a370cdf28500d571d1562a9ddb4977f6a837a7b095de9a7c469c7079923da95 |
| SHA512 | 5dc3fda6012667cdf6f9a5ba96b01a4d74b0d4dc1f53ce2ad36296d79591c8eb34ec787ced4862b768523c3fa69ffef4b88ff653774357d7d5a052efde3bd87d |
memory/3908-1089-0x000001BCB0790000-0x000001BCB1251000-memory.dmp
C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe
| MD5 | fac5393b4a702bb30fa7f668ae631cb9 |
| SHA1 | fc48daf5a780596d5c5f855ee73c3290eb450219 |
| SHA256 | c39ecf957cfdb017f08d0a6211e130379e58d6a56d46b58d511782516c7b982d |
| SHA512 | e4c91922dfcea6e3b0630e10a4d3da6bf3669ad346e423c12a2d4d106ba8a57ffa319a870bbd973e0e3f8866359a9a7901f10332c1217709d57c6b55709be9d9 |
C:\Config.Msi\e5b8896.rbs
| MD5 | 27dc94fc2f26aa821deb1514da7ea757 |
| SHA1 | 32844333e0164141ba0a733e50757dcb594464aa |
| SHA256 | 9b4113fe127867b5d92de492db10e725226d50338e911dc090ca59102384e71b |
| SHA512 | b051b376c10fae510851925151549c2781eefaa8d3b9940324299084aed6bd65538b26e184902a5e5086f0869d30f81fd8140dd95d0e3b32b92ccc4b052b5722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8df6f5db43dceb7d3a5e51a50e1d1f56 |
| SHA1 | de1736667a9480b16d5e7add0261181714333648 |
| SHA256 | 4a189ad462de8acfeecd6e3b9647b6a21db8e73666380c412a0fa873c34bde01 |
| SHA512 | 7bd464cef7b34ef393f0b93c8cbda5583269437489d5b8fe2151d39a7b71dbcd207427b2218497dbbe606f225da3a99127b51054667a46928c388b7b7b1e1fcc |
memory/2024-1286-0x00007FFB95800000-0x00007FFB962C1000-memory.dmp
memory/2024-1287-0x000001F036CA0000-0x000001F037B30000-memory.dmp
memory/2024-1288-0x000001F0396C0000-0x000001F0396D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0968bb40-d689-4dda-8574-8c2ff7ab6008\AgileDotNetRT64.dll
| MD5 | 5c1f504b4d399e02f48c20dda0419727 |
| SHA1 | a04fcddaf95121d21c3e85959faaad2165941398 |
| SHA256 | a4c4df55fa2e4d9ec9e1da89581801d492dab1dcc260bf579e411dff1083edd3 |
| SHA512 | 0d95f9021a221b9914d1836aaff54e6dbae1a8d4940b07985a19135ce5960484c7758a1243ef6a5f38a74d8fcd5f23f09b79f239576bbde6cb4c0b480a916a4e |
memory/2024-1294-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp
memory/2024-1296-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp
memory/2024-1297-0x00007FFBB8A30000-0x00007FFBB8C25000-memory.dmp
memory/2024-1298-0x00007FFB98580000-0x00007FFB986CE000-memory.dmp
memory/2024-1299-0x000001F052F00000-0x000001F05357A000-memory.dmp
memory/2024-1300-0x000001F052880000-0x000001F05294A000-memory.dmp
memory/2024-1301-0x000001F039700000-0x000001F039712000-memory.dmp
memory/2024-1302-0x000001F052950000-0x000001F052A74000-memory.dmp
memory/2024-1303-0x000001F052EE0000-0x000001F052EF6000-memory.dmp
memory/2024-1304-0x000001F056640000-0x000001F05696E000-memory.dmp
memory/2024-1306-0x000001F0396C0000-0x000001F0396D0000-memory.dmp
memory/2024-1307-0x000001F056510000-0x000001F056528000-memory.dmp
memory/2024-1308-0x000001F057940000-0x000001F057B02000-memory.dmp
memory/2024-1309-0x000001F057B10000-0x000001F058038000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{e776b2f9-12c5-b84a-bc83-8e872971459e}\usbaaplrc.dll
| MD5 | 1428a8b3dbf4f73b257c4a461df9b996 |
| SHA1 | 0fe85ab508bd44dfb2fa9830f98de4714dfce4fa |
| SHA256 | 5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20 |
| SHA512 | 916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7 |
C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388C.tmp
| MD5 | 26eee7af8aa1ef8c1bd7c9327c602844 |
| SHA1 | 990a56215aac7000eac9371f489a0fc57d560078 |
| SHA256 | 946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30 |
| SHA512 | 1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d |
C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388D.tmp
| MD5 | 2da3a91b71919d035d8fd17b6b90bbc2 |
| SHA1 | c2c6a29f3abc80fd992777a92df30699124d37c5 |
| SHA256 | edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b |
| SHA512 | 71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b |
C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388E.tmp
| MD5 | f957092c63cd71d85903ca0d8370f473 |
| SHA1 | 9d76d3df84ca8b3b384577cb87b7aba0ee33f08d |
| SHA256 | 4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf |
| SHA512 | a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc |
memory/2024-1406-0x000001F0546E0000-0x000001F054712000-memory.dmp
memory/2024-1409-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp
memory/2024-1411-0x00007FFB92990000-0x00007FFB92C3A000-memory.dmp
memory/2024-1410-0x00007FFB94330000-0x00007FFB94443000-memory.dmp
memory/2024-1412-0x00007FFB987E0000-0x00007FFB98868000-memory.dmp
memory/2024-1415-0x00007FFB95800000-0x00007FFB962C1000-memory.dmp
memory/2024-1416-0x000001F0396C0000-0x000001F0396D0000-memory.dmp
memory/2024-1417-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/2024-1460-0x00007FFBB8A30000-0x00007FFBB8C25000-memory.dmp
memory/2024-1466-0x000001F0396C0000-0x000001F0396D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | bbc7e5859c0d0757b3b1b15e1b11929d |
| SHA1 | 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d |
| SHA256 | 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2 |
| SHA512 | f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ebd62365817ff6c44bca7f2e367a8573 |
| SHA1 | 27a878635bc25e11f88670d619b2fc3f781e2532 |
| SHA256 | f65910a9a41a27159c17c3504bae8d477833bd8c7a915d53950239fdc45b0fe6 |
| SHA512 | c9f2e5e4a1a46ec357cb6d5cf9676e8d8ded8cd03b33562b8281d1f9a5f983aaabdf5b0842407e8db63ac0d26aaa5b4e076d0d57f5f02062cf6b560f6b0d7ec9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20bdb82e8a76c578641635daecfc0c84 |
| SHA1 | 51097f57fc5d7a4f1caf88c64435cb04d606bdf4 |
| SHA256 | 82a3628fb6ff727a54534bd958d87a569e54a7937af6183586c253104fdf83bb |
| SHA512 | 984a93f5ce4c3d3bdbdcf02c6b9492b0a17f2f19da55267af2aeb7694c276be483a5f04f025df326601b8631f977c1febab96e5f1438e309b1d747e29ddec6b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 97fd426a0b8077ba613027ba169df7cf |
| SHA1 | 7aabb73a224a6bc79f0846e733a1484b5e11f714 |
| SHA256 | 07be1f8a12fbc892fe74ad946073162948ca1fd5a8b343a3eb3d4b8c1ab6e7b0 |
| SHA512 | 14fb966d23c050205a55a4868cd0d051abe2c68fdeebcdbdcd8625b90a781cfddcff3d9c946816fc0e088f14604874f8486d01057676d1d4b742786544c1996a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 2763764dfde10eb91482b385a0dd9867 |
| SHA1 | 872cb4593ef3a13c45817added8dd7faf92fab65 |
| SHA256 | d3d35a89d9df3f3f0dc8f26196c5288761f11ba525c04c74a1e23739e0835099 |
| SHA512 | 53aad46e8550c6482705c0df9d9d89421c2c2f6b846fc559bcb1ea7bcc566839275e6ae6364815fe7c8fe2d6aefca2572085199332a896a220890888f9cfedc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
| MD5 | 319e0c36436ee0bf24476acbcc83565c |
| SHA1 | fb2658d5791fe5b37424119557ab8cee30acdc54 |
| SHA256 | f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1 |
| SHA512 | ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a7ff5fa76b8ae509526d6e62198f628 |
| SHA1 | 43b214a2e353646dc6e6430be75acda5ce56b2fc |
| SHA256 | aee2322ebf205050d033bf8d5ac0c3a271c82df6e1342fe8dc3bf5cfbd2c317b |
| SHA512 | d0f2346bc732e85f7e70f6e236fff1cb1f9b4756743375249eba27461834079692a949a505912d824e551177408f35ea9b8fc464a7a5c78cebecccea13f14fe5 |
memory/2024-1723-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\703993fe-1155-4b0e-928d-ecf42bd6e1be.tmp
| MD5 | 5431066667f25c44ccb02779eb3813e8 |
| SHA1 | 96049f99bad19aeb9811ac150b56468b69cd7647 |
| SHA256 | f06054f1739ff8baf882ae860a2b7a9c9a584b0bcc6f25913ef135153c249aa5 |
| SHA512 | 3a8ccdea169b823b1f57f8267126a5caa6193c07766adcef6aa60fa77822c567fe707d0c42071542e4e2d20099227dbf052d51c47d6294ddf5e60166110a7b7f |
memory/2024-1804-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f38886a5ed3b52c544823e6e0077c484 |
| SHA1 | fb2b315914c5ee9ee9b8949ab798a41c4c3bd375 |
| SHA256 | 116142a1d4b0a749a3614b24b15a1965d58c002f9f4ee50476e0889d2dcafdee |
| SHA512 | 819acb810aa65c2650fd1b76a685ff33b50f9e263ba1f2168af2fbcbdf892a5b21a16d88b75e98b346d436e8ffbc2512c7519940751c5ac85054e9f40f0b8f95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cff86.TMP
| MD5 | dc7d722ab4845e41acf36d8fb0ab3a42 |
| SHA1 | 20786092b17f36d8e04bee74c9d32bb694647563 |
| SHA256 | 1defa59dd6fd07c331471225fd11e918e0f3c53bc7d5c1bad6b1e090ad2a4cc9 |
| SHA512 | 9921a88817d8dd9d6a1fa7527546f2153492ef5e2f346b347ba104c2dfcccaf5e194917a5c500abe7b057a555bc3d0211436f4a75af113f1024635ced0359e8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f316194ec5442d4bcae2137e22ba8438 |
| SHA1 | c243ac9425aa83d7f9931378c4659d0e5c3b0360 |
| SHA256 | 8bfcb9b54277fd22de27c3cd1bee215bc0f281159cd852f3bc590b9bb44fcacc |
| SHA512 | ca157b75176b360a8d7e086c9b934ed5fead9ab7503a93f882543a0234c974d1efbaf9fa619459337d7bffecb960c6e35a0208c48bec72275e2207fcded9d10e |
memory/2024-1864-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp
memory/2024-1866-0x00007FFB92990000-0x00007FFB92C3A000-memory.dmp
memory/2024-1865-0x00007FFB94330000-0x00007FFB94443000-memory.dmp
memory/2024-1867-0x00007FFB987E0000-0x00007FFB98868000-memory.dmp
memory/2024-1871-0x00007FFB95800000-0x00007FFB962C1000-memory.dmp
memory/2024-1872-0x00007FFBB8A30000-0x00007FFBB8C25000-memory.dmp