Malware Analysis Report

2025-01-02 15:25

Sample ID 240524-sh37faab6s
Target d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca
SHA256 d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca
Tags
gh0strat purplefox discovery evasion link pdf persistence rat rootkit spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca

Threat Level: Known bad

The file d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca was found to be: Known bad.

Malicious Activity Summary

gh0strat purplefox discovery evasion link pdf persistence rat rootkit spyware stealer trojan upx

PurpleFox

Gh0strat

Gh0st RAT payload

Detect PurpleFox Rootkit

Drops file in Drivers directory

Sets DLL path for service in the registry

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

UPX packed file

Reads user/profile data of web browsers

Unexpected DNS network traffic destination

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks installed software on the system

Checks whether UAC is enabled

Checks system information in the registry

Drops file in System32 directory

HTTP links in PDF interactive object

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Runs ping.exe

Suspicious behavior: LoadsDriver

NTFS ADS

Modifies system certificate store

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Enumerates system info in registry

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-24 15:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-24 15:08

Reported

2024-05-24 15:41

Platform

win11-20240508-en

Max time kernel

1800s

Max time network

1794s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe"

Signatures

Detect PurpleFox Rootkit

rootkit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

PurpleFox

rootkit trojan purplefox

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\QAssist.sys C:\Windows\SysWOW64\TXPlatfor.exe N/A

Sets DLL path for service in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Remote Data\Parameters\ServiceDll = "C:\\Windows\\system32\\240610218.txt" C:\Users\Admin\AppData\Local\Temp\R.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" C:\Windows\SysWOW64\TXPlatfor.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Windows\SysWOW64\Remote Data.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 45.77.153.162 N/A N/A
Destination IP 45.77.153.162 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
File created C:\Windows\SysWOW64\240610218.txt C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File created C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File created C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A
File created C:\Windows\SysWOW64\240613703.txt C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File opened for modification C:\Windows\SysWOW64\ini.ini C:\Users\Admin\AppData\Local\Temp\R.exe N/A
File opened for modification C:\Windows\SysWOW64\Remote Data.exe C:\Windows\SysWOW64\svchost.exe N/A
File opened for modification C:\Windows\SysWOW64\TXPlatfor.exe C:\Users\Admin\AppData\Local\Temp\N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

HTTP links in PDF interactive object

pdf link
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\R.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa25900000001000000160000005200530041002f0053004800410033003800340000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\ProgramData\Synaptics\Synaptics.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 91564.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\N.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\TXPlatfor.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\R.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2360 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2360 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2360 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 2360 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2360 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 2360 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 1784 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 1784 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 1784 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2952 wrote to memory of 2580 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2952 wrote to memory of 2580 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2952 wrote to memory of 2580 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2012 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2012 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2012 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2360 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
PID 2360 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
PID 2360 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
PID 4112 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
PID 4112 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
PID 4112 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
PID 4112 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 4112 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 4112 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe C:\ProgramData\Synaptics\Synaptics.exe
PID 3424 wrote to memory of 4736 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
PID 3424 wrote to memory of 4736 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
PID 3424 wrote to memory of 4736 N/A C:\ProgramData\Synaptics\Synaptics.exe C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
PID 1056 wrote to memory of 3340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 1056 wrote to memory of 3340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 1056 wrote to memory of 3340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\R.exe
PID 1056 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 1056 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 1056 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\Admin\AppData\Local\Temp\N.exe
PID 4792 wrote to memory of 2628 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 4792 wrote to memory of 2628 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 4792 wrote to memory of 2628 N/A C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\Remote Data.exe
PID 5052 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 5052 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 5052 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\N.exe C:\Windows\SysWOW64\cmd.exe
PID 2852 wrote to memory of 892 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2852 wrote to memory of 892 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 2852 wrote to memory of 892 N/A C:\Windows\SysWOW64\TXPlatfor.exe C:\Windows\SysWOW64\TXPlatfor.exe
PID 1056 wrote to memory of 4608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 1056 wrote to memory of 4608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 3132 wrote to memory of 1168 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3132 wrote to memory of 1168 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3132 wrote to memory of 1168 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
PID 4608 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe

"C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe -k "Remote Data"

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe

C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe

C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe"

C:\ProgramData\Synaptics\Synaptics.exe

"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate

C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Local\Temp\R.exe

C:\Users\Admin\AppData\Local\Temp\\R.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3340 -ip 3340

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 472

C:\Users\Admin\AppData\Local\Temp\N.exe

C:\Users\Admin\AppData\Local\Temp\\N.exe

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -auto

C:\Windows\SysWOW64\Remote Data.exe

"C:\Windows\system32\Remote Data.exe" "c:\windows\system32\240610218.txt",MainThread

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul

C:\Windows\SysWOW64\TXPlatfor.exe

C:\Windows\SysWOW64\TXPlatfor.exe -acsi

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef82c3cb8,0x7ffef82c3cc8,0x7ffef82c3cd8

C:\Windows\SysWOW64\PING.EXE

ping -n 2 127.0.0.1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=gpu-process --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8

C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe

"C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe"

C:\Windows\ComodoAptAtScanner\cmdapt64.exe

C:\Windows\ComodoAptAtScanner\cmdapt64.exe --service --scope "processes|drivers|autoruns" --status "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\scan_status.txt" --output "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\out.xml" --tvl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\tvl.txt" --trl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\trl.txt" --filter "*" --scanPeOnly on --flsUdpPort 53 --flsTcpPort 80 --skipGAC

Network

Country Destination Domain Proto
US 8.8.8.8:53 hackerinvasion.f3322.net udp
US 8.8.8.8:53 pv.sohu.com udp
GB 43.132.64.26:80 pv.sohu.com tcp
GB 43.132.64.26:80 pv.sohu.com tcp
US 69.42.215.252:80 freedns.afraid.org tcp
US 8.8.8.8:53 252.215.42.69.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
BE 2.17.196.99:443 www.bing.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 104.20.138.65:80 tinyurl.com tcp
US 104.20.138.65:80 tinyurl.com tcp
GB 142.250.187.238:443 drive.google.com tcp
GB 142.250.187.238:443 drive.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 drive-thirdparty.googleusercontent.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.179.234:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.179.234:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.187.225:443 drive.fife.usercontent.google.com tcp
GB 142.250.179.234:443 drivefrontend-pa.clients6.google.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 216.58.212.202:443 people-pa.clients6.google.com tcp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.14:443 contacts.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com udp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.200.14:443 contacts.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 52.111.227.14:443 tcp
GB 142.250.187.238:443 clients6.google.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 137.184.246.236:443 accounts.comodo.com tcp
N/A 127.0.0.1:445 tcp
N/A 127.0.0.1:135 tcp
N/A 127.0.0.1:49669 tcp
CA 15.222.185.255:443 verdict.xcitium.com tcp
US 45.77.153.162:53 fls.security.comodo.com udp
US 45.77.153.162:5580 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:6056 fls.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:30460 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:54583 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:61915 fls.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:59131 fls.security.comodo.com udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:6195 fls.security.comodo.com udp
N/A 127.2.153.109:1003 tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:40258 fls.security.comodo.com udp
N/A 127.2.153.109:1003 tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:8509 fls.security.comodo.com udp
N/A 127.2.153.109:1003 tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:53149 fls.security.comodo.com udp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
CA 15.222.185.255:443 verdict.xcitium.com tcp
US 45.77.153.162:53 fls.security.comodo.com udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
CA 15.222.185.255:443 verdict.xcitium.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
CA 15.222.185.255:443 verdict.xcitium.com tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
US 8.8.8.8:53 hackerinvasion.f3322.net udp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp
N/A 127.2.153.109:1003 tcp

Files

C:\Users\Admin\AppData\Local\Temp\R.exe

MD5 8dc3adf1c490211971c1e2325f1424d2
SHA1 4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5
SHA256 bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c
SHA512 ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d

C:\Windows\SysWOW64\240610218.txt

MD5 510db366a3adef5cdb8b8bd727f90b8f
SHA1 022d97ddd03ee7d551c73cb0fcc98b69e97ffe15
SHA256 d552d3c1e298daf2ef9b90c627e63ff6456b8f6cefbed43b03e02915baac1471
SHA512 4d5fed21d4b1aabe2efd00bf83c1ae1deaaa48cd1e2bb3e1d0705aa8a2c0b851839c1e8c52c3f8767424af7b9e75634056d660be6cf01895e1e5c492beb207b6

C:\Users\Admin\AppData\Local\Temp\N.exe

MD5 4a36a48e58829c22381572b2040b6fe0
SHA1 f09d30e44ff7e3f20a5de307720f3ad148c6143b
SHA256 3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8
SHA512 5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0

memory/1784-19-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1784-17-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/1784-20-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2952-25-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2952-27-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2952-28-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2580-34-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe

MD5 dbb91b7a30bb67cefad505fd0ac7daab
SHA1 cf47b812e6f4eb028a2fd5ed06cd4fddcd01f518
SHA256 d814e3a71b711a6b598d1fb95c005d15b8a016f748d17a621b404fe0f681b419
SHA512 1d36e9f24e1d0b2903276e859dfa87c179d6450e7345d3a6e35786e3a319a6676d7e85b7db012c1630b025702689ad7237b237481fc761532c51a87c3ff88300

memory/2580-41-0x0000000010000000-0x00000000101B6000-memory.dmp

memory/2580-44-0x0000000010000000-0x00000000101B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HD_X.dat

MD5 2141968d005daf36443149f1763ce4f2
SHA1 0faa7199e05ddd06c1f1e2c3bad8f70fac7eec9a
SHA256 79787aa1625449ae9c27027d04ae249b9a80515f10ba9c18183f729252fa062f
SHA512 fb18dcf00cf8455ba1841a508342a977a1963bbc8511b4dc593c45d35ced4c9347f761c7e1c864775942093a25df1eab7d5fd0716a96a866f283f36fa3d7feee

C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe

MD5 96113d3800f5cea8e3a72c8bc7d3654b
SHA1 3da1635bd56696823613550c1d10d7da0f3be98b
SHA256 b144ccd363e6968c615a3cea7933576cf43f84805f240d0795b4ea8a8560fe03
SHA512 009ee98e9df8031d7abda144c0eb56dec89f042b40d9ec7a81672e045fdf92097ee79af024f090716a1328af540edd89e670c4a98728d4afd323cce4aaffe4ea

memory/4112-157-0x0000000000400000-0x00000000008C3000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 87946f9d917161a2cdc033aa2e7e2af4
SHA1 5d3ed03c10b36d7c894761c96e7070e81d74f4e9
SHA256 0331741a91098f4ba1464ccf353a87b604fa37c84a3d290bcd61129276585c19
SHA512 fa48275f7733ac37dc0a5851a05c785c930184cf2725bf6807c75bb60727d5fc2e1f4225d8fb09c8c3779b9b35c737924219d6319235799e4151838d2e6c836c

C:\Windows\SysWOW64\Remote Data.exe

MD5 22bb5bd901d8b25ac5b41edbb7d5053e
SHA1 8a935dd8d7e104fc553ff7e8b54a404f7b079334
SHA256 8dcaeeebef9b9f3d41d295db145ffb3850f309d089c08125c7fa7034db5fd80e
SHA512 cc3fb68fd6791a08e4a7d1a8db8d07cfcc8c9b9dceec10b53f0cb7ee86473303a19be4f23e379f84c59e02d0568e7c066e21cd1300f6032dac4ba52f609f62e7

C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe

MD5 7faa5ffa86c7629b995db9db9de5840e
SHA1 a5b83fe6745288cb6fa18450b3f9ad918fe90970
SHA256 ddda6f7397e8ebe11981b6ba137af2d99a72fe3ac1b14afee00737eca6738ed3
SHA512 7aa8e32117951be916c8f829f1f7ebae999292edf45abd4dc8ffab5a21a87ffdc956246b1c2aa62ece63fc39ef9eb7ee0d51fc1a797d0f5051ce0b9216e2633c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 23da8c216a7633c78c347cc80603cd99
SHA1 a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA256 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512 d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

\??\pipe\LOCAL\crashpad_4608_HHLETCJMXGCDVHVC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1228-246-0x00007FFF06740000-0x00007FFF06741000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e4bf11ed97b6b312e938ca216cf30e
SHA1 ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512 ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c7ce40c63257204654efc299bf444a99
SHA1 536781829d480c853ad2d52ef2567186d1b868f3
SHA256 e9ace34d895fcbdb10d5579eb58e94998d0114b850b2218610669a606308e664
SHA512 6e00d7de0c433ea830d6669288b449dde628a9ab9819477799f236bb423b717871d47868892317186f83881a7196b615e9ac745bb582a0615bc589c9e4091c4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/3424-306-0x0000000000400000-0x00000000008C3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 37762a773f43cb7ac45a4fe8600a9d4d
SHA1 8c46a1697c554f00cc68530a24f38c79457bc4aa
SHA256 8f78a3c920914f683a6e8105c9a2e0c4ca38331b922ed71012811122304c6c89
SHA512 e59cf5bd7372141729402478cbb9dfa786f8c73241f53b5935f325f6fc656b57b8e3fb23a27ad1cf0da0d18de097dfebb646d91182133e2fae469ab5efdd6d28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 207dc122c2549da001c4216a30b15c9b
SHA1 fa9ef2bd6f5e8700ce6bbecb745dbaeba81f3062
SHA256 bc51d1656a5cdbe865b5805ce54e154b8131ee7e7f6d0db36d4f05dd3e098892
SHA512 1c1a2c55eaad44a76119b393670f6cdcb4d8917207f65326bf40deda2c9074e310f44c01fd52d1a550d4f52e6940f60adcd4d1ce1c9f28d6c00d6f72097fb238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74e51bb728ecfb7937f5a431b5c978c8
SHA1 7a76b793d40a7f45b62c10e050c0c2210377bb2f
SHA256 1dbb27164f64da0e276826b5f0b9ffd3fccbdc4bba8c6dcdee6a4f4cc9069e78
SHA512 6eaaa9e8c53527f73ba5c54f7c5fa8ef3e415d949b03c891681b51abb9063a68fd30b0ad941d13d9d8029273d351de53ed63d988bf81db5dfcd3acc127c90718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 4b419751b95602190e663dcfb4397186
SHA1 584625bb902af71e0d551a72995cce18736bf738
SHA256 566e5021669d6f9d13f9af0fc133ffdb0d2f7b5ad5698aecbbfe1de1c9751ba2
SHA512 60d3976779651bf7652fe6e5e9bf2ed251439ee04a891d3dd5112cac2b7ae6b70cd7cc7a49cf2b71931a3308ebdf945a5254d60a6789ebbbcc749ea2742d0eeb

memory/3424-517-0x0000000000400000-0x00000000008C3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c58e3e49c4e647330e9c8da987127e0d
SHA1 195304302555abbcb14f4279bfd15987e270ea96
SHA256 5f1855469e8f7eab8d916a7ab0ed39895c6071575355bf93a74e2908e04b3407
SHA512 784919397860a438a90e6d4067c7df9d94eaff408947a668c7dba5bbd66802c17f18202f3972ae938f0b51c38be318abe9d186cfe3b1c4f9fec05e748219a342

memory/3424-559-0x0000000000400000-0x00000000008C3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c067fa836324df5b0f6e068d11958ebc
SHA1 551c1f6e52957cb718f6e7cdac9ca44e637881c3
SHA256 401fef676807fc0e78fa56402824578d1b89866df04e2b34d043baa380bab1df
SHA512 586eac8de9147dabd9773eeebd9cc88dfd080419d0a9bae1ae62c0ec95045ecb4aae1408ea65265c0d4a0dc6e7b16834a84318d3d63cbf7ccbbd0fbbf8045c5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f472685f0589eb83847f0a91409094e
SHA1 76b5689bc71b571e2a309f165bc09b380251f05b
SHA256 94c33a896df4ebcb210f43b245ab1dd069e907d6fcb4534a76c1cfd938f1fc12
SHA512 7205d281f3e0f7e87b2c0c2cd2ac2fcd884a5e32467636cfa7ccd0ed50223ce72e3d075a78b9898ba67205f18ad1ece0ef6e5b5a77a4967de52d9b88dd78c7c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cb0b.TMP

MD5 7b6c55f8ad625f2693bb45379a47ece6
SHA1 18a2b1749d0f1ab1ca74402be52ba0baa98895b7
SHA256 56566c0379722e80202edfaaa30968a5545d9104269d3161992bedfae7a1fc61
SHA512 ed1d5a874d141d084bcd17d4c8e8852390850a008236033e71551422b71b3a05c9faa3922d30270111409777a949a3ed762dba0fedd9cde85426f754d39372fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\252451a7-bef5-49e3-acac-f2aa1aa7cc86.tmp

MD5 292b152172d1f5ebf9c2696049043bea
SHA1 090497d04c928052663ab514ef9c54da9cdb88ee
SHA256 d75413fa2100a2f819c938f0b7ef2355868f1448541a7c44e54966e3a861fc62
SHA512 03aad4e8483707660be6a6b2975256f725d75e3dc953bf92b4bf62891638832850cf7b384a22fb4ce85927123343e3aaccc1b7ca3e725b565ddbbdfda9d91cfd

C:\Users\Admin\Downloads\Unconfirmed 91564.crdownload

MD5 ddf8230ab47c7c517397ef1c5b1ee2e0
SHA1 4214d7217f353b7b8519ddb768ad238a9afa10f2
SHA256 688de6269eabf44a59a497e26920466976fa26a7d6b4ac4127cacf03da2edcac
SHA512 464dcf2958971a2b38e5e61c746578a88c571d976b5183489e3e8ec05953c51c860bd97e1839ea77faea18defa28da1d19f9d113037e4b7d98e5692ee6488ff1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e71814596668d62e51cc27e3ad1e02f
SHA1 5ad6f351c9f28e6067d8ceb0f1e43a1e235ed09b
SHA256 47af502a17a97704ef41c653dde044fef19c345a2bcc51b5dc2891ea10e635c3
SHA512 a5eb1408e0135d6751d5ce592bb407dc2bb7f9a581984989c30ecdf1215be42ee6f682e90820c00af7c9586215a157a91bb4f2121197684f9954367a57c669db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b80e88bb63f47aa646bf55708da467a9
SHA1 6656cbe203d6f762400151d301fa7a27d5acd62c
SHA256 605a1b1dbce537bbb14e9328bc047481ec66aa9eaf9eaffa1bfafab1690325b6
SHA512 e5478d87569cc016130137d63e4a5802c6d07c1fab89dab5374c93afedf66455de872af65cc78aef7c7d78ac680f16bfddcf3ada91c7e052bead0ce58dd635ef

memory/3424-646-0x0000000000400000-0x00000000008C3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 20fca5abcb684f99af100cf3072008c0
SHA1 0efa69d7b8de2b8865c27ae5f400a2c6a4629382
SHA256 4c2b3cab0d3f3d1eb283e38df289f7199ae33539ecf95e9eae52aa58ee0f607a
SHA512 8a809a386509b959ae8984dde2e8961dc540d610182ab052fc9f94a1950663fb99058e8ec99c59513cacfd47e6dfde3b0582a3498e2d7f0b3d9d7115c158bc81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb48ab298445ed27efe31470fe0a6aac
SHA1 43ce6b7cc283f09acbf31b13a11dc4fcfff00fe1
SHA256 e8f75caaff88788aad8fe571959b83313951bc04f72afb018066f0f001d9b898
SHA512 f9531a5d2ed19922b80ff3f9d25cd1785cac2f31db61d8093f252daa06fb3e3b321c67860dc534b883f937e40b50ce0687393cba8943f49ff4cdfcdebf441a3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa4a218175cd706e3722d8593ed7a24b
SHA1 1dbdfb23c484fb02e9a6de7bc10f4147fbb4aa1b
SHA256 d93085a7822a04e574e20796a6085b6728245a01a8bc27d80d6acee3ecba553f
SHA512 dcb7e83b7f75340135734224494be946a08dba78809135da1a0bf6204ecee7dc071b4c733347d84e20684e07a327c91e9aada93d57a024090972e9859176cb29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09611990b60c17bcdf610a41e22ce9ae
SHA1 4efe4fe8f88964d099e854e1816178e7b3c71ff3
SHA256 c416a3953c9523be57eeea2960cdba9af64883e6901123986ef3fc0d778c7e72
SHA512 3ac65d8b92c7885b18b35b88743de8d996470f01015bc28829cded87b51533808f30cd5d35e74cd1d45cef3dd84850ff3af77653d63ced075b5036f036d26f71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b974b3b73390a8ee0d961581830411f
SHA1 a4de468d0d07f0f54d0fcc72175700163d573740
SHA256 00aa15202457cb7e5df91e7001e9d268dc952636e80553c452e85abb32956da3
SHA512 6189b6a29d4bb6589b7d297cb2872c9bdded207ff7f397299efdf056f72444ed7719e47f868b1f11cec3e74c7b4c0672dded800ddb3b8b23cb493fb9df62b3c2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe

MD5 9dbd87da3046935d74a6026cb0e9bae9
SHA1 11584dbe6847d90c5797d0c2ca6ad4247154ca60
SHA256 381f108010501d81a8442290432434074e74b131a30a5c77a27d1e514a29b45c
SHA512 f2a57a0e86abb96d491f0b1ebc6c1efbbcd3e48f1e03e83b90b049b18c20b62e2d5ad56a35ae219b536a8ddec712072b002296a0d5adffcd573490855fb5ae43

memory/2400-930-0x000001C05E450000-0x000001C05E6C4000-memory.dmp

memory/2400-933-0x000001C0602C0000-0x000001C0602D0000-memory.dmp

memory/2400-936-0x000001C078E70000-0x000001C078F12000-memory.dmp

memory/2400-935-0x000001C078AF0000-0x000001C078B14000-memory.dmp

memory/2400-934-0x000001C078B30000-0x000001C078B68000-memory.dmp

memory/2400-937-0x000001C079290000-0x000001C0795F8000-memory.dmp

memory/2400-938-0x000001C079600000-0x000001C07989C000-memory.dmp

memory/2400-939-0x000001C078F20000-0x000001C078F98000-memory.dmp

memory/2400-940-0x000001C078FA0000-0x000001C078FFE000-memory.dmp

memory/2400-941-0x000001C079000000-0x000001C079060000-memory.dmp

memory/2400-942-0x000001C079260000-0x000001C079274000-memory.dmp

memory/2400-943-0x000001C07D320000-0x000001C07D32E000-memory.dmp

memory/2400-944-0x000001C07EBD0000-0x000001C07EBD8000-memory.dmp

memory/2400-946-0x000001C07EC20000-0x000001C07EC2E000-memory.dmp

memory/2400-945-0x000001C07EC50000-0x000001C07EC88000-memory.dmp

memory/2400-947-0x000001C07F360000-0x000001C07F690000-memory.dmp

memory/2400-948-0x000001C07EED0000-0x000001C07F09C000-memory.dmp

memory/2400-949-0x000001C07F690000-0x000001C07F8A2000-memory.dmp

memory/2400-950-0x000001C07D0D0000-0x000001C07D12C000-memory.dmp

memory/2400-952-0x000001C07F930000-0x000001C07F9A8000-memory.dmp

memory/2400-951-0x000001C0800E0000-0x000001C0805DA000-memory.dmp

memory/2400-953-0x000001C07F240000-0x000001C07F2E6000-memory.dmp

memory/2400-954-0x000001C07EE40000-0x000001C07EE8C000-memory.dmp

memory/2400-956-0x000001C07D160000-0x000001C07D182000-memory.dmp

memory/2400-955-0x000001C07F9B0000-0x000001C07FA4C000-memory.dmp

memory/2400-957-0x000001C07F8B0000-0x000001C07F92E000-memory.dmp

memory/2400-959-0x000001C07D190000-0x000001C07D1B0000-memory.dmp

memory/2400-960-0x000001C000370000-0x000001C0003AA000-memory.dmp

memory/2400-961-0x000001C000330000-0x000001C000356000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 4fdfa657a5313e34270722cfed7d5e2b
SHA1 ac81fd84e6fff33bbb5bbb2ba0dfe86af9d1983e
SHA256 4570cf15966fb5ddac7e645bfff75ec137b1c26bbabe488ec97b21ee45e2208c
SHA512 7f31ec10c604358aa1a91ce9bb5b7273c1490f594d63ae4ac15aaaafd32752eeb9cbb31d4086f518ff0fa5d4b2ab35af62abb052666a710d55114ff6f5f3da0d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 a781fce8f47a3dcc4fa04c65dc653721
SHA1 e444487a0d2c2a0c83ee1b1aaf4f2a056d3ca636
SHA256 d6a1d53f9790fd8512d9fc24ef46964ea5877ff2f4d2be8a2f5a3269f202c37c
SHA512 89d6120eb757e5f2bf329aab657dac5627f0219faeee44880ff11be78dbd3e5518f06879ce1ca13e73f450c7c1e83a39fb123bc8901576629ceb42059a63c8f7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 0929224220374bc1027ba9e8658bcada
SHA1 f9040f15db3a15a8a184906b45258ad00f3ea203
SHA256 c36f0c1467e3344b962a5da34e909f45945714ed4eacf88f6ecd0270c70540f7
SHA512 8fe901ee0f31c55aac9aaa860ff39e4b147ec5a55484ae4e6961763373797772db7dbd8afb0a590ed246ac5475f0ead17c90d3bd3388a5fd88fc2b823f799af8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 60fbf2d99ca2a6ac6641a789f5ec486f
SHA1 8ff8982713cf29476babc22de59348f877f1aa93
SHA256 b59fe74112faef8e3e08829a0f9bacea476ac2c22717407978b258a741964a8f
SHA512 3d3c1fa7894aa0950052f7a65403f32b25bab163070e8a5a6a3a41bd1731f12ef029c2293e824d1e219ab7b62c0d6c6f4d59277b1a18977dbbef02166bdcca92

memory/2400-1034-0x000001C07FA50000-0x000001C07FAC6000-memory.dmp

memory/2400-1035-0x000001C07D140000-0x000001C07D15E000-memory.dmp

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\517efac85db7042e2b9ae54b76f4e58d_15439030-dbba-449d-b460-326ebc585651

MD5 4f786152087be2421780544897125bbc
SHA1 1465783d441a6f6a81911d45a1a37717a67f75e1
SHA256 c7615ebd18ae705138de2779645a691e95be66508896269c01cd075faf8f2ff9
SHA512 5d74be14e8cf3b2b65aaee70c69502a528ae5a0a524bec6122b1ed44a7c1c53f64fe40edbc764908bbae8baffd732967ed1f5cf0ae508f9777ea7fe8a038f118

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 3acae61499b3ee487e29c3e3b135fa14
SHA1 684ae7fd6666e49f3d8bea11dbf0a20aa4f197ec
SHA256 c66c203dff7217d2100e863ee8bc9a5a2f8aa5bed2fabb9fc286ea7cb4816cdf
SHA512 f59d86b297d1fc610afaa811fe0f9faf9877a3c4c658cb18cd16669ffda49bd085ecfe22ecad4fa044e93bcd67c5c1bd52576eae19fbafa846957f78b5feb24e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 70bf6ece93e9fa3d2f7e6c82e2ca79e4
SHA1 688a545ad0ff4129fc2a54fc45f8d2f044e94193
SHA256 c97b3e68a8e4f20b1567a8f8efd1734fc58c664116a80bf0eebf0f092d33b86f
SHA512 eb3e2e65db9b52a69afc36310c04b87db90ec05b10a526571a95f59b34bb9f89bbd4ac1906ca87ea6b6a1d8a15dc1d9232411fe8d19b9d421253bca874235238

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 1dec3d2edb17baacc7bae184b7a32b37
SHA1 2bef340ec2098662401e5ef35ff77996f02db883
SHA256 dad37aaf70adf04b66c2581645cf72d8fd36c26fdca964fd47adc55af4aa5366
SHA512 f7294d89ee9ac0aaea1417abf7409cb527b4de0953140954593d57829cdaf6d9e91256bbce67c9e46d8d76a235e9b0e75e9bc764c7121c275d4ac9808ba5c49c

memory/2400-1112-0x000001C07C7E0000-0x000001C07C7E8000-memory.dmp

memory/2400-1113-0x000001C07C830000-0x000001C07C838000-memory.dmp

memory/2400-1114-0x000001C07D1B0000-0x000001C07D1B8000-memory.dmp

memory/2400-1115-0x000001C07FDA0000-0x000001C07FF28000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 0a3ec84096a90459a508107c9a55c04a
SHA1 cafadc27dd55d70c20a66f421688f2b9a00da344
SHA256 822a4e6621089ee7da6a30ff7b4a20ad89b5d0b5b18a308a889fcec30e551a72
SHA512 9b951ca3e12fb6b7f0d56a50320119804d0561d64b2a239478435c35681defcadfc1bea697488ee59a73b01e7a8912654b9af1e4a956b8055c6d4615197fc33a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 c11571c506a0e597e021ad68a5fef70b
SHA1 119bbfbcb0ac205d4dabfacfd440e1f9769183ce
SHA256 b374215f5efc1b9cc61628cfd55e2556d5accfb6f77d8bde7bfba91de5c62266
SHA512 de07bcb11e6253e6d85fd42c5d15e6080505cd069cdd9f2d31efb2b15e2c4b3620c2724b447d3e231f912dce7565a20533118fb36dd7eec9fd6bfe648555af35

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 55c8c72d530e75ba6ce186778d84f197
SHA1 c1d3b4841b638aff857cabe0b4226e023dde5897
SHA256 637782341c99352da8336d841a12e886ee6fb36749c7c4529c82d52a5d86f07f
SHA512 98ce3cdc9f6759afe4a577ec4d11561af59e8b2af6161ed70f1388a997ca5a9929bf0cc5a3f43c9ab7546d0b7d7cc1f355670088ffad34045d8b053b23225c7c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 ec6fb1015686fd62ebfae926911b04ca
SHA1 0f80d497dd5bb27034de465b1053511e65a8bf27
SHA256 ae3a7757d26bc0d972d919cdb236e69b6255fbf4ba7b3fc5765776bf6b1bd011
SHA512 f7ac24de33e42bba93efd8cc5f4f538294822c424ee0eb57ca2aa6269d013590e19f907240d9343928f8527e70b54518f313021b130b515ef4381aac4b00d1f6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 219d50e9fa1b1bc77647eec700c464b6
SHA1 8b5c543f34139ef3916dcd10c2fd5189ae6ae0c3
SHA256 9cc9eefbdceecf48259176f74d24e15c6fc9154d871bf9f114228edabc91059e
SHA512 105a84d6979b005dde374660b8ee61d8618ff3d8a179edab3dbacbf9869828f752f261e7bb65b93caaca255a24c7792abe505b97bfdbe224c3cd7d33e006b459

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 428f6958e66b6976b2f1a377760a8dbb
SHA1 e64b320ea2d120a9cdc182221aae048f8cfd4d38
SHA256 09602f1f1955bcd9d31ff5324bdadc0d5e13a54019e30486381609a93d65d624
SHA512 97e4f59a22fa4a3a97f386883f8e079d47e3c9f9b9a3f809151ff49ed2e0edcc129f6b1a34175b08c73e201df6f3ae064e13a3db85c14389b6627a9810f6facc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 45558ae636a7ad365801910cb30481d4
SHA1 262cdb8d27c9ef63821c57932d94cec1b0e00981
SHA256 a3502c69a0b310b23cd8a55964119f0e28a3a814cf8e3699bcb2ed56d6ed3802
SHA512 7a65393a7f48abfe0f4db206b36370fac1f1bfd1eea6d921abfb45f9e7722a200bafa61cd4e304a22640e37b21f55559dcd317044c47cff232e0ce8bff7e9c74

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 75d51b703c4e4a878c928810c3e7edb8
SHA1 eb40da4caa17f17473e4af08c1a565cc7a138896
SHA256 9fe42a63ee2b73bd2c83e6af9da4dc9b903645085e636f092e5830917ad761e2
SHA512 c562cc9c97924c5a4b57fbea98f0bc01cd4a8ac886ee2f24ced1d9f5275c08d51749c5b69f0834d1892b9c941c9d3b70f26efbc40af13776c76279a919527d99

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 f504848dc13346c7eae47d66d642f78f
SHA1 d774f08323fe0e5b30321f3aa8062e4186153601
SHA256 f3ab225770ec0563f1bf774288e89d74c29eacaa9f76c29f6ee18476879af0c7
SHA512 a7c9bba8c4c3b12b2524db6a5ec1d371de88cd6e0e0bfa27b7f3fc92746ffcde811a0db0e83e0b2f2a04bcf535bee3e50d31255b3f5673014df5cf9854d66fd7

memory/2400-1356-0x000001C0027D0000-0x000001C002CF8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 232c2972648cf044e56272e118e7ce4c
SHA1 7eb8b8a25c92d17c82aad615732daeaaab35d101
SHA256 5dc96574bb24e6fade51f282f3f353d22ff4c814868c68fc36f7254accdd5c33
SHA512 2d4c65e2d58932d3e68a844f85d1d62bf8c953d8b856d68ee3940fa8cbd02452b8f82b4108ce900fe0b420472e39f8f01a13fe7db9d6aff34f5a9b0cd06200c4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 9d0f5fccee3c8a95be3329ab36f8eab3
SHA1 97b0da14f1db638f8f4e04f8dba06f565341b09c
SHA256 599939cb6de40c22cf195efd75e755d7e8ae2fd2579ede7f50ef84f114358a84
SHA512 c750c0f5457909c32955767d052ad61505af178eeba3ef5c7aa17402a5ee785fd73f4f2c4bd7a6a444f971ed567f5b324a9b46ca178e27bd326a1eee33d47588

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 236743ffbd599e4529494fdd1a24ba0f
SHA1 6ed49224b0320da36c283bfb9d774cbe36b65b10
SHA256 80402f2a46b79e940bc27ce9a6fe26e4aa9f18235eac06e4ff7130caa497e3e5
SHA512 384904a845ea305f7b9871a74891961d6af65761c3b5e8b0b3e6f81f06cd9e138e9d4f2f1cec3299b58300de1307497de3f358382850c59b1712cec7bde1c394

memory/2400-1414-0x000001C0805E0000-0x000001C0807A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 87ee16e9656d31cf09c3a0ecb03da738
SHA1 231f18b6a4c616e503b61d187627fed0e2a04f3f
SHA256 ed95d8a586822cf7c00eb7ae90956c4e3a407bc82aa410ae35bf726079482ff6
SHA512 d121274b128d40051626b68ae7bd081bbd9bce192c60e8810c3398559e7b462bc9418a096f9edec0e5caeb4f8d3b13cfd70573300181cf220dc0621c9f10b5b0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 7773b2c62685e9e39618ecd0787cfebf
SHA1 8e0faf8fdbde8fe0259f0932f91bbe98a5d120d4
SHA256 21af120a743e6d333da60a19809d1e404d8c99107c2f88033ff98812dd55eddd
SHA512 e0554d9dae3541fbff6dd23bf42e432e975e95da5ead325e76c4b23e42ad0d78abbcc5a2c6c49c57076192ae8122a4a0ff514c5197d65e9fa960c4e706db317a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 ef21308bccec2f651710ce0fd2e07f6e
SHA1 ae404091b69d903c6fcaf8547e0e5ef523e97478
SHA256 cc34e344b9434c620c738d06d693dfed4409a772be4b011c822c319badf33470
SHA512 750e3764b8b4af5147f47ebfd801f037051ff0c77525aad5da25de8774e69e00a2daf59866775c029162eaf247bf5028b90a7029ebed1aa082cf2cfd342d96da

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 c801476decbe324b5d61e17b9fd7fd76
SHA1 b9dca1beec93372bf7b88711042368435a2db620
SHA256 e6294304e3c11b02077fa70e847350250c1bb373c89f1337c85ac380211b440b
SHA512 182a560d168947ba18c90e33ec9226c8c992ec9cb065e3ee9ec408509b45b4b30ae5612c570e1bed0b39fa1f3b8adc6446e5aaab26af21c0d4a78afd64adec0b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 dd27db025a5a6548c913ee786e3d3dbc
SHA1 b9b93b0182fea8af9ed8a780356489851075077b
SHA256 c5a6849e8674b9068d11551c5fc0edd34e6c508e66521ccc318e877c4fa73e45
SHA512 d82a96f2b0e532822dfcceaeef277eadaf25e17d7fd53908ccf590a63036f9fa56abeb4b9fab1345bb74287fa56a2e67202cede7f64488baf71f8c7722e1f7c3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 43dc92082f68cc99f2a6c2718a38765c
SHA1 1d2f272a475c5a256f6fe3ad710adf40eec8e18a
SHA256 b81c23e9ab703c85ab024bba22d277858348362ebb81e325fd5d1e0a9356ac52
SHA512 0a37a27f8b5d23867c412f04765c336ca4a9ecc78d429a527e4d185be471611a468986404225e47b43442c177726645b1ef8d84ddc969e2f0999abf4397abed4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 bf26a4eabff3b00417785bab7f677218
SHA1 706f85303a5d1378a0f5bf249f01b96c8e8fc837
SHA256 df9f784c7b9fe359c98d8630b48f2bf2c913cac2f187448c90bb522eca5d8b91
SHA512 bf804ff1db2f4c59e87777fd984b12734bf9f9ff857ece93fa2aa0c3237a9eafe2765ca73b743e867afdd7e6a9f2da48fec13a28fc0f21e83c6ed267d4c8a077

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 21ec1df18a937d5681cecf5c8d8f2294
SHA1 b393cd8d1ca4304b9760aa039e9d7131e5595462
SHA256 18c513f88f8b3a8f65de0a01a10e64227936660a10c8400496f9827e00f3abcb
SHA512 c82e2dab305225a9e78507b7a0e88de7845b749e47f532cfdc7b632a793b7aff2ac77321665e1f628463470d2e631f4413d6948740eba71bce58d72a956a7015

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\Microsoft.VC90.CRT\README_ENU.txt

MD5 a14f24c16fe9cb910dbd2aea9e14dc32
SHA1 b682064e84334beee3049975e0581a26e05cd4a2
SHA256 89f4a0ff447b833ac81e59c5c653d303377c4264060305808f6ff7f674070fa3
SHA512 eaca2b45801932daf2eb746df4e529f737d961628b578cd759d4074bf3b78a69da25dc9902519da458231ea871910ed6d22123468ebd90c77ce74a8afac84140