Analysis Overview
SHA256
d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca
Threat Level: Known bad
The file d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca was found to be: Known bad.
Malicious Activity Summary
PurpleFox
Gh0strat
Gh0st RAT payload
Detect PurpleFox Rootkit
Drops file in Drivers directory
Sets DLL path for service in the registry
Sets service image path in registry
Executes dropped EXE
Loads dropped DLL
UPX packed file
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks installed software on the system
Checks whether UAC is enabled
Checks system information in the registry
Drops file in System32 directory
HTTP links in PDF interactive object
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Runs ping.exe
Suspicious behavior: LoadsDriver
NTFS ADS
Modifies system certificate store
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Enumerates system info in registry
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-24 15:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-24 15:08
Reported
2024-05-24 15:41
Platform
win11-20240508-en
Max time kernel
1800s
Max time network
1794s
Command Line
Signatures
Detect PurpleFox Rootkit
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gh0st RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gh0strat
PurpleFox
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\QAssist.sys | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Sets DLL path for service in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Remote Data\Parameters\ServiceDll = "C:\\Windows\\system32\\240610218.txt" | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys" | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 45.77.153.162 | N/A | N/A |
| Destination IP | 45.77.153.162 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| File created | C:\Windows\SysWOW64\240610218.txt | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
| File created | C:\Windows\SysWOW64\Remote Data.exe | C:\Windows\SysWOW64\svchost.exe | N/A |
| File created | C:\Windows\SysWOW64\TXPlatfor.exe | C:\Users\Admin\AppData\Local\Temp\N.exe | N/A |
| File created | C:\Windows\SysWOW64\240613703.txt | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ini.ini | C:\Users\Admin\AppData\Local\Temp\R.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Remote Data.exe | C:\Windows\SysWOW64\svchost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\TXPlatfor.exe | C:\Users\Admin\AppData\Local\Temp\N.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\R.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa25900000001000000160000005200530041002f0053004800410033003800340000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Windows\ComodoAptAtScanner\cmdapt64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 91564.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\TXPlatfor.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
"C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe"
C:\Users\Admin\AppData\Local\Temp\R.exe
C:\Users\Admin\AppData\Local\Temp\\R.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
C:\Users\Admin\AppData\Local\Temp\N.exe
C:\Users\Admin\AppData\Local\Temp\\N.exe
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -auto
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -acsi
C:\Windows\SysWOW64\PING.EXE
ping -n 2 127.0.0.1
C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Users\Admin\AppData\Local\Temp\R.exe
C:\Users\Admin\AppData\Local\Temp\\R.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3340 -ip 3340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 472
C:\Users\Admin\AppData\Local\Temp\N.exe
C:\Users\Admin\AppData\Local\Temp\\N.exe
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -auto
C:\Windows\SysWOW64\Remote Data.exe
"C:\Windows\system32\Remote Data.exe" "c:\windows\system32\240610218.txt",MainThread
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul
C:\Windows\SysWOW64\TXPlatfor.exe
C:\Windows\SysWOW64\TXPlatfor.exe -acsi
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef82c3cb8,0x7ffef82c3cc8,0x7ffef82c3cd8
C:\Windows\SysWOW64\PING.EXE
ping -n 2 127.0.0.1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=gpu-process --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe
"C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe"
C:\Windows\ComodoAptAtScanner\cmdapt64.exe
C:\Windows\ComodoAptAtScanner\cmdapt64.exe --service --scope "processes|drivers|autoruns" --status "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\scan_status.txt" --output "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\out.xml" --tvl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\tvl.txt" --trl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\trl.txt" --filter "*" --scanPeOnly on --flsUdpPort 53 --flsTcpPort 80 --skipGAC
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| US | 8.8.8.8:53 | pv.sohu.com | udp |
| GB | 43.132.64.26:80 | pv.sohu.com | tcp |
| GB | 43.132.64.26:80 | pv.sohu.com | tcp |
| US | 69.42.215.252:80 | freedns.afraid.org | tcp |
| US | 8.8.8.8:53 | 252.215.42.69.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| BE | 2.17.196.99:443 | www.bing.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 104.20.138.65:80 | tinyurl.com | tcp |
| US | 104.20.138.65:80 | tinyurl.com | tcp |
| GB | 142.250.187.238:443 | drive.google.com | tcp |
| GB | 142.250.187.238:443 | drive.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | drive-thirdparty.googleusercontent.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.16.225:443 | drive-thirdparty.googleusercontent.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.179.234:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.179.234:443 | drivefrontend-pa.clients6.google.com | tcp |
| GB | 142.250.187.225:443 | drive.fife.usercontent.google.com | tcp |
| GB | 142.250.179.234:443 | drivefrontend-pa.clients6.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| GB | 216.58.212.202:443 | people-pa.clients6.google.com | tcp |
| GB | 172.217.16.225:443 | drive-thirdparty.googleusercontent.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | contacts.google.com | tcp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.200.14:443 | contacts.google.com | tcp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 52.111.227.14:443 | tcp | |
| GB | 142.250.187.238:443 | clients6.google.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 137.184.246.236:443 | accounts.comodo.com | tcp |
| N/A | 127.0.0.1:445 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| CA | 15.222.185.255:443 | verdict.xcitium.com | tcp |
| US | 45.77.153.162:53 | fls.security.comodo.com | udp |
| US | 45.77.153.162:5580 | fls.security.comodo.com | udp |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:6056 | fls.security.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:30460 | fls.security.comodo.com | udp |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:54583 | fls.security.comodo.com | udp |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:61915 | fls.security.comodo.com | udp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:59131 | fls.security.comodo.com | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:6195 | fls.security.comodo.com | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 45.77.153.162:40258 | fls.security.comodo.com | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:8509 | fls.security.comodo.com | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 45.77.153.162:80 | fls.security.comodo.com | tcp |
| US | 45.77.153.162:53149 | fls.security.comodo.com | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| CA | 15.222.185.255:443 | verdict.xcitium.com | tcp |
| US | 45.77.153.162:53 | fls.security.comodo.com | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| CA | 15.222.185.255:443 | verdict.xcitium.com | tcp |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| GB | 178.255.85.135:443 | cmc.comodo.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| CA | 15.222.185.255:443 | verdict.xcitium.com | tcp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| US | 8.8.8.8:53 | hackerinvasion.f3322.net | udp |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp | |
| N/A | 127.2.153.109:1003 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\R.exe
| MD5 | 8dc3adf1c490211971c1e2325f1424d2 |
| SHA1 | 4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5 |
| SHA256 | bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c |
| SHA512 | ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d |
C:\Windows\SysWOW64\240610218.txt
| MD5 | 510db366a3adef5cdb8b8bd727f90b8f |
| SHA1 | 022d97ddd03ee7d551c73cb0fcc98b69e97ffe15 |
| SHA256 | d552d3c1e298daf2ef9b90c627e63ff6456b8f6cefbed43b03e02915baac1471 |
| SHA512 | 4d5fed21d4b1aabe2efd00bf83c1ae1deaaa48cd1e2bb3e1d0705aa8a2c0b851839c1e8c52c3f8767424af7b9e75634056d660be6cf01895e1e5c492beb207b6 |
C:\Users\Admin\AppData\Local\Temp\N.exe
| MD5 | 4a36a48e58829c22381572b2040b6fe0 |
| SHA1 | f09d30e44ff7e3f20a5de307720f3ad148c6143b |
| SHA256 | 3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8 |
| SHA512 | 5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0 |
memory/1784-19-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/1784-17-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/1784-20-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2952-25-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2952-27-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2952-28-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2580-34-0x0000000010000000-0x00000000101B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
| MD5 | dbb91b7a30bb67cefad505fd0ac7daab |
| SHA1 | cf47b812e6f4eb028a2fd5ed06cd4fddcd01f518 |
| SHA256 | d814e3a71b711a6b598d1fb95c005d15b8a016f748d17a621b404fe0f681b419 |
| SHA512 | 1d36e9f24e1d0b2903276e859dfa87c179d6450e7345d3a6e35786e3a319a6676d7e85b7db012c1630b025702689ad7237b237481fc761532c51a87c3ff88300 |
memory/2580-41-0x0000000010000000-0x00000000101B6000-memory.dmp
memory/2580-44-0x0000000010000000-0x00000000101B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HD_X.dat
| MD5 | 2141968d005daf36443149f1763ce4f2 |
| SHA1 | 0faa7199e05ddd06c1f1e2c3bad8f70fac7eec9a |
| SHA256 | 79787aa1625449ae9c27027d04ae249b9a80515f10ba9c18183f729252fa062f |
| SHA512 | fb18dcf00cf8455ba1841a508342a977a1963bbc8511b4dc593c45d35ced4c9347f761c7e1c864775942093a25df1eab7d5fd0716a96a866f283f36fa3d7feee |
C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
| MD5 | 96113d3800f5cea8e3a72c8bc7d3654b |
| SHA1 | 3da1635bd56696823613550c1d10d7da0f3be98b |
| SHA256 | b144ccd363e6968c615a3cea7933576cf43f84805f240d0795b4ea8a8560fe03 |
| SHA512 | 009ee98e9df8031d7abda144c0eb56dec89f042b40d9ec7a81672e045fdf92097ee79af024f090716a1328af540edd89e670c4a98728d4afd323cce4aaffe4ea |
memory/4112-157-0x0000000000400000-0x00000000008C3000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | 87946f9d917161a2cdc033aa2e7e2af4 |
| SHA1 | 5d3ed03c10b36d7c894761c96e7070e81d74f4e9 |
| SHA256 | 0331741a91098f4ba1464ccf353a87b604fa37c84a3d290bcd61129276585c19 |
| SHA512 | fa48275f7733ac37dc0a5851a05c785c930184cf2725bf6807c75bb60727d5fc2e1f4225d8fb09c8c3779b9b35c737924219d6319235799e4151838d2e6c836c |
C:\Windows\SysWOW64\Remote Data.exe
| MD5 | 22bb5bd901d8b25ac5b41edbb7d5053e |
| SHA1 | 8a935dd8d7e104fc553ff7e8b54a404f7b079334 |
| SHA256 | 8dcaeeebef9b9f3d41d295db145ffb3850f309d089c08125c7fa7034db5fd80e |
| SHA512 | cc3fb68fd6791a08e4a7d1a8db8d07cfcc8c9b9dceec10b53f0cb7ee86473303a19be4f23e379f84c59e02d0568e7c066e21cd1300f6032dac4ba52f609f62e7 |
C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
| MD5 | 7faa5ffa86c7629b995db9db9de5840e |
| SHA1 | a5b83fe6745288cb6fa18450b3f9ad918fe90970 |
| SHA256 | ddda6f7397e8ebe11981b6ba137af2d99a72fe3ac1b14afee00737eca6738ed3 |
| SHA512 | 7aa8e32117951be916c8f829f1f7ebae999292edf45abd4dc8ffab5a21a87ffdc956246b1c2aa62ece63fc39ef9eb7ee0d51fc1a797d0f5051ce0b9216e2633c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 23da8c216a7633c78c347cc80603cd99 |
| SHA1 | a378873c9d3484e0c57c1cb6c6895f34fee0ea61 |
| SHA256 | 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3 |
| SHA512 | d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17 |
\??\pipe\LOCAL\crashpad_4608_HHLETCJMXGCDVHVC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1228-246-0x00007FFF06740000-0x00007FFF06741000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e4bf11ed97b6b312e938ca216cf30e |
| SHA1 | ff6b0b475e552dc08a2c81c9eb9230821d3c8290 |
| SHA256 | 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad |
| SHA512 | ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7ce40c63257204654efc299bf444a99 |
| SHA1 | 536781829d480c853ad2d52ef2567186d1b868f3 |
| SHA256 | e9ace34d895fcbdb10d5579eb58e94998d0114b850b2218610669a606308e664 |
| SHA512 | 6e00d7de0c433ea830d6669288b449dde628a9ab9819477799f236bb423b717871d47868892317186f83881a7196b615e9ac745bb582a0615bc589c9e4091c4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/3424-306-0x0000000000400000-0x00000000008C3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 37762a773f43cb7ac45a4fe8600a9d4d |
| SHA1 | 8c46a1697c554f00cc68530a24f38c79457bc4aa |
| SHA256 | 8f78a3c920914f683a6e8105c9a2e0c4ca38331b922ed71012811122304c6c89 |
| SHA512 | e59cf5bd7372141729402478cbb9dfa786f8c73241f53b5935f325f6fc656b57b8e3fb23a27ad1cf0da0d18de097dfebb646d91182133e2fae469ab5efdd6d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 207dc122c2549da001c4216a30b15c9b |
| SHA1 | fa9ef2bd6f5e8700ce6bbecb745dbaeba81f3062 |
| SHA256 | bc51d1656a5cdbe865b5805ce54e154b8131ee7e7f6d0db36d4f05dd3e098892 |
| SHA512 | 1c1a2c55eaad44a76119b393670f6cdcb4d8917207f65326bf40deda2c9074e310f44c01fd52d1a550d4f52e6940f60adcd4d1ce1c9f28d6c00d6f72097fb238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74e51bb728ecfb7937f5a431b5c978c8 |
| SHA1 | 7a76b793d40a7f45b62c10e050c0c2210377bb2f |
| SHA256 | 1dbb27164f64da0e276826b5f0b9ffd3fccbdc4bba8c6dcdee6a4f4cc9069e78 |
| SHA512 | 6eaaa9e8c53527f73ba5c54f7c5fa8ef3e415d949b03c891681b51abb9063a68fd30b0ad941d13d9d8029273d351de53ed63d988bf81db5dfcd3acc127c90718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 4b419751b95602190e663dcfb4397186 |
| SHA1 | 584625bb902af71e0d551a72995cce18736bf738 |
| SHA256 | 566e5021669d6f9d13f9af0fc133ffdb0d2f7b5ad5698aecbbfe1de1c9751ba2 |
| SHA512 | 60d3976779651bf7652fe6e5e9bf2ed251439ee04a891d3dd5112cac2b7ae6b70cd7cc7a49cf2b71931a3308ebdf945a5254d60a6789ebbbcc749ea2742d0eeb |
memory/3424-517-0x0000000000400000-0x00000000008C3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c58e3e49c4e647330e9c8da987127e0d |
| SHA1 | 195304302555abbcb14f4279bfd15987e270ea96 |
| SHA256 | 5f1855469e8f7eab8d916a7ab0ed39895c6071575355bf93a74e2908e04b3407 |
| SHA512 | 784919397860a438a90e6d4067c7df9d94eaff408947a668c7dba5bbd66802c17f18202f3972ae938f0b51c38be318abe9d186cfe3b1c4f9fec05e748219a342 |
memory/3424-559-0x0000000000400000-0x00000000008C3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c067fa836324df5b0f6e068d11958ebc |
| SHA1 | 551c1f6e52957cb718f6e7cdac9ca44e637881c3 |
| SHA256 | 401fef676807fc0e78fa56402824578d1b89866df04e2b34d043baa380bab1df |
| SHA512 | 586eac8de9147dabd9773eeebd9cc88dfd080419d0a9bae1ae62c0ec95045ecb4aae1408ea65265c0d4a0dc6e7b16834a84318d3d63cbf7ccbbd0fbbf8045c5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f472685f0589eb83847f0a91409094e |
| SHA1 | 76b5689bc71b571e2a309f165bc09b380251f05b |
| SHA256 | 94c33a896df4ebcb210f43b245ab1dd069e907d6fcb4534a76c1cfd938f1fc12 |
| SHA512 | 7205d281f3e0f7e87b2c0c2cd2ac2fcd884a5e32467636cfa7ccd0ed50223ce72e3d075a78b9898ba67205f18ad1ece0ef6e5b5a77a4967de52d9b88dd78c7c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cb0b.TMP
| MD5 | 7b6c55f8ad625f2693bb45379a47ece6 |
| SHA1 | 18a2b1749d0f1ab1ca74402be52ba0baa98895b7 |
| SHA256 | 56566c0379722e80202edfaaa30968a5545d9104269d3161992bedfae7a1fc61 |
| SHA512 | ed1d5a874d141d084bcd17d4c8e8852390850a008236033e71551422b71b3a05c9faa3922d30270111409777a949a3ed762dba0fedd9cde85426f754d39372fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\252451a7-bef5-49e3-acac-f2aa1aa7cc86.tmp
| MD5 | 292b152172d1f5ebf9c2696049043bea |
| SHA1 | 090497d04c928052663ab514ef9c54da9cdb88ee |
| SHA256 | d75413fa2100a2f819c938f0b7ef2355868f1448541a7c44e54966e3a861fc62 |
| SHA512 | 03aad4e8483707660be6a6b2975256f725d75e3dc953bf92b4bf62891638832850cf7b384a22fb4ce85927123343e3aaccc1b7ca3e725b565ddbbdfda9d91cfd |
C:\Users\Admin\Downloads\Unconfirmed 91564.crdownload
| MD5 | ddf8230ab47c7c517397ef1c5b1ee2e0 |
| SHA1 | 4214d7217f353b7b8519ddb768ad238a9afa10f2 |
| SHA256 | 688de6269eabf44a59a497e26920466976fa26a7d6b4ac4127cacf03da2edcac |
| SHA512 | 464dcf2958971a2b38e5e61c746578a88c571d976b5183489e3e8ec05953c51c860bd97e1839ea77faea18defa28da1d19f9d113037e4b7d98e5692ee6488ff1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0e71814596668d62e51cc27e3ad1e02f |
| SHA1 | 5ad6f351c9f28e6067d8ceb0f1e43a1e235ed09b |
| SHA256 | 47af502a17a97704ef41c653dde044fef19c345a2bcc51b5dc2891ea10e635c3 |
| SHA512 | a5eb1408e0135d6751d5ce592bb407dc2bb7f9a581984989c30ecdf1215be42ee6f682e90820c00af7c9586215a157a91bb4f2121197684f9954367a57c669db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b80e88bb63f47aa646bf55708da467a9 |
| SHA1 | 6656cbe203d6f762400151d301fa7a27d5acd62c |
| SHA256 | 605a1b1dbce537bbb14e9328bc047481ec66aa9eaf9eaffa1bfafab1690325b6 |
| SHA512 | e5478d87569cc016130137d63e4a5802c6d07c1fab89dab5374c93afedf66455de872af65cc78aef7c7d78ac680f16bfddcf3ada91c7e052bead0ce58dd635ef |
memory/3424-646-0x0000000000400000-0x00000000008C3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20fca5abcb684f99af100cf3072008c0 |
| SHA1 | 0efa69d7b8de2b8865c27ae5f400a2c6a4629382 |
| SHA256 | 4c2b3cab0d3f3d1eb283e38df289f7199ae33539ecf95e9eae52aa58ee0f607a |
| SHA512 | 8a809a386509b959ae8984dde2e8961dc540d610182ab052fc9f94a1950663fb99058e8ec99c59513cacfd47e6dfde3b0582a3498e2d7f0b3d9d7115c158bc81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb48ab298445ed27efe31470fe0a6aac |
| SHA1 | 43ce6b7cc283f09acbf31b13a11dc4fcfff00fe1 |
| SHA256 | e8f75caaff88788aad8fe571959b83313951bc04f72afb018066f0f001d9b898 |
| SHA512 | f9531a5d2ed19922b80ff3f9d25cd1785cac2f31db61d8093f252daa06fb3e3b321c67860dc534b883f937e40b50ce0687393cba8943f49ff4cdfcdebf441a3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aa4a218175cd706e3722d8593ed7a24b |
| SHA1 | 1dbdfb23c484fb02e9a6de7bc10f4147fbb4aa1b |
| SHA256 | d93085a7822a04e574e20796a6085b6728245a01a8bc27d80d6acee3ecba553f |
| SHA512 | dcb7e83b7f75340135734224494be946a08dba78809135da1a0bf6204ecee7dc071b4c733347d84e20684e07a327c91e9aada93d57a024090972e9859176cb29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09611990b60c17bcdf610a41e22ce9ae |
| SHA1 | 4efe4fe8f88964d099e854e1816178e7b3c71ff3 |
| SHA256 | c416a3953c9523be57eeea2960cdba9af64883e6901123986ef3fc0d778c7e72 |
| SHA512 | 3ac65d8b92c7885b18b35b88743de8d996470f01015bc28829cded87b51533808f30cd5d35e74cd1d45cef3dd84850ff3af77653d63ced075b5036f036d26f71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7b974b3b73390a8ee0d961581830411f |
| SHA1 | a4de468d0d07f0f54d0fcc72175700163d573740 |
| SHA256 | 00aa15202457cb7e5df91e7001e9d268dc952636e80553c452e85abb32956da3 |
| SHA512 | 6189b6a29d4bb6589b7d297cb2872c9bdded207ff7f397299efdf056f72444ed7719e47f868b1f11cec3e74c7b4c0672dded800ddb3b8b23cb493fb9df62b3c2 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe
| MD5 | 9dbd87da3046935d74a6026cb0e9bae9 |
| SHA1 | 11584dbe6847d90c5797d0c2ca6ad4247154ca60 |
| SHA256 | 381f108010501d81a8442290432434074e74b131a30a5c77a27d1e514a29b45c |
| SHA512 | f2a57a0e86abb96d491f0b1ebc6c1efbbcd3e48f1e03e83b90b049b18c20b62e2d5ad56a35ae219b536a8ddec712072b002296a0d5adffcd573490855fb5ae43 |
memory/2400-930-0x000001C05E450000-0x000001C05E6C4000-memory.dmp
memory/2400-933-0x000001C0602C0000-0x000001C0602D0000-memory.dmp
memory/2400-936-0x000001C078E70000-0x000001C078F12000-memory.dmp
memory/2400-935-0x000001C078AF0000-0x000001C078B14000-memory.dmp
memory/2400-934-0x000001C078B30000-0x000001C078B68000-memory.dmp
memory/2400-937-0x000001C079290000-0x000001C0795F8000-memory.dmp
memory/2400-938-0x000001C079600000-0x000001C07989C000-memory.dmp
memory/2400-939-0x000001C078F20000-0x000001C078F98000-memory.dmp
memory/2400-940-0x000001C078FA0000-0x000001C078FFE000-memory.dmp
memory/2400-941-0x000001C079000000-0x000001C079060000-memory.dmp
memory/2400-942-0x000001C079260000-0x000001C079274000-memory.dmp
memory/2400-943-0x000001C07D320000-0x000001C07D32E000-memory.dmp
memory/2400-944-0x000001C07EBD0000-0x000001C07EBD8000-memory.dmp
memory/2400-946-0x000001C07EC20000-0x000001C07EC2E000-memory.dmp
memory/2400-945-0x000001C07EC50000-0x000001C07EC88000-memory.dmp
memory/2400-947-0x000001C07F360000-0x000001C07F690000-memory.dmp
memory/2400-948-0x000001C07EED0000-0x000001C07F09C000-memory.dmp
memory/2400-949-0x000001C07F690000-0x000001C07F8A2000-memory.dmp
memory/2400-950-0x000001C07D0D0000-0x000001C07D12C000-memory.dmp
memory/2400-952-0x000001C07F930000-0x000001C07F9A8000-memory.dmp
memory/2400-951-0x000001C0800E0000-0x000001C0805DA000-memory.dmp
memory/2400-953-0x000001C07F240000-0x000001C07F2E6000-memory.dmp
memory/2400-954-0x000001C07EE40000-0x000001C07EE8C000-memory.dmp
memory/2400-956-0x000001C07D160000-0x000001C07D182000-memory.dmp
memory/2400-955-0x000001C07F9B0000-0x000001C07FA4C000-memory.dmp
memory/2400-957-0x000001C07F8B0000-0x000001C07F92E000-memory.dmp
memory/2400-959-0x000001C07D190000-0x000001C07D1B0000-memory.dmp
memory/2400-960-0x000001C000370000-0x000001C0003AA000-memory.dmp
memory/2400-961-0x000001C000330000-0x000001C000356000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 4fdfa657a5313e34270722cfed7d5e2b |
| SHA1 | ac81fd84e6fff33bbb5bbb2ba0dfe86af9d1983e |
| SHA256 | 4570cf15966fb5ddac7e645bfff75ec137b1c26bbabe488ec97b21ee45e2208c |
| SHA512 | 7f31ec10c604358aa1a91ce9bb5b7273c1490f594d63ae4ac15aaaafd32752eeb9cbb31d4086f518ff0fa5d4b2ab35af62abb052666a710d55114ff6f5f3da0d |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | a781fce8f47a3dcc4fa04c65dc653721 |
| SHA1 | e444487a0d2c2a0c83ee1b1aaf4f2a056d3ca636 |
| SHA256 | d6a1d53f9790fd8512d9fc24ef46964ea5877ff2f4d2be8a2f5a3269f202c37c |
| SHA512 | 89d6120eb757e5f2bf329aab657dac5627f0219faeee44880ff11be78dbd3e5518f06879ce1ca13e73f450c7c1e83a39fb123bc8901576629ceb42059a63c8f7 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 0929224220374bc1027ba9e8658bcada |
| SHA1 | f9040f15db3a15a8a184906b45258ad00f3ea203 |
| SHA256 | c36f0c1467e3344b962a5da34e909f45945714ed4eacf88f6ecd0270c70540f7 |
| SHA512 | 8fe901ee0f31c55aac9aaa860ff39e4b147ec5a55484ae4e6961763373797772db7dbd8afb0a590ed246ac5475f0ead17c90d3bd3388a5fd88fc2b823f799af8 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 60fbf2d99ca2a6ac6641a789f5ec486f |
| SHA1 | 8ff8982713cf29476babc22de59348f877f1aa93 |
| SHA256 | b59fe74112faef8e3e08829a0f9bacea476ac2c22717407978b258a741964a8f |
| SHA512 | 3d3c1fa7894aa0950052f7a65403f32b25bab163070e8a5a6a3a41bd1731f12ef029c2293e824d1e219ab7b62c0d6c6f4d59277b1a18977dbbef02166bdcca92 |
memory/2400-1034-0x000001C07FA50000-0x000001C07FAC6000-memory.dmp
memory/2400-1035-0x000001C07D140000-0x000001C07D15E000-memory.dmp
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\517efac85db7042e2b9ae54b76f4e58d_15439030-dbba-449d-b460-326ebc585651
| MD5 | 4f786152087be2421780544897125bbc |
| SHA1 | 1465783d441a6f6a81911d45a1a37717a67f75e1 |
| SHA256 | c7615ebd18ae705138de2779645a691e95be66508896269c01cd075faf8f2ff9 |
| SHA512 | 5d74be14e8cf3b2b65aaee70c69502a528ae5a0a524bec6122b1ed44a7c1c53f64fe40edbc764908bbae8baffd732967ed1f5cf0ae508f9777ea7fe8a038f118 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 3acae61499b3ee487e29c3e3b135fa14 |
| SHA1 | 684ae7fd6666e49f3d8bea11dbf0a20aa4f197ec |
| SHA256 | c66c203dff7217d2100e863ee8bc9a5a2f8aa5bed2fabb9fc286ea7cb4816cdf |
| SHA512 | f59d86b297d1fc610afaa811fe0f9faf9877a3c4c658cb18cd16669ffda49bd085ecfe22ecad4fa044e93bcd67c5c1bd52576eae19fbafa846957f78b5feb24e |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 70bf6ece93e9fa3d2f7e6c82e2ca79e4 |
| SHA1 | 688a545ad0ff4129fc2a54fc45f8d2f044e94193 |
| SHA256 | c97b3e68a8e4f20b1567a8f8efd1734fc58c664116a80bf0eebf0f092d33b86f |
| SHA512 | eb3e2e65db9b52a69afc36310c04b87db90ec05b10a526571a95f59b34bb9f89bbd4ac1906ca87ea6b6a1d8a15dc1d9232411fe8d19b9d421253bca874235238 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 1dec3d2edb17baacc7bae184b7a32b37 |
| SHA1 | 2bef340ec2098662401e5ef35ff77996f02db883 |
| SHA256 | dad37aaf70adf04b66c2581645cf72d8fd36c26fdca964fd47adc55af4aa5366 |
| SHA512 | f7294d89ee9ac0aaea1417abf7409cb527b4de0953140954593d57829cdaf6d9e91256bbce67c9e46d8d76a235e9b0e75e9bc764c7121c275d4ac9808ba5c49c |
memory/2400-1112-0x000001C07C7E0000-0x000001C07C7E8000-memory.dmp
memory/2400-1113-0x000001C07C830000-0x000001C07C838000-memory.dmp
memory/2400-1114-0x000001C07D1B0000-0x000001C07D1B8000-memory.dmp
memory/2400-1115-0x000001C07FDA0000-0x000001C07FF28000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 0a3ec84096a90459a508107c9a55c04a |
| SHA1 | cafadc27dd55d70c20a66f421688f2b9a00da344 |
| SHA256 | 822a4e6621089ee7da6a30ff7b4a20ad89b5d0b5b18a308a889fcec30e551a72 |
| SHA512 | 9b951ca3e12fb6b7f0d56a50320119804d0561d64b2a239478435c35681defcadfc1bea697488ee59a73b01e7a8912654b9af1e4a956b8055c6d4615197fc33a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | c11571c506a0e597e021ad68a5fef70b |
| SHA1 | 119bbfbcb0ac205d4dabfacfd440e1f9769183ce |
| SHA256 | b374215f5efc1b9cc61628cfd55e2556d5accfb6f77d8bde7bfba91de5c62266 |
| SHA512 | de07bcb11e6253e6d85fd42c5d15e6080505cd069cdd9f2d31efb2b15e2c4b3620c2724b447d3e231f912dce7565a20533118fb36dd7eec9fd6bfe648555af35 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 55c8c72d530e75ba6ce186778d84f197 |
| SHA1 | c1d3b4841b638aff857cabe0b4226e023dde5897 |
| SHA256 | 637782341c99352da8336d841a12e886ee6fb36749c7c4529c82d52a5d86f07f |
| SHA512 | 98ce3cdc9f6759afe4a577ec4d11561af59e8b2af6161ed70f1388a997ca5a9929bf0cc5a3f43c9ab7546d0b7d7cc1f355670088ffad34045d8b053b23225c7c |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | ec6fb1015686fd62ebfae926911b04ca |
| SHA1 | 0f80d497dd5bb27034de465b1053511e65a8bf27 |
| SHA256 | ae3a7757d26bc0d972d919cdb236e69b6255fbf4ba7b3fc5765776bf6b1bd011 |
| SHA512 | f7ac24de33e42bba93efd8cc5f4f538294822c424ee0eb57ca2aa6269d013590e19f907240d9343928f8527e70b54518f313021b130b515ef4381aac4b00d1f6 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 219d50e9fa1b1bc77647eec700c464b6 |
| SHA1 | 8b5c543f34139ef3916dcd10c2fd5189ae6ae0c3 |
| SHA256 | 9cc9eefbdceecf48259176f74d24e15c6fc9154d871bf9f114228edabc91059e |
| SHA512 | 105a84d6979b005dde374660b8ee61d8618ff3d8a179edab3dbacbf9869828f752f261e7bb65b93caaca255a24c7792abe505b97bfdbe224c3cd7d33e006b459 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 428f6958e66b6976b2f1a377760a8dbb |
| SHA1 | e64b320ea2d120a9cdc182221aae048f8cfd4d38 |
| SHA256 | 09602f1f1955bcd9d31ff5324bdadc0d5e13a54019e30486381609a93d65d624 |
| SHA512 | 97e4f59a22fa4a3a97f386883f8e079d47e3c9f9b9a3f809151ff49ed2e0edcc129f6b1a34175b08c73e201df6f3ae064e13a3db85c14389b6627a9810f6facc |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 45558ae636a7ad365801910cb30481d4 |
| SHA1 | 262cdb8d27c9ef63821c57932d94cec1b0e00981 |
| SHA256 | a3502c69a0b310b23cd8a55964119f0e28a3a814cf8e3699bcb2ed56d6ed3802 |
| SHA512 | 7a65393a7f48abfe0f4db206b36370fac1f1bfd1eea6d921abfb45f9e7722a200bafa61cd4e304a22640e37b21f55559dcd317044c47cff232e0ce8bff7e9c74 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 75d51b703c4e4a878c928810c3e7edb8 |
| SHA1 | eb40da4caa17f17473e4af08c1a565cc7a138896 |
| SHA256 | 9fe42a63ee2b73bd2c83e6af9da4dc9b903645085e636f092e5830917ad761e2 |
| SHA512 | c562cc9c97924c5a4b57fbea98f0bc01cd4a8ac886ee2f24ced1d9f5275c08d51749c5b69f0834d1892b9c941c9d3b70f26efbc40af13776c76279a919527d99 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | f504848dc13346c7eae47d66d642f78f |
| SHA1 | d774f08323fe0e5b30321f3aa8062e4186153601 |
| SHA256 | f3ab225770ec0563f1bf774288e89d74c29eacaa9f76c29f6ee18476879af0c7 |
| SHA512 | a7c9bba8c4c3b12b2524db6a5ec1d371de88cd6e0e0bfa27b7f3fc92746ffcde811a0db0e83e0b2f2a04bcf535bee3e50d31255b3f5673014df5cf9854d66fd7 |
memory/2400-1356-0x000001C0027D0000-0x000001C002CF8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 232c2972648cf044e56272e118e7ce4c |
| SHA1 | 7eb8b8a25c92d17c82aad615732daeaaab35d101 |
| SHA256 | 5dc96574bb24e6fade51f282f3f353d22ff4c814868c68fc36f7254accdd5c33 |
| SHA512 | 2d4c65e2d58932d3e68a844f85d1d62bf8c953d8b856d68ee3940fa8cbd02452b8f82b4108ce900fe0b420472e39f8f01a13fe7db9d6aff34f5a9b0cd06200c4 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 9d0f5fccee3c8a95be3329ab36f8eab3 |
| SHA1 | 97b0da14f1db638f8f4e04f8dba06f565341b09c |
| SHA256 | 599939cb6de40c22cf195efd75e755d7e8ae2fd2579ede7f50ef84f114358a84 |
| SHA512 | c750c0f5457909c32955767d052ad61505af178eeba3ef5c7aa17402a5ee785fd73f4f2c4bd7a6a444f971ed567f5b324a9b46ca178e27bd326a1eee33d47588 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 236743ffbd599e4529494fdd1a24ba0f |
| SHA1 | 6ed49224b0320da36c283bfb9d774cbe36b65b10 |
| SHA256 | 80402f2a46b79e940bc27ce9a6fe26e4aa9f18235eac06e4ff7130caa497e3e5 |
| SHA512 | 384904a845ea305f7b9871a74891961d6af65761c3b5e8b0b3e6f81f06cd9e138e9d4f2f1cec3299b58300de1307497de3f358382850c59b1712cec7bde1c394 |
memory/2400-1414-0x000001C0805E0000-0x000001C0807A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 87ee16e9656d31cf09c3a0ecb03da738 |
| SHA1 | 231f18b6a4c616e503b61d187627fed0e2a04f3f |
| SHA256 | ed95d8a586822cf7c00eb7ae90956c4e3a407bc82aa410ae35bf726079482ff6 |
| SHA512 | d121274b128d40051626b68ae7bd081bbd9bce192c60e8810c3398559e7b462bc9418a096f9edec0e5caeb4f8d3b13cfd70573300181cf220dc0621c9f10b5b0 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 7773b2c62685e9e39618ecd0787cfebf |
| SHA1 | 8e0faf8fdbde8fe0259f0932f91bbe98a5d120d4 |
| SHA256 | 21af120a743e6d333da60a19809d1e404d8c99107c2f88033ff98812dd55eddd |
| SHA512 | e0554d9dae3541fbff6dd23bf42e432e975e95da5ead325e76c4b23e42ad0d78abbcc5a2c6c49c57076192ae8122a4a0ff514c5197d65e9fa960c4e706db317a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | ef21308bccec2f651710ce0fd2e07f6e |
| SHA1 | ae404091b69d903c6fcaf8547e0e5ef523e97478 |
| SHA256 | cc34e344b9434c620c738d06d693dfed4409a772be4b011c822c319badf33470 |
| SHA512 | 750e3764b8b4af5147f47ebfd801f037051ff0c77525aad5da25de8774e69e00a2daf59866775c029162eaf247bf5028b90a7029ebed1aa082cf2cfd342d96da |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | c801476decbe324b5d61e17b9fd7fd76 |
| SHA1 | b9dca1beec93372bf7b88711042368435a2db620 |
| SHA256 | e6294304e3c11b02077fa70e847350250c1bb373c89f1337c85ac380211b440b |
| SHA512 | 182a560d168947ba18c90e33ec9226c8c992ec9cb065e3ee9ec408509b45b4b30ae5612c570e1bed0b39fa1f3b8adc6446e5aaab26af21c0d4a78afd64adec0b |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | dd27db025a5a6548c913ee786e3d3dbc |
| SHA1 | b9b93b0182fea8af9ed8a780356489851075077b |
| SHA256 | c5a6849e8674b9068d11551c5fc0edd34e6c508e66521ccc318e877c4fa73e45 |
| SHA512 | d82a96f2b0e532822dfcceaeef277eadaf25e17d7fd53908ccf590a63036f9fa56abeb4b9fab1345bb74287fa56a2e67202cede7f64488baf71f8c7722e1f7c3 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 43dc92082f68cc99f2a6c2718a38765c |
| SHA1 | 1d2f272a475c5a256f6fe3ad710adf40eec8e18a |
| SHA256 | b81c23e9ab703c85ab024bba22d277858348362ebb81e325fd5d1e0a9356ac52 |
| SHA512 | 0a37a27f8b5d23867c412f04765c336ca4a9ecc78d429a527e4d185be471611a468986404225e47b43442c177726645b1ef8d84ddc969e2f0999abf4397abed4 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | bf26a4eabff3b00417785bab7f677218 |
| SHA1 | 706f85303a5d1378a0f5bf249f01b96c8e8fc837 |
| SHA256 | df9f784c7b9fe359c98d8630b48f2bf2c913cac2f187448c90bb522eca5d8b91 |
| SHA512 | bf804ff1db2f4c59e87777fd984b12734bf9f9ff857ece93fa2aa0c3237a9eafe2765ca73b743e867afdd7e6a9f2da48fec13a28fc0f21e83c6ed267d4c8a077 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
| MD5 | 21ec1df18a937d5681cecf5c8d8f2294 |
| SHA1 | b393cd8d1ca4304b9760aa039e9d7131e5595462 |
| SHA256 | 18c513f88f8b3a8f65de0a01a10e64227936660a10c8400496f9827e00f3abcb |
| SHA512 | c82e2dab305225a9e78507b7a0e88de7845b749e47f532cfdc7b632a793b7aff2ac77321665e1f628463470d2e631f4413d6948740eba71bce58d72a956a7015 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\Microsoft.VC90.CRT\README_ENU.txt
| MD5 | a14f24c16fe9cb910dbd2aea9e14dc32 |
| SHA1 | b682064e84334beee3049975e0581a26e05cd4a2 |
| SHA256 | 89f4a0ff447b833ac81e59c5c653d303377c4264060305808f6ff7f674070fa3 |
| SHA512 | eaca2b45801932daf2eb746df4e529f737d961628b578cd759d4074bf3b78a69da25dc9902519da458231ea871910ed6d22123468ebd90c77ce74a8afac84140 |