Malware Analysis Report

2024-11-13 16:14

Sample ID 240415-ghzcpsgb54
Target https://checkm8.info/es/libre-bypass-activacion-icloud
Tags
agilenet evasion themida trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://checkm8.info/es/libre-bypass-activacion-icloud was found to be: Likely malicious.

Malicious Activity Summary

agilenet evasion themida trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Manipulates Digital Signatures

Downloads MZ/PE file

Checks computer location settings

Themida packer

Executes dropped EXE

Loads dropped DLL

Checks BIOS information in registry

Obfuscated with Agile.Net obfuscator

Enumerates connected drives

Checks whether UAC is enabled

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-15 05:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-15 05:48

Reported

2024-04-15 05:55

Platform

win10v2004-20240412-en

Max time kernel

389s

Max time network

391s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://checkm8.info/es/libre-bypass-activacion-icloud

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION" C:\Windows\SysWOW64\certutil.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL" C:\Windows\SysWOW64\certutil.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION" C:\Windows\SysWOW64\certutil.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation C:\Windows\Installer\MSI9204.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\USBAAPL64.CAT C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\usbaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\USBAAPL64.CAT C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388C.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET389F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388D.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET389F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\usbaaplrc.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\AirTrafficHost.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ideviceinfo.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevice_id.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\plist.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\amd64\libusb0.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\Apple_Mobile_Device_DFU_Mode.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x86\usbaapl.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x64\usbaaplrc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ASL.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\AVFoundationCF.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\iproxy.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\boot\boot-old.raw C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Shaman.CurlSharp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\x86\winusbcoinstaller2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\bz2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicerestore.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicesyslog.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\objc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libcrypto-1_1-x64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libdispatch.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\pcreposix.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libusb-1.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\MediaAccessibility.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\OutlookChangeNotifierAddIn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\APSDaemon_main.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\iconv-2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicebackup.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\lzma.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicedebug.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\QuartzCore.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\Apple_Mobile_Device_DFU_Mode.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\icudt62.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ideviceenterrecovery.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libusb-1.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\iMobileDevice-net.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\amd64\libusbK.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicepair.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\SQLite3.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\MaterialSkin.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\idevicediagnostics.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\amd64\winusbcoinstaller2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\dpscat.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\readline.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\WTF.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\jose-jwt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\libusbk\x86\WdfCoInstaller01011.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\CoreText.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\crypto-44.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libeay32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\lskd.rl C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\dpinst64.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x86\usbaapl.PNF C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\imobiledevice.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\libtidy.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ssl-46.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\boot\patch.raw C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\plist_cmp.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\usbmuxd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\zip.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\curl-ca-bundle.crt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\getopt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\libs\ideviceactivation.exe C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI89CE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8DBB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI91A6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9802.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b8897.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8D5A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{E489471F-69DE-4243-9B3A-838F081C29D8}\Checkm8.infoSoftware.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5b8895.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8D3A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9118.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI904C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI93EA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9F94.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E489471F-69DE-4243-9B3A-838F081C29D8} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9204.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\e5b8895.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8D6B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{E489471F-69DE-4243-9B3A-838F081C29D8}\Checkm8.infoSoftware.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA37D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8D9A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000fb52bddf7f22308e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000fb52bddf0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900fb52bddf000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dfb52bddf000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000fb52bddf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4FBD7DFEF531EE246A95B5DD8F9D05D9 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Media\DiskPrompt = "[1]" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Checkm8.info\\Checkm8.info Software 4.7.1\\install\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D\A918597FE054CCCB65ABDBA0AD8F63C C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D\MainFeature C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\ProductName = "Checkm8.info Software" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\ProductIcon = "C:\\Windows\\Installer\\{E489471F-69DE-4243-9B3A-838F081C29D8}\\Checkm8.infoSoftware.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Media\1 = "Disk1;Disk1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\AuthorizedLUAApp = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4FBD7DFEF531EE246A95B5DD8F9D05D9\F174984EED963424B9A338F880C1928D C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\PackageName = "Checkm8.info Software.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F174984EED963424B9A338F880C1928D\C4FE6FD5B7C4D07B3A313E754A9A6A8 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Version = "67567617" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\PackageCode = "772D0FED4005D9F4DAC8675692E4DCB6" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Checkm8.info\\Checkm8.info Software 4.7.1\\install\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2288054676-1871194608-3559553667-1000\{21FE6007-5F54-42C7-99B0-63B7FFD7DAB0} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F174984EED963424B9A338F880C1928D C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3336 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3336 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://checkm8.info/es/libre-bypass-activacion-icloud

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbada046f8,0x7ffbada04708,0x7ffbada04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Checkm8.info_Software_Free_1.7\" -spe -an -ai#7zMap11091:122:7zEvent17121

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d4 0x438

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7064 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap3420:124:7zEvent5958 -t7z -sae -- "C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win.zip.7z"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\" -spe -an -ai#7zMap16318:124:7zEvent4857

C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe

"C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6C70300B2EDBF133710689E0F56DAF34 C

C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe

"C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe" /i "C:\Users\Admin\AppData\Roaming\Checkm8.info\Checkm8.info Software 4.7.1\install\Checkm8.info Software.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Checkm8.info\Checkm8.info Software" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Checkm8.info Software" SECONDSEQUENCE="1" CLIENTPROCESSID="3100" AI_MORE_CMD_LINE=1

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DD9E3FBDA6666649829E8915EE69555E

C:\Windows\Installer\MSI9204.tmp

"C:\Windows\Installer\MSI9204.tmp" /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" C:\Users\Admin\AppData\Local\Temp\simple.cer

C:\Windows\SysWOW64\certutil.exe

"C:\Windows\SysWOW64\certutil.exe" -addstore "Root" C:\Users\Admin\AppData\Local\Temp\simple.cer

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 56A750B806B89997012CD3F8200A25E2 E Global\MSI0000

C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe

"C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE336F.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE342B.bat" "

C:\Windows\SysWOW64\attrib.exe

C:\Windows\System32\attrib.exe -r "\\?\C:\Users\Admin\AppData\Roaming\CHECKM~1.INF\CHECKM~1.1\install\CHECKM~1.MSI"

C:\Windows\SysWOW64\attrib.exe

C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE336F.bat"

C:\Windows\SysWOW64\attrib.exe

C:\Windows\System32\attrib.exe -r "\\?\C:\Users\Admin\AppData\Roaming\CHECKM~1.INF\CHECKM~1.1\install\CHECKM~1.MSI"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE336F.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" cls"

C:\Windows\SysWOW64\attrib.exe

C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE342B.bat"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE342B.bat" "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" cls"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e776b2f9-12c5-b84a-bc83-8e872971459e}\usbaapl64.inf" "9" "44b456927" "000000000000013C" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\drivers\usbaapl\x64"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap1246:168:7zEvent11127

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffb8c6cab58,0x7ffb8c6cab68,0x7ffb8c6cab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3868 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1760,i,1993231118595259755,10297103465999176965,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.apple.com/itunes/download/win64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbada046f8,0x7ffbada04708,0x7ffbada04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,753065683229907594,10177123357630769014,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 checkm8.info udp
US 172.67.200.27:443 checkm8.info tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 27.200.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 platform-api.sharethis.com udp
NL 18.239.94.125:443 platform-api.sharethis.com tcp
US 8.8.8.8:53 buttons-config.sharethis.com udp
US 8.8.8.8:53 l.sharethis.com udp
IE 34.254.145.10:443 l.sharethis.com tcp
NL 18.239.94.112:443 buttons-config.sharethis.com tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 125.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 112.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.145.254.34.in-addr.arpa udp
US 8.8.8.8:53 count-server.sharethis.com udp
US 172.67.200.27:443 checkm8.info tcp
US 8.8.8.8:53 platform-cdn.sharethis.com udp
NL 18.239.36.75:443 count-server.sharethis.com tcp
NL 18.238.243.97:443 platform-cdn.sharethis.com tcp
NL 18.238.243.97:443 platform-cdn.sharethis.com tcp
NL 18.238.243.97:443 platform-cdn.sharethis.com tcp
NL 18.238.243.97:443 platform-cdn.sharethis.com tcp
NL 18.238.243.97:443 platform-cdn.sharethis.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 75.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.243.238.18.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 52.224.31.34:443 h.clarity.ms tcp
US 204.79.197.237:443 c.bing.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
NL 23.62.61.155:443 r.bing.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 l.sharethis.com udp
IE 108.128.70.144:443 l.sharethis.com tcp
US 8.8.8.8:53 144.70.128.108.in-addr.arpa udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 p01md.com udp
US 67.205.145.220:443 p01md.com tcp
N/A 127.0.0.1:51845 tcp
N/A 127.0.0.1:51847 tcp
US 8.8.8.8:53 220.145.205.67.in-addr.arpa udp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 172.217.169.67:443 www.recaptcha.net tcp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
GB 216.58.204.67:443 recaptcha.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
GB 216.58.204.67:443 recaptcha.net udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
BE 23.55.96.225:443 www.apple.com tcp
BE 23.55.96.225:443 www.apple.com tcp
US 8.8.8.8:53 225.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 secure-appldnld.apple.com udp
NL 72.246.172.232:443 secure-appldnld.apple.com tcp
US 8.8.8.8:53 232.172.246.72.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7e0880992c640aca08737893588a0010
SHA1 6ceec5cb125a52751de8aeda4bab7112f68ae0fe
SHA256 8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2
SHA512 52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

\??\pipe\LOCAL\crashpad_3336_SHIWYUIMOAFODNBK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5e2f0fe48e7ee1aad1c24db5c01c354a
SHA1 5bfeb862e107dd290d87385dc9369bd7a1006b36
SHA256 f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9
SHA512 140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8698fa05d3431029114641f941375e57
SHA1 4b0771c90e60686436ef601ab9ed5991744953b4
SHA256 fc30f9ee6f90202fac6b21e95c6099151976ab7b3f63c2e41bb9c09cb044d5f0
SHA512 24a999271abae0b321095d6b15d2318287093d4ecf34fe638c22165da9c9b1a781081261d8898a8322392beeaf6879c11288e3ea1c14d64e90a38aeba8d638e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 789c14a83920e7af98ef3d0b32a65161
SHA1 9d8329be545869e3fe1f4c1dd3951de18fafc7b3
SHA256 88bc840c7fc022e3970ac69f132fe8b37429a8c63867f880729cc15c7b8fd030
SHA512 23dd85f302093820b4c5c7d4d00929273c68ecb55c0fb9bcb447b8206f14400ca25f8753757773d158410edb14a0a9b643b4643008fb9aa55ee696ce108440e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c4c462e479df23a75c7dc0a4e2edaef
SHA1 8ef6b2659802c57f8a6b4d75f80db94b76d71289
SHA256 e709144ed53e2f73ffd8dc9bd047e215704638551e6a9e2ce077259b1eb72ac1
SHA512 c72ac51b2ca310e9277b096e7904c36cebe22e47ff10e16577b0b61a85ed14288da858ef8f9fefa433d8637b80143c4cdd45ed99d1712e613a6b7b5857ebdb86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 548fea23b3811024df31aac630d83736
SHA1 29383301e5a6a38379c74e4751c2d5f2ea343876
SHA256 1eba4126dcf65787ceed6a67c506ad77924957cfa5c1a45382441dfae8a059d5
SHA512 f7a12ae8ec4ba85c85e2566824d507e38c23e37a0bc3a9cbd70a99a1230dfeefb3fddf8e1cdfaa7abc98e65256ac0488a2e59f20e3dc0e799042447ebda59286

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ccf9bd903f486f0c20d26302796b4ec7
SHA1 50e2fb08f2dac2898d07ad720218d5e343721960
SHA256 e4e3970ee481dd3af131b4ab847d6c1398170f858b08feb1a73dd312e7134533
SHA512 d78270e8aaadd48badaf66efcef9c2b5232a464b96893f44d09b4b037b11753200d3c6420130d5bae1be1b4eeb5f7e2e76064b43c3b45b670d9f0c5ae1cb504f

C:\Users\Admin\Downloads\Checkm8.info_Software_Free_1.7.zip

MD5 5e86785a0f5fb697df23a3b0d7280880
SHA1 df56419bb201ca6deb5133e1344e81b30d6d01e2
SHA256 1dd7149d04a48ead9a0a5052a2839d4329fec39dff9d34160b3da270aeeeb2ae
SHA512 159d31b5166135aef771ef1e1e508e7821241fcf31e233b6d386726c061e0ec7a6728088034bb64c0d5d9f71acb2d13dd9764471c2c2d74f93fb4402d6fbf073

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc3f220de9481a434062c7e707843a90
SHA1 e5fb0ff77be5e1fc41c2f1749c87f7ca7e1b80fe
SHA256 a9fe746740c5b1c4324cf8109059855de4280553d4823825c80a2bbefcc97701
SHA512 63480f9f983a6ca556a5e5936b4a039e859b5c9a548917b4e9a3a4af1be274a1716bbd18d1c04ee1bc91d699e888a273fcc797a032ad89ae5717122359f46461

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f169c0649561e84aaddaeabaa6fd0397
SHA1 52d4fa71d9e8ebf74c4238a82d8ebca183a004e2
SHA256 a3430e42cc18f8eba13966ab71617401f50a6a36bc826d0676bec6856c06b0f3
SHA512 38c0296ea36e4b440984b2e67ccc023781e1688f23c787c40eed076aae099d51dad4c57e683b465e1af5627675849a5e012d6aef1af85dafb4e405ec8d34e95d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b6f16c9c926c7b8eb8f60e6b4520a50
SHA1 2e44213a4a4c165915785ecc7f3c9182f9145f91
SHA256 b0cb7dd750af93bba360803c804ca36bee2789235575da5abb8b4e84245a97d1
SHA512 96e2d7f136ce554efa6bb3b4719b66b1c02397b703e4f17c315e84dee0003faa2102362e5ebd7fa0d2c898924113788484529641ca5c50cbbb9c5f3b1eafb70c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5875a8.TMP

MD5 31632d4de329b871d18707e860a7465c
SHA1 83934f5e19c9b18e54a3f8c280e776b558f152da
SHA256 362b84dd6afeafdcb100d3656765c9451cbeca89799e889ed93e4602d9c4b613
SHA512 1e31acbadaf326609bfff8b7db7b9a721f7da134ba2d3272fc16ac9c79893f0bc6f5509d321e7eaffd21211483c0ac1da614a6277c1eec0c8ec1a7b8c387edfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 156e5a996dd6c09fcc5ff96e29dcd522
SHA1 8febd26a9cd808368e4a96e5c4b913daf8f7a0fd
SHA256 5fe1dbb659dd0542a12a1190f14baee1e7a2604e81457a4dbf809c9ef4ac72e0
SHA512 e66b277ca94dd6b5ca6b08aea459835a6961f281e0e89b27513324a1889eea63ef6af1e1a87388dce2adecaa669192421fa3ec7b4e56afc769d72ef0d9e628b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e53c79f9cb9f86920cd1aaaf428c051
SHA1 a6cb03faf6f820c9b220e4890177f5ae439dfd0b
SHA256 dda320fdef0cbc32fb86f3dd513a26cb7ebea3774a16f0503430202c27e6ec92
SHA512 06f944cb4178d5b2fe92f1572a97e6b8adaf052eefaf243dbeb249e4d3e0d788790039970726517fe4fd39afc5c4197a5ccb82927676d02da72d3a37b4b80f35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 1548c5f675f1d1fb0e51d7c1f506aa78
SHA1 4170f4215c2c9ea4eadcf3770dac2ced5e11f413
SHA256 2149403b038e0b92af4544cabd1b5b0cebe5b3caf3bfd17b0a4d8fe96fb3bc48
SHA512 b724040d3d6228f9b08c3f4a94148585ce385ee25af0eb83ccb78edbaaaf4efb94a81e19e27770adc5f34f34a8fd5ef90234e02f25d773aa09b4fd3f13c2664e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 d404b61450122b2ad393c3ece0597317
SHA1 d18809185baef8ec6bbbaca300a2fdb4b76a1f56
SHA256 03551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb
SHA512 cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff885ddde2c3a2af624b9c8fd00a041f
SHA1 1dca2971030271294e562198dddcb4ae3581ace5
SHA256 a2d46133d67be39ab9c99854d17537364fc60a1484ff4929beb653cd6d71e4b3
SHA512 b7b5f48400ba3298299ea9508c802891eb09766f72913c8ee2bd3dc4b1d88895f347ee204ec72fa489e81e632dd6c8469fcaac532ee79904efead3ba537f54c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11b57613931622db0de894beeb6a6603
SHA1 3ec2fdec5ff3ae15a776ab470dcc935e59562d7a
SHA256 24bc4ad73a581ecd100f03064e4a7637227490448b3a17def3f3085c77741766
SHA512 624a3a33ae8315257061290d733a861d4e4d14c180a58a9df0723c226ab243400abb5e0ea7f2e1c22e38df63f44b7c10e609f1da1bb85494ae827efd488ac0ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 895a0d04fca6dec272260e63a800886e
SHA1 cc942df4e8b9a8ae5509e18897c44621b59e974e
SHA256 8cdc6c37d57e00f11685f137000cf1c5b421e548df647310f6f8051f562cffbd
SHA512 86ed6d26c8d25859b51d340f9be5474e5bece7b8f80cca174fa96f0503921fc65f7d76b5a658ea8a5519568742ebfca44b1efbfc30b442a86c4e8e2d8c2ee449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8822c8e6f704f7efaf5590952df7aa22
SHA1 1e1bc169a5d2643f3e97d3d02e5f0e440563b3e8
SHA256 5b243660b5408c37b5d9e74cc0299af37c08391f07c93c23f7ecdab50e44d87b
SHA512 4a679867e9983087b15ebe669d343c0698e7fe7c2af255dbd5fcc6ff20ab786dcb491b6b73c88ac3885c2b16c8d3a16e943f8af2216a95ea2a92427be39c8fd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 dead7605761e6fb420b4890a25f6e217
SHA1 57e3cabe9fa159d16adc2a9f33774e361127e12b
SHA256 756077635b6ed8ecb26db0b1c134e4ddcf6a9ebf2650e859700b1031f52fea95
SHA512 51a594402aeeaad6548d378227970e5d38f8ab2eee2066ce521ac96f02ce390218083dc8a05022dbf1a53a057b50d882f1057d22a00593d0f79f3f933f851440

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9e551f781c0affb0dd2943131b8de156
SHA1 57df8f8aae01bce9e60313565a6eab0094cd8107
SHA256 974387068642f566d840c65eb4d999acd8ab72824877fafa8772e7db9a1d0147
SHA512 1954836de00d7fccb4454070e80b84f05228d088b623b133688d8f0df00d751935789dd3e6e756e44089f45f195502ef8332bb1130f3d1b7b3312eb6078ae2b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 b9011d56355a8635ab81e60137c1c791
SHA1 9a6388cd7f676e571a506e56e0807586a701b68e
SHA256 768a00ace58edeb647c6b05e497e62aa5c5b384db9f51e5747e767712e40109b
SHA512 b6069e5b8fb63471ebff9bb686a2f41eb42f585b84c3e24c6f5331ca6d1ffc6e906fd4e2f93235f4914bdf010f1ea1b36f65c256c5a71127d8d8a814b49f8ca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 b25bfdec4bfb0e03e30890d4e7ad42b7
SHA1 ff0c1ebbcf9dba1ea88e8075d747f32b03f8c8bd
SHA256 e22ac8151e5a6346188f4a5d232ca565ae30cb6c62902afa41b06eb59d264f69
SHA512 f3e246277ba326b8ae7e2e604a4464c7ea8b4b6261548dd2361765e79efa1f6497008aafdf00ee31c66e9b7aa9665559c7ed457d401b5e549fb31e224dda5cbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 62698095d84c3f537ecaad46eb462f5a
SHA1 b5d379ce4587afb0a099abc501b05c9405bfea82
SHA256 df7bd6f50fd9ff963989e1c6f92777c0b1419b35a27e60f19574b3f195632105
SHA512 eccdec53cebb3eb59f0bc2a387a1613d9634a1cce60418a876bb53319f0afe2bfdcea0cc0f360303ad637f493267c6e78b2ca537ee66c9fa7634586ee902423c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 32fb09ac7f0788f9f9f1d9e8df4a380e
SHA1 a145c3966b889f9002a5571efe479091f5554d24
SHA256 43c0680ed27a0637ccb9d05df800f2439fa3f654e47cf4ca9d71431d88926c38
SHA512 a97e46b3872cae49a8d66b17431c69be56fcf7f16e8a51fc588686715c55ad6a3e1c61c0f5eb3369ea78f82312205232bc7681b188e61fae747aa44da7d55eb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 05cac3c194cae9d365bdbf1b7130fdc3
SHA1 3bc8bb00395396a09a4f815becc8a8377755c611
SHA256 bab65db0038cf38ea29aaa4dd635d61eba69dea6dd8729b1fb70de7df743069e
SHA512 29650a0db490e6c9d113f021aaa35ab255d0e750d7943df8d66dc13f5fb05337b17092cea56bd6d05b3d5a5bda85bcc240a6e8f29c59022b38087de778834cd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 f95a0faf6629fe55dba24478808491ac
SHA1 c91fbfa760c6642f522038a7e90b9445cf8c762f
SHA256 3401a6c618e31c817b75f603ff2ecfd83b8b75e4309aa09007cad5e98878f1f9
SHA512 06f2e5329db17deb104bd106cfc84ea2b321a4ddf64d6d4acf37462cc0d898530b3d913f2c48c7cc29063bb22430e9d12ebd6c9f8e32a2e980cd985a40923673

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 3cacb4c4c33664b76408f0da848b31bf
SHA1 f5933b7bbe0a51168d1fc789607184c2c53c9768
SHA256 fcbaec9f0972adb8b67e1524dddfca26ba27ae917028fdadbb04d9434ebb7e55
SHA512 ad2b5b11c3e1d9cbd9f6e21bc14243277941c2199a84f19d3236099a35fe71b378f3fe9c5ce3af258c37cbd035fb7389759cd500635a1c2c56c348a506998cbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 5b82a7882cde846ddf2597b7020194d4
SHA1 013e27a2c2e3224403c2ef9bfd02533ad68fdf58
SHA256 7e1bbd06db6f0bdbdde7b03b8a42be0cf36daf511d2a338b753d641f48bf92a3
SHA512 8678099d81684fe27073dfd2b72c57bc763457c2d09a0935dde9c94da991ba1c1945a051e11dafc49a5f10dcefc7057525398a3faa8787af64759451c8d75773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 be51aa72e7a36026ee724507516e71d7
SHA1 f17096435a75cdff6ca72b1101d692b32334c1fd
SHA256 cca624c74b4d86f5ddce961df941138e47b156f70fc80450b553d5b5a0c10679
SHA512 f9cc9f29bdfa3875ae1d42aedb7a8933ad2ab126f8ee128884d7279f0ba6435da0c26043e1a3cc4e1462c058c73b68fc3318888f08a40082e7a4f2a20e2220b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 6ec92b447c8b2a24a324bbb9909e3e40
SHA1 4ee5c8e2aae327cf2d0461472f09d89f7b9d41f2
SHA256 44de068165813f35e2ffe4686f64a56989873fdfa0dd7e0c3b499d9cab854695
SHA512 ae8b980ca9a10f8432489aceeb346698e5ac06c3d0e6c97f849cdd74095a5284ae2297035acf8e1758c3e4b69fab8aae7c3078e5c98888f03945733778053c20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 2d403ff6258ec2358de0c00063351007
SHA1 bfefb27630edcb385262db455d4f00fd094b872e
SHA256 83bc8208930c3b68f759e2bf1ca934723541e8a9193e2aad2530de8a6ad5d13e
SHA512 e339f5536e0ebc0cf633930d8598946d1532cb0280ea611bc3311a80ecc1682a89ad0f2227160881029fce80bdcb2e19f2b3411955d933e1b48a9288a0f2b495

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 f8dd1cb0e1c7b1d8c66f3eaa8c8e2f96
SHA1 8214e855d8d8a55dded705bd7c439a9a21b6a237
SHA256 efb29f0021fee150cbda750ed7fba23f313c254466c848004383cf7fbbe4936e
SHA512 694d4b17df925ab5a15adefc6fbe9bf20a58479b504c343906e889d8824d4ecd0db35922ee50d66499d445a98ebd8dbe7b626e94a991eb1ce96fd60d1a646f71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 07be282907344c2ac0a78b8321932001
SHA1 8343a0760fb174cc95b1deb9dcc1b630c529b0aa
SHA256 b5ef679f93bb8b23ee7683ebdccc2226714d6cfc44ff29eadfae162853a3b75f
SHA512 6090b88c9ede4f4638749d5b0dde3e49146fcb2dd212777bb1ea33c11e146e8e349029112348c84369ce0c11ebc3f9cab686e3a052e326761cfc6bcde75e178a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

MD5 ba7fc36595027910c6d9878e4697f178
SHA1 ffc3b335c6e39815ba90c108e39585594bb9eaca
SHA256 55fa1ed8db4f5ebda47793a3e04865c9ed5527f63e638b1e952a0d86cb4c78c3
SHA512 c52a74ecd42ab1371ba0691d6210adb8f3e61b691477832325d298a41b2c20de0121b0a92c936232294f8c356888b49ecc4dd6d5ed5e108e15aa604ca3c7e7af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5385a82645c71d520f745202a650667
SHA1 c21bcea896ee070d8ed8b5a8319965d22c61bdac
SHA256 7df3567e8754c76c9097ea6b3d841ed70444c410a680aa919f4fe7548e839651
SHA512 501517db81825f649aefd73f17d796a9117210f10c739cd07817c1c3966b01b1e17d4860a7dfb5867c8231afe59104d80d50a67371b7924f2944936a18a9dcd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5de8a4654c4a30c7072017732d2b9335
SHA1 75eb5eef905756059c6abcf143fab75700f0f73c
SHA256 db6270c35307384a05720b008eab7a23ea6c1464bf61be2c88675632a9a2603c
SHA512 663375c283fec3d86473f43212b1bb5dad9128938269ce06966db2457069cc45b02f9b7d2c16550fe422ffb0a70a702ba6beced8fa07b0aedcc1818c287fb020

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4951eca5f7ffc07b73925d9159c85f9
SHA1 320b354cd6a2fa8274e5294e23df35768df6ba40
SHA256 0a2dd7c4ce321afe0ea224f6313f30d29d8fd8788e943f663cfb32a1b7d21020
SHA512 3e5ed4926d7140d1f549c3e9357289cd1ab376f8877a1715729426403ac8eaf01ac22ca07406c8766808ad6f39ea5e019dd52b03fb381af732d56628549da652

C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win.zip

MD5 a4c22b6e208afecf4565d982287ccace
SHA1 1ec6f5885624f3aba174cefce08e30396bc1095a
SHA256 cabbe1d814c3718d7d57e953d3d88faf1b719e3455d34063abec6cb5feff3aaf
SHA512 f90dbe3abbac1978df1e2c5d394d1c39a84dd179a6693f64241fb63b91083875fd70cc5a75cbbe4f1574187fd6a847d09644935b870dad6d8a5bb83084b13640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f422cb1771a46f407d44e155956ca438
SHA1 876a742ae1d4724b003ae10ff6bbe597e75086ed
SHA256 1cfb9778e785a78ae2254373b77d200afd43fd3efe95e7d03bc56fcdd7fb97d8
SHA512 4587986b0b7982939ab4ed5519fef8eaeafad7ae1c9827dbfcf9c056044b70e5d3336569403bace5e08d6727b59246fed429e2d24fdf15da9c216ede40a3ef9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f2bc85664bd5e4a13619234bde05d5fe
SHA1 7fc695930f33a624da0638467c53c75e935bf627
SHA256 e7c36477e5217716583bed12d4e10ed0c1302fdd0b8a602e75a1fb9304ffbbb3
SHA512 41b709c7195f3ed8ed40b4736ee74e46548dad1f3a65a611bb25a7e80cb45bab1ab57a7c323efddb6d58075b38f5526a640d375563c8e050a6c89762eb9736e4

C:\Users\Admin\Downloads\Checkm8.info_Software_4.7.1_win\Checkm8.info Software.exe

MD5 a5b6acf1acb70f2cdf0539d0701d103c
SHA1 269ef4e0f732bc5f0d2ee3fc28fa6351ee0cc901
SHA256 df8bc2dfd6961766452c508d84917c40c109b8920d9c617b08cb62dc7c6668da
SHA512 6404e5329e59062bbb650d74e6b9545dfc509748dd253096255372c0f25714b03201a1eab8270cbdcfbe20ea3ca8f0cdfd83fd74dafef15029384dec7dc32b55

C:\Users\Admin\AppData\Roaming\Checkm8.info\Checkm8.info Software 4.7.1\install\Checkm8.info Software.msi

MD5 30c152f87f12ab86a690f12d6c426fbb
SHA1 7672e0681df44cd40370d5bc9dbc3a787df829a6
SHA256 8eb7d687c3f364b997dceb9a88238baf9f9d4222994df7988513fba6b9ddda7a
SHA512 db7642ee854a4ee4f9d738ff85ea726ab0d097157f6aa4c9731a54a89caab34293b4955c7705a863efe467bc38fe2e6084166e44aa87e92f700810a57725cccf

C:\Users\Admin\AppData\Local\Temp\MSIF762.tmp

MD5 5e33a5224c4d523a2517ba8a96aaff42
SHA1 12e41a9380cc890053b5c7e19769c76bfa1608d4
SHA256 d64407a6d5a5d48ddefd8376d8e7732f6e5d2318cf1671cb367302d566ed958c
SHA512 bdb2d57de5104db15c06e5aa4b852a007ef29139750eec050cd3ee013b7df1e15376b01528e32a1859a2132452032f27a4fcd58d163dd927b4b00a6b1b2ad8f1

C:\Users\Admin\AppData\Local\Temp\MSIF81F.tmp

MD5 0cca4ccd0c4a2712301f4488180404b7
SHA1 ee44cd435225b02709bb4b904e97d630d4ebe7df
SHA256 fbae7c3613e76953e08e58b4c48c9eb9cb2bcbca977cf4a04d614016d9b73cb6
SHA512 362e20be4d993111a6b469c8bd5cf8aeb167ed4e3bb1f0685f4dc81cb906b60d77f38a34fb2a0734484a424e8d550bcfd70170b40fda950e44b131713a2b2553

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3100\banner

MD5 495a895d0a2feeba59737c745aa3f8ce
SHA1 48d5ea108fe612904ad80dc9e4296107d566131b
SHA256 26fb568a4bf976c45eae8d0c948a6ec2361bd0c027d1c325eb2d4319febaafb6
SHA512 7c11b9b9e14691b074ac507b1f37ba1ea107ef6fa617fc309dc29cc93b896486dc2bf575bc91334435457ac7fe4fa214c902c6c3d615093674c1828f9db2ba17

C:\Users\Admin\AppData\Local\Temp\MSIFB90.tmp

MD5 2b6fa5bfa4831df74de91db162bfaad1
SHA1 83c0bf7bbdecd65bcae1757a6a400ed8606cf8ab
SHA256 005e3260c33fb8c8033dec123d4e71613523fc5d11b32c93c74e86a35c876740
SHA512 fc4739b9fc23fb13765c107aa61ea57ae965d329874c4a57a62b980bb363939c53d8a966c0bc9bb92a794ebe6e3b52672bb403f684a273bce7193164d19ecc1c

C:\Users\Admin\AppData\Local\Temp\MSIFC8C.tmp

MD5 eb6c9388e07bc78ab4503a4f81f7928e
SHA1 5e835188376fb2e1a1fd641009cb03e675acd475
SHA256 5ff1e9d42d26f6b6324a5a4400c99d62d1c84a323c4f71bb2098e6478206d677
SHA512 65e65d5b7fccc243bb8d0787c9cc9a6b59780ee76d3e2800b8005412788093c476ebd19b1a1e326581ad77e22ca93080f453a2aedfcc008755b494afc30ca41d

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3100\dialog

MD5 d1880a8297f8f1ff8cb4ee2dc1058a17
SHA1 9fedea64be231c77c8c10b0bc6e4224632fd8dc3
SHA256 893454cc12eb3b298cf50e5915f890c86a314fce41ca3062c524ebb83349161f
SHA512 cb1f50427d04628f102eafc239ada43d72bc7371cbf86d4311f4a47e9223b511a375c92b22748d54a88586b4f0436cb328c992f424c6873c9a1a5b88fdfad699

C:\Users\Admin\AppData\Local\Temp\shi4572.tmp

MD5 77d6c08c6448071b47f02b41fa18ed37
SHA1 e7fdb62abdb6d4131c00398f92bc72a3b9b34668
SHA256 047e2df9ccf0ce298508ee7f0db0abcb2ff9cff9916b6e8a1fbd806b7a9d064b
SHA512 e1aeb8e8b441d755a119f45a465ca5660678f4131984322252bfb6d2cec52e7ee54d65a64b98429b23915eb5707b04b5cd62a85446c60de8842314130a926dbd

C:\Users\Admin\AppData\Local\Temp\shi8D77.tmp

MD5 fdce43712079c189e993ff27df2911bc
SHA1 6f0465aeedb699de995e1c3b25f8f902bc05545f
SHA256 47267b3ddec6deeb0b018afbde2b99d17350329a52f0ae49f66b5edc5fcc4366
SHA512 c09215b7d0f567ed20e08c8b16a6738f07c7631e25f4bcf68f4d072016f509378eb1e9b4d519afa1e19c0aa11d104051d8c47732e39bc48d78be8f5d5696fc71

C:\Windows\Installer\MSI93EA.tmp

MD5 dcb6b94b4a41fabdbdbb6fe2a362681d
SHA1 efd8d4c271178a6cc37a265f287abfbc6ea91e13
SHA256 7a370cdf28500d571d1562a9ddb4977f6a837a7b095de9a7c469c7079923da95
SHA512 5dc3fda6012667cdf6f9a5ba96b01a4d74b0d4dc1f53ce2ad36296d79591c8eb34ec787ced4862b768523c3fa69ffef4b88ff653774357d7d5a052efde3bd87d

memory/3908-1089-0x000001BCB0790000-0x000001BCB1251000-memory.dmp

C:\Program Files (x86)\Checkm8.info\Checkm8.info Software\Checkm8.info Software.exe

MD5 fac5393b4a702bb30fa7f668ae631cb9
SHA1 fc48daf5a780596d5c5f855ee73c3290eb450219
SHA256 c39ecf957cfdb017f08d0a6211e130379e58d6a56d46b58d511782516c7b982d
SHA512 e4c91922dfcea6e3b0630e10a4d3da6bf3669ad346e423c12a2d4d106ba8a57ffa319a870bbd973e0e3f8866359a9a7901f10332c1217709d57c6b55709be9d9

C:\Config.Msi\e5b8896.rbs

MD5 27dc94fc2f26aa821deb1514da7ea757
SHA1 32844333e0164141ba0a733e50757dcb594464aa
SHA256 9b4113fe127867b5d92de492db10e725226d50338e911dc090ca59102384e71b
SHA512 b051b376c10fae510851925151549c2781eefaa8d3b9940324299084aed6bd65538b26e184902a5e5086f0869d30f81fd8140dd95d0e3b32b92ccc4b052b5722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8df6f5db43dceb7d3a5e51a50e1d1f56
SHA1 de1736667a9480b16d5e7add0261181714333648
SHA256 4a189ad462de8acfeecd6e3b9647b6a21db8e73666380c412a0fa873c34bde01
SHA512 7bd464cef7b34ef393f0b93c8cbda5583269437489d5b8fe2151d39a7b71dbcd207427b2218497dbbe606f225da3a99127b51054667a46928c388b7b7b1e1fcc

memory/2024-1286-0x00007FFB95800000-0x00007FFB962C1000-memory.dmp

memory/2024-1287-0x000001F036CA0000-0x000001F037B30000-memory.dmp

memory/2024-1288-0x000001F0396C0000-0x000001F0396D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0968bb40-d689-4dda-8574-8c2ff7ab6008\AgileDotNetRT64.dll

MD5 5c1f504b4d399e02f48c20dda0419727
SHA1 a04fcddaf95121d21c3e85959faaad2165941398
SHA256 a4c4df55fa2e4d9ec9e1da89581801d492dab1dcc260bf579e411dff1083edd3
SHA512 0d95f9021a221b9914d1836aaff54e6dbae1a8d4940b07985a19135ce5960484c7758a1243ef6a5f38a74d8fcd5f23f09b79f239576bbde6cb4c0b480a916a4e

memory/2024-1294-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp

memory/2024-1296-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp

memory/2024-1297-0x00007FFBB8A30000-0x00007FFBB8C25000-memory.dmp

memory/2024-1298-0x00007FFB98580000-0x00007FFB986CE000-memory.dmp

memory/2024-1299-0x000001F052F00000-0x000001F05357A000-memory.dmp

memory/2024-1300-0x000001F052880000-0x000001F05294A000-memory.dmp

memory/2024-1301-0x000001F039700000-0x000001F039712000-memory.dmp

memory/2024-1302-0x000001F052950000-0x000001F052A74000-memory.dmp

memory/2024-1303-0x000001F052EE0000-0x000001F052EF6000-memory.dmp

memory/2024-1304-0x000001F056640000-0x000001F05696E000-memory.dmp

memory/2024-1306-0x000001F0396C0000-0x000001F0396D0000-memory.dmp

memory/2024-1307-0x000001F056510000-0x000001F056528000-memory.dmp

memory/2024-1308-0x000001F057940000-0x000001F057B02000-memory.dmp

memory/2024-1309-0x000001F057B10000-0x000001F058038000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{e776b2f9-12c5-b84a-bc83-8e872971459e}\usbaaplrc.dll

MD5 1428a8b3dbf4f73b257c4a461df9b996
SHA1 0fe85ab508bd44dfb2fa9830f98de4714dfce4fa
SHA256 5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20
SHA512 916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7

C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388C.tmp

MD5 26eee7af8aa1ef8c1bd7c9327c602844
SHA1 990a56215aac7000eac9371f489a0fc57d560078
SHA256 946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30
SHA512 1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d

C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388D.tmp

MD5 2da3a91b71919d035d8fd17b6b90bbc2
SHA1 c2c6a29f3abc80fd992777a92df30699124d37c5
SHA256 edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b
SHA512 71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b

C:\Windows\System32\DriverStore\Temp\{701aedd2-4404-8448-a7b0-64efe964a4fa}\SET388E.tmp

MD5 f957092c63cd71d85903ca0d8370f473
SHA1 9d76d3df84ca8b3b384577cb87b7aba0ee33f08d
SHA256 4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf
SHA512 a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc

memory/2024-1406-0x000001F0546E0000-0x000001F054712000-memory.dmp

memory/2024-1409-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp

memory/2024-1411-0x00007FFB92990000-0x00007FFB92C3A000-memory.dmp

memory/2024-1410-0x00007FFB94330000-0x00007FFB94443000-memory.dmp

memory/2024-1412-0x00007FFB987E0000-0x00007FFB98868000-memory.dmp

memory/2024-1415-0x00007FFB95800000-0x00007FFB962C1000-memory.dmp

memory/2024-1416-0x000001F0396C0000-0x000001F0396D0000-memory.dmp

memory/2024-1417-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/2024-1460-0x00007FFBB8A30000-0x00007FFBB8C25000-memory.dmp

memory/2024-1466-0x000001F0396C0000-0x000001F0396D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ebd62365817ff6c44bca7f2e367a8573
SHA1 27a878635bc25e11f88670d619b2fc3f781e2532
SHA256 f65910a9a41a27159c17c3504bae8d477833bd8c7a915d53950239fdc45b0fe6
SHA512 c9f2e5e4a1a46ec357cb6d5cf9676e8d8ded8cd03b33562b8281d1f9a5f983aaabdf5b0842407e8db63ac0d26aaa5b4e076d0d57f5f02062cf6b560f6b0d7ec9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20bdb82e8a76c578641635daecfc0c84
SHA1 51097f57fc5d7a4f1caf88c64435cb04d606bdf4
SHA256 82a3628fb6ff727a54534bd958d87a569e54a7937af6183586c253104fdf83bb
SHA512 984a93f5ce4c3d3bdbdcf02c6b9492b0a17f2f19da55267af2aeb7694c276be483a5f04f025df326601b8631f977c1febab96e5f1438e309b1d747e29ddec6b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 97fd426a0b8077ba613027ba169df7cf
SHA1 7aabb73a224a6bc79f0846e733a1484b5e11f714
SHA256 07be1f8a12fbc892fe74ad946073162948ca1fd5a8b343a3eb3d4b8c1ab6e7b0
SHA512 14fb966d23c050205a55a4868cd0d051abe2c68fdeebcdbdcd8625b90a781cfddcff3d9c946816fc0e088f14604874f8486d01057676d1d4b742786544c1996a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 2763764dfde10eb91482b385a0dd9867
SHA1 872cb4593ef3a13c45817added8dd7faf92fab65
SHA256 d3d35a89d9df3f3f0dc8f26196c5288761f11ba525c04c74a1e23739e0835099
SHA512 53aad46e8550c6482705c0df9d9d89421c2c2f6b846fc559bcb1ea7bcc566839275e6ae6364815fe7c8fe2d6aefca2572085199332a896a220890888f9cfedc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

MD5 319e0c36436ee0bf24476acbcc83565c
SHA1 fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256 f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512 ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a7ff5fa76b8ae509526d6e62198f628
SHA1 43b214a2e353646dc6e6430be75acda5ce56b2fc
SHA256 aee2322ebf205050d033bf8d5ac0c3a271c82df6e1342fe8dc3bf5cfbd2c317b
SHA512 d0f2346bc732e85f7e70f6e236fff1cb1f9b4756743375249eba27461834079692a949a505912d824e551177408f35ea9b8fc464a7a5c78cebecccea13f14fe5

memory/2024-1723-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\703993fe-1155-4b0e-928d-ecf42bd6e1be.tmp

MD5 5431066667f25c44ccb02779eb3813e8
SHA1 96049f99bad19aeb9811ac150b56468b69cd7647
SHA256 f06054f1739ff8baf882ae860a2b7a9c9a584b0bcc6f25913ef135153c249aa5
SHA512 3a8ccdea169b823b1f57f8267126a5caa6193c07766adcef6aa60fa77822c567fe707d0c42071542e4e2d20099227dbf052d51c47d6294ddf5e60166110a7b7f

memory/2024-1804-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f38886a5ed3b52c544823e6e0077c484
SHA1 fb2b315914c5ee9ee9b8949ab798a41c4c3bd375
SHA256 116142a1d4b0a749a3614b24b15a1965d58c002f9f4ee50476e0889d2dcafdee
SHA512 819acb810aa65c2650fd1b76a685ff33b50f9e263ba1f2168af2fbcbdf892a5b21a16d88b75e98b346d436e8ffbc2512c7519940751c5ac85054e9f40f0b8f95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cff86.TMP

MD5 dc7d722ab4845e41acf36d8fb0ab3a42
SHA1 20786092b17f36d8e04bee74c9d32bb694647563
SHA256 1defa59dd6fd07c331471225fd11e918e0f3c53bc7d5c1bad6b1e090ad2a4cc9
SHA512 9921a88817d8dd9d6a1fa7527546f2153492ef5e2f346b347ba104c2dfcccaf5e194917a5c500abe7b057a555bc3d0211436f4a75af113f1024635ced0359e8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f316194ec5442d4bcae2137e22ba8438
SHA1 c243ac9425aa83d7f9931378c4659d0e5c3b0360
SHA256 8bfcb9b54277fd22de27c3cd1bee215bc0f281159cd852f3bc590b9bb44fcacc
SHA512 ca157b75176b360a8d7e086c9b934ed5fead9ab7503a93f882543a0234c974d1efbaf9fa619459337d7bffecb960c6e35a0208c48bec72275e2207fcded9d10e

memory/2024-1864-0x00007FFB90230000-0x00007FFB90AE4000-memory.dmp

memory/2024-1866-0x00007FFB92990000-0x00007FFB92C3A000-memory.dmp

memory/2024-1865-0x00007FFB94330000-0x00007FFB94443000-memory.dmp

memory/2024-1867-0x00007FFB987E0000-0x00007FFB98868000-memory.dmp

memory/2024-1871-0x00007FFB95800000-0x00007FFB962C1000-memory.dmp

memory/2024-1872-0x00007FFBB8A30000-0x00007FFBB8C25000-memory.dmp