Description	Indicator	Process	Target
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD727B.tmp	C:\Users\Admin\Downloads\WannaCry.EXE	N/A
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD7291.tmp	C:\Users\Admin\Downloads\WannaCry.EXE	N/A

Executes dropped EXE

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\Downloads\WannaCry.EXE	N/A
N/A	N/A	C:\Users\Admin\Downloads\WannaCry.EXE	N/A
N/A	N/A	C:\Users\Admin\Downloads\taskdl.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\WannaCry.EXE	N/A
N/A	N/A	C:\Users\Admin\Downloads\@[email protected]	N/A
N/A	N/A	C:\Users\Admin\Downloads\@[email protected]	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A

Loads dropped DLL

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A

Modifies file permissions

discovery

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\SysWOW64\icacls.exe	N/A
N/A	N/A	C:\Windows\SysWOW64\icacls.exe	N/A
N/A	N/A	C:\Windows\SysWOW64\icacls.exe	N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description	Indicator	Process	Target
N/A	camo.githubusercontent.com	N/A	N/A
N/A	camo.githubusercontent.com	N/A	N/A
N/A	raw.githubusercontent.com	N/A	N/A
N/A	raw.githubusercontent.com	N/A	N/A

Sets desktop wallpaper using registry

ransomware

Description	Indicator	Process	Target
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	C:\Users\Admin\Downloads\WannaCry.EXE	N/A

Enumerates physical storage devices

Enumerates system info in registry

Description	Indicator	Process	Target
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Modifies registry class

Description	Indicator	Process	Target
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 8400310000000000bf5893101300444f574e4c4f7e3100006c0009000400efbea8582e61bf5893102e0000007be10100000001000000000000000000420000000000437ce20044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000bf5891101100557365727300640009000400efbe874f7748bf5891102e000000c70500000000010000000000000000003a0000000000c0ec760055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{A7FFF9E2-FE50-41CF-B929-8DFA8E4A2A3D}	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000bf589110100041646d696e003c0009000400efbea8582e61bf5891102e00000073e10100000001000000000000000000000000000000c0ec7600410064006d0069006e00000014000000	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

NTFS ADS

Description	Indicator	Process	Target
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 124049.crdownload:SmartScreen	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious behavior: EnumeratesProcesses

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A
N/A	N/A	C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe	N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of SendNotifyMessage

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\Downloads\@[email protected]	N/A
N/A	N/A	C:\Users\Admin\Downloads\@[email protected]	N/A
N/A	N/A	C:\Users\Admin\Downloads\@[email protected]	N/A
N/A	N/A	C:\Users\Admin\Downloads\@[email protected]	N/A

Suspicious use of WriteProcessMemory

Views/modifies file attributes

evasion

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\SysWOW64\attrib.exe	N/A
N/A	N/A	C:\Windows\SysWOW64\attrib.exe	N/A
N/A	N/A	C:\Windows\SysWOW64\attrib.exe	N/A
N/A	N/A	C:\Windows\SysWOW64\attrib.exe	N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4382-melon.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,18140784052423450623,1411365232571164067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Users\Admin\Downloads\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 154291717121072.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	58.55.71.13.in-addr.arpa	udp
US	8.8.8.8:53	kumo.network-n.com	udp
US	8.8.8.8:53	cdnjs.cloudflare.com	udp
US	8.8.8.8:53	pfps.gg	udp
US	8.8.8.8:53	cdn.jsdelivr.net	udp
US	151.101.1.229:443	cdn.jsdelivr.net	tcp
US	104.17.25.14:443	cdnjs.cloudflare.com	tcp
GB	143.244.38.136:443	kumo.network-n.com	tcp
US	172.67.136.2:443	pfps.gg	tcp
US	172.67.136.2:443	pfps.gg	tcp
GB	143.244.38.136:443	kumo.network-n.com	tcp
US	104.17.25.14:443	cdnjs.cloudflare.com	tcp
US	8.8.8.8:53	0.205.248.87.in-addr.arpa	udp
US	8.8.8.8:53	133.32.126.40.in-addr.arpa	udp
US	8.8.8.8:53	99.201.58.216.in-addr.arpa	udp
US	8.8.8.8:53	74.204.58.216.in-addr.arpa	udp
US	8.8.8.8:53	229.1.101.151.in-addr.arpa	udp
US	8.8.8.8:53	14.25.17.104.in-addr.arpa	udp
US	8.8.8.8:53	136.38.244.143.in-addr.arpa	udp
US	8.8.8.8:53	95.221.229.192.in-addr.arpa	udp
US	8.8.8.8:53	2.136.67.172.in-addr.arpa	udp
US	8.8.8.8:53	226.20.18.104.in-addr.arpa	udp
US	8.8.8.8:53	a.nel.cloudflare.com	udp
US	35.190.80.1:443	a.nel.cloudflare.com	tcp
US	8.8.8.8:53	js.stripe.com	udp
US	35.190.80.1:443	a.nel.cloudflare.com	udp
US	18.245.199.41:443	js.stripe.com	tcp
US	8.8.8.8:53	cdn.pfps.gg	udp
US	8.8.8.8:53	securepubads.g.doubleclick.net	udp
US	8.8.8.8:53	static.kueezrtb.com	udp
US	8.8.8.8:53	z.moatads.com	udp
GB	142.250.200.34:443	securepubads.g.doubleclick.net	tcp
US	8.8.8.8:53	cdn.privacy-mgmt.com	udp
US	8.8.8.8:53	00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app	udp
US	8.8.8.8:53	btloader.com	udp
US	18.245.199.47:443	cdn.privacy-mgmt.com	tcp
US	8.8.8.8:53	boot.pbstck.com	udp
US	8.8.8.8:53	c.amazon-adsystem.com	udp
US	8.8.8.8:53	static.anonymised.io	udp
US	172.67.41.60:443	btloader.com	tcp
US	172.64.146.86:443	00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app	tcp
US	151.101.1.229:443	cdn.jsdelivr.net	udp
US	34.107.217.107:443	static.anonymised.io	tcp
US	18.245.194.122:443	c.amazon-adsystem.com	tcp
US	104.22.0.93:443	boot.pbstck.com	tcp
GB	142.250.200.34:443	securepubads.g.doubleclick.net	udp
US	34.107.217.107:443	static.anonymised.io	udp
US	8.8.8.8:53	api.btloader.com	udp
US	8.8.8.8:53	ad-delivery.net	udp
US	130.211.23.194:443	api.btloader.com	tcp
US	104.26.3.70:443	ad-delivery.net	tcp
US	104.26.3.70:443	ad-delivery.net	tcp
US	8.8.8.8:53	cdn.pbstck.com	udp
US	8.8.8.8:53	1.80.190.35.in-addr.arpa	udp
US	8.8.8.8:53	material.anonymised.io	udp
US	8.8.8.8:53	41.199.245.18.in-addr.arpa	udp
US	8.8.8.8:53	34.200.250.142.in-addr.arpa	udp
US	8.8.8.8:53	47.199.245.18.in-addr.arpa	udp
US	8.8.8.8:53	104.201.58.216.in-addr.arpa	udp
US	8.8.8.8:53	60.41.67.172.in-addr.arpa	udp
US	8.8.8.8:53	86.146.64.172.in-addr.arpa	udp
US	8.8.8.8:53	107.217.107.34.in-addr.arpa	udp
US	8.8.8.8:53	122.194.245.18.in-addr.arpa	udp
US	8.8.8.8:53	50.201.222.52.in-addr.arpa	udp
US	8.8.8.8:53	93.0.22.104.in-addr.arpa	udp
US	8.8.8.8:53	194.23.211.130.in-addr.arpa	udp
US	8.8.8.8:53	70.3.26.104.in-addr.arpa	udp
US	8.8.8.8:53	6.200.250.142.in-addr.arpa	udp
US	18.245.199.47:443	cdn.privacy-mgmt.com	tcp
US	18.245.199.47:443	cdn.privacy-mgmt.com	tcp
US	172.67.25.151:443	cdn.pbstck.com	tcp
US	172.67.25.151:443	cdn.pbstck.com	tcp
US	34.117.250.57:443	material.anonymised.io	tcp
US	104.22.35.123:443	static.kueezrtb.com	tcp
SE	104.73.93.162:443	z.moatads.com	tcp
US	34.117.250.57:443	material.anonymised.io	udp
US	8.8.8.8:53	intake.pbstck.com	udp
US	104.22.35.123:443	static.kueezrtb.com	tcp
US	8.8.8.8:53	track.kueezrtb.com	udp
US	8.8.8.8:53	gtrack.kueezrtb.com	udp
US	104.22.34.123:443	gtrack.kueezrtb.com	tcp
US	104.22.34.123:443	gtrack.kueezrtb.com	tcp
US	104.22.34.123:443	gtrack.kueezrtb.com	tcp
US	104.22.34.123:443	gtrack.kueezrtb.com	tcp
US	8.8.8.8:53	m.stripe.network	udp
US	8.8.8.8:53	151.25.67.172.in-addr.arpa	udp
US	8.8.8.8:53	178.36.239.216.in-addr.arpa	udp
US	8.8.8.8:53	57.250.117.34.in-addr.arpa	udp
US	8.8.8.8:53	123.35.22.104.in-addr.arpa	udp
US	8.8.8.8:53	162.93.73.104.in-addr.arpa	udp
FR	99.86.91.43:443	m.stripe.network	tcp
US	8.8.8.8:53	u.kueezrtb.com	udp
US	8.8.8.8:53	mb.moatads.com	udp
GB	130.162.160.243:443	mb.moatads.com	tcp
US	8.8.8.8:53	123.34.22.104.in-addr.arpa	udp
US	8.8.8.8:53	243.160.162.130.in-addr.arpa	udp
US	8.8.8.8:53	43.91.86.99.in-addr.arpa	udp
US	8.8.8.8:53	m.stripe.com	udp
US	44.238.18.217:443	m.stripe.com	tcp
US	8.8.8.8:53	217.18.238.44.in-addr.arpa	udp
N/A	224.0.0.251:5353		udp
US	8.8.8.8:53	sb.scorecardresearch.com	udp
US	3.165.136.76:443	sb.scorecardresearch.com	tcp
US	8.8.8.8:53	76.136.165.3.in-addr.arpa	udp
US	8.8.8.8:53	28.118.140.52.in-addr.arpa	udp
US	8.8.8.8:53	103.169.127.40.in-addr.arpa	udp
US	8.8.8.8:53	15.164.165.52.in-addr.arpa	udp
US	35.190.80.1:443	a.nel.cloudflare.com	udp
US	8.8.8.8:53	240.197.17.2.in-addr.arpa	udp
US	8.8.8.8:53	22.236.111.52.in-addr.arpa	udp
US	8.8.8.8:53	00917082-71e9-498e-8343-00c3df06b798.prmutv.co	udp
US	8.8.8.8:53	ib.adnxs.com	udp
US	8.8.8.8:53	config.aps.amazon-adsystem.com	udp
US	8.8.8.8:53	script.4dex.io	udp
US	8.8.8.8:53	edge.quantserve.com	udp
US	8.8.8.8:53	live.primis.tech	udp
US	8.8.8.8:53	aax.amazon-adsystem.com	udp
DE	37.252.171.149:443	ib.adnxs.com	tcp
US	35.241.9.51:443	00917082-71e9-498e-8343-00c3df06b798.prmutv.co	tcp
FR	52.84.174.40:443	config.aps.amazon-adsystem.com	tcp
US	104.26.9.169:443	script.4dex.io	tcp
FR	52.222.201.51:443	live.primis.tech	tcp
DE	91.228.74.166:80	edge.quantserve.com	tcp
US	8.8.8.8:53	api.permutive.com	udp
US	18.245.175.156:443	aax.amazon-adsystem.com	tcp
US	34.107.254.252:443	api.permutive.com	tcp
US	34.107.254.252:443	api.permutive.com	tcp
US	34.107.254.252:443	api.permutive.com	tcp
US	8.8.8.8:53	cdn.permutive.com	udp
US	8.8.8.8:53	rtb.openx.net	udp
US	8.8.8.8:53	prebid.media.net	udp
US	8.8.8.8:53	exchange.kueezrtb.com	udp
US	8.8.8.8:53	htlb.casalemedia.com	udp
US	8.8.8.8:53	hb.yellowblue.io	udp
US	8.8.8.8:53	bidder.criteo.com	udp
US	8.8.8.8:53	mp.4dex.io	udp
US	8.8.8.8:53	tlx.3lift.com	udp
US	104.17.118.17:443	cdn.permutive.com	tcp
US	104.26.9.169:443	script.4dex.io	tcp
US	35.186.253.211:443	rtb.openx.net	tcp
US	8.8.8.8:53	cadmus.script.ac	udp
US	8.8.8.8:53	rules.quantcount.com	udp
NL	178.250.1.8:443	bidder.criteo.com	tcp
US	104.18.34.178:443	mp.4dex.io	tcp
FR	18.244.28.121:443	hb.yellowblue.io	tcp
DE	18.157.230.4:443	tlx.3lift.com	tcp
US	137.184.104.226:443	exchange.kueezrtb.com	tcp
US	172.64.151.101:443	htlb.casalemedia.com	tcp
US	34.120.63.153:443	prebid.media.net	tcp
US	104.18.22.145:443	cadmus.script.ac	tcp
FR	18.244.28.87:445	rules.quantcount.com	tcp
US	34.107.254.252:443	api.permutive.com	udp
US	8.8.8.8:53	apps.identrust.com	udp
US	8.8.8.8:53	m.stripe.com	udp
BE	104.117.77.184:80	apps.identrust.com	tcp
US	34.215.195.94:443	m.stripe.com	tcp
US	8.8.8.8:53	51.9.241.35.in-addr.arpa	udp
US	8.8.8.8:53	169.9.26.104.in-addr.arpa	udp
US	8.8.8.8:53	40.174.84.52.in-addr.arpa	udp
US	8.8.8.8:53	149.171.252.37.in-addr.arpa	udp
US	8.8.8.8:53	51.201.222.52.in-addr.arpa	udp
US	8.8.8.8:53	166.74.228.91.in-addr.arpa	udp
US	8.8.8.8:53	156.175.245.18.in-addr.arpa	udp
US	8.8.8.8:53	252.254.107.34.in-addr.arpa	udp
US	8.8.8.8:53	17.118.17.104.in-addr.arpa	udp
US	8.8.8.8:53	211.253.186.35.in-addr.arpa	udp
US	8.8.8.8:53	178.34.18.104.in-addr.arpa	udp
US	8.8.8.8:53	101.151.64.172.in-addr.arpa	udp
US	8.8.8.8:53	153.63.120.34.in-addr.arpa	udp
US	8.8.8.8:53	8.1.250.178.in-addr.arpa	udp
US	8.8.8.8:53	121.28.244.18.in-addr.arpa	udp
US	8.8.8.8:53	145.22.18.104.in-addr.arpa	udp
US	8.8.8.8:53	4.230.157.18.in-addr.arpa	udp
US	8.8.8.8:53	226.104.184.137.in-addr.arpa	udp
US	8.8.8.8:53	184.77.117.104.in-addr.arpa	udp
US	8.8.8.8:53	94.195.215.34.in-addr.arpa	udp
US	8.8.8.8:53	rules.quantcount.com	udp
GB	142.250.200.34:443	securepubads.g.doubleclick.net	udp
US	8.8.8.8:53	bb891d90933581ada70f63dd2e957747.safeframe.googlesyndication.com	udp
GB	172.217.169.65:443	bb891d90933581ada70f63dd2e957747.safeframe.googlesyndication.com	tcp
NL	178.250.1.3:443	static.criteo.net	tcp
FR	18.244.28.79:445	rules.quantcount.com	tcp
FR	18.244.28.120:445	rules.quantcount.com	tcp
FR	18.244.28.2:445	rules.quantcount.com	tcp
FR	18.244.28.87:139	rules.quantcount.com	tcp
US	8.8.8.8:53	tpc.googlesyndication.com	udp
US	8.8.8.8:53	226.179.250.142.in-addr.arpa	udp
US	8.8.8.8:53	65.169.217.172.in-addr.arpa	udp
US	8.8.8.8:53	3.1.250.178.in-addr.arpa	udp
GB	172.217.16.225:443	tpc.googlesyndication.com	tcp
US	8.8.8.8:53	gum.criteo.com	udp
NL	178.250.1.11:443	gum.criteo.com	tcp
GB	172.217.16.225:443	tpc.googlesyndication.com	udp
US	8.8.8.8:53	www.google.com	udp
GB	142.250.187.196:443	www.google.com	tcp
US	8.8.8.8:53	dnacdn.net	udp
US	8.8.8.8:53	ag.gbc.criteo.com	udp
US	8.8.8.8:53	gem.gbc.criteo.com	udp
FR	178.250.7.13:443	dnacdn.net	tcp
NL	185.235.87.173:443	gem.gbc.criteo.com	tcp
NL	185.235.87.234:443	ag.gbc.criteo.com	tcp
BE	2.17.196.137:443	www.bing.com	tcp
US	8.8.8.8:53	225.16.217.172.in-addr.arpa	udp
US	8.8.8.8:53	11.1.250.178.in-addr.arpa	udp
US	8.8.8.8:53	196.187.250.142.in-addr.arpa	udp
US	8.8.8.8:53	13.7.250.178.in-addr.arpa	udp
US	8.8.8.8:53	173.87.235.185.in-addr.arpa	udp
US	8.8.8.8:53	234.87.235.185.in-addr.arpa	udp
US	8.8.8.8:53	137.196.17.2.in-addr.arpa	udp
US	8.8.8.8:53	sync.kueezrtb.com	udp
US	134.122.117.207:443	sync.kueezrtb.com	tcp
US	8.8.8.8:53	js-sec.indexww.com	udp
US	172.64.149.180:443	js-sec.indexww.com	tcp
US	8.8.8.8:53	u.openx.net	udp
US	34.98.64.218:443	u.openx.net	tcp
US	8.8.8.8:53	eb2.3lift.com	udp
US	34.98.64.218:443	u.openx.net	udp
US	76.223.111.18:443	eb2.3lift.com	tcp
US	8.8.8.8:53	180.149.64.172.in-addr.arpa	udp
US	8.8.8.8:53	207.117.122.134.in-addr.arpa	udp
US	8.8.8.8:53	218.64.98.34.in-addr.arpa	udp
US	8.8.8.8:53	ads.yieldmo.com	udp
IE	18.200.48.33:443	ads.yieldmo.com	tcp
US	8.8.8.8:53	secure.adnxs.com	udp
NL	185.89.210.180:443	secure.adnxs.com	tcp
US	8.8.8.8:53	18.111.223.76.in-addr.arpa	udp
US	8.8.8.8:53	33.48.200.18.in-addr.arpa	udp
US	8.8.8.8:53	180.210.89.185.in-addr.arpa	udp
US	8.8.8.8:53	r.bing.com	udp
US	8.8.8.8:53	th.bing.com	udp
BE	2.17.196.137:443	th.bing.com	tcp
BE	2.17.196.137:443	th.bing.com	tcp
BE	2.17.196.177:443	th.bing.com	tcp
BE	2.17.196.177:443	th.bing.com	tcp
US	8.8.8.8:53	177.196.17.2.in-addr.arpa	udp
US	8.8.8.8:53	login.microsoftonline.com	udp
NL	20.190.160.14:443	login.microsoftonline.com	tcp
US	8.8.8.8:53	14.160.190.20.in-addr.arpa	udp
US	8.8.8.8:53	services.bingapis.com	udp
US	13.107.5.80:443	services.bingapis.com	tcp
US	8.8.8.8:53	ap.lijit.com	udp
IE	52.18.53.151:443	ap.lijit.com	tcp
US	8.8.8.8:53	80.5.107.13.in-addr.arpa	udp
US	8.8.8.8:53	0.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	151.53.18.52.in-addr.arpa	udp
US	8.8.8.8:53	image8.pubmatic.com	udp
GB	185.64.191.214:443	image8.pubmatic.com	tcp
US	8.8.8.8:53	214.191.64.185.in-addr.arpa	udp
US	8.8.8.8:53	167.154.64.172.in-addr.arpa	udp
US	8.8.8.8:53	secure-assets.rubiconproject.com	udp
US	8.8.8.8:53	github.com	udp
GB	20.26.156.215:443	github.com	tcp
GB	20.26.156.215:443	github.com	tcp
BE	104.68.78.171:443	secure-assets.rubiconproject.com	tcp
US	8.8.8.8:53	eus.rubiconproject.com	udp
BE	2.21.18.175:443	eus.rubiconproject.com	tcp
US	8.8.8.8:53	171.78.68.104.in-addr.arpa	udp
US	8.8.8.8:53	avatars.githubusercontent.com	udp
US	8.8.8.8:53	github.githubassets.com	udp
US	185.199.108.133:443	avatars.githubusercontent.com	tcp
US	185.199.108.154:443	github.githubassets.com	tcp
US	185.199.108.154:443	github.githubassets.com	tcp
US	185.199.108.154:443	github.githubassets.com	tcp
US	185.199.108.154:443	github.githubassets.com	tcp
US	185.199.108.154:443	github.githubassets.com	tcp
US	185.199.108.154:443	github.githubassets.com	tcp
US	8.8.8.8:53	github-cloud.s3.amazonaws.com	udp
US	8.8.8.8:53	user-images.githubusercontent.com	udp
US	8.8.8.8:53	camo.githubusercontent.com	udp
US	8.8.8.8:53	token.rubiconproject.com	udp
US	185.199.108.133:443	camo.githubusercontent.com	tcp
NL	69.173.156.149:443	token.rubiconproject.com	tcp
US	8.8.8.8:53	175.18.21.2.in-addr.arpa	udp
US	8.8.8.8:53	133.108.199.185.in-addr.arpa	udp
US	8.8.8.8:53	154.108.199.185.in-addr.arpa	udp
US	8.8.8.8:53	149.156.173.69.in-addr.arpa	udp
US	8.8.8.8:53	collector.github.com	udp
US	140.82.113.21:443	collector.github.com	tcp
US	185.199.108.154:443	github.githubassets.com	tcp
US	8.8.8.8:53	csm.nl3.eu.criteo.net	udp
NL	178.250.1.25:443	csm.nl3.eu.criteo.net	tcp
US	8.8.8.8:53	api.github.com	udp
GB	20.26.156.210:443	api.github.com	tcp
US	8.8.8.8:53	25.1.250.178.in-addr.arpa	udp
US	8.8.8.8:53	21.113.82.140.in-addr.arpa	udp
US	8.8.8.8:53	210.156.26.20.in-addr.arpa	udp
US	8.8.8.8:53	raw.githubusercontent.com	udp
US	185.199.108.133:443	raw.githubusercontent.com	tcp
N/A	127.0.0.1:9050		tcp
N/A	127.0.0.1:55734		tcp
CA	198.96.155.3:5001		tcp
AT	86.59.21.38:443		tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5	612a6c4247ef652299b376221c984213
SHA1	d306f3b16bde39708aa862aee372345feb559750
SHA256	9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512	34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_5028_TQPAEHHHJDSEXCVC

MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5	56641592f6e69f5f5fb06f2319384490
SHA1	6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256	02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512	c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	3018d70b117925372c5d589b6f6f9e1e
SHA1	143d5e409b4cfa1a81a39d1fce2f18fd43faa181
SHA256	81c47792cf73df8630f3677c3e81786b215d380e069feb4f29b24dcee1fe14a2
SHA512	4d3fecd8a6174c01b4de3fac177637805d3215ff501532a4eea967699fd72d9f3e1d6e15cf2f93cbf93c8c3b6f891ce198bb3d135688e1b251ec024c0f1d8837

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5	46295cac801e5d4857d09837238a6394
SHA1	44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256	0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512	8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5	206702161f94c5cd39fadd03f4014d98
SHA1	bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256	1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512	0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5	ddc76a5d09d442a685a553aa25a8bc1b
SHA1	0a0b41c41c9341b77518cbf968f5034712476cff
SHA256	a6902ecf53502054ef92c7f545f52076fa7c0ce666e929608af2c89017a804f3
SHA512	183804df4cdeae7d35b4b25775334931b832343b6874bf1f9b2ee091eda6ce4235796347dc181c6fc75a08b6d79e033dab92ece3e30a49c2feb94b1cdfaa35b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	6afe5b643034e8834a080eac5309ceda
SHA1	c9830c0296b2ea4e9db3cb54af490f529b4d7397
SHA256	23a5d9afce13b84015d3debae74ba11c89f715ed345a129adb1d506b93e86da0
SHA512	e09a6a83afd87327ef44d07983e4500dfd92168b9ff3d0b895772597c5443fd9c71fd36e39b4913298e838b2c616463f1205985d2cd4e1f96284da520bdabd15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5	c8bbbae46b73cb2a30e2c3c604a42e16
SHA1	02604b186f250ce62e3ec7f4eebddf0dff857969
SHA256	65872424e1b845d1d30984364d051645592fe2d5bd606572566f0ba481e0b39e
SHA512	c511fd61d905394a6798d59c9127767e109b7df383eacbb29e7177915e507aedf68e036b369ce2eadf04754270b9e6544f403bb9dc6639c64274b6ba3cbc8698

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5	cfebdbd859b111cf169730d6bb678bd4
SHA1	c3da5008aabeb46d2cb99774db9c1c57a76f7cf8
SHA256	b348490ed6aa7d14096a8aa67beec6c6739bd947b5fd7b63ae7e7349de183d5d
SHA512	353dc0ac9e600031d2f9226fcdcb5958df9bcd2fcb81a777108e88c48d9063540f96da3b3323f848050ebdcea762d2874df0b10422fb5905cbefca01f7d28973

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	497b670ccb08d9fbc72ddd4e3b6e74e1
SHA1	732129402a33526974234ae63fdb7a53750a944b
SHA256	6428ea0b14866d46a40cf3b5932e0a9bdbc089ec1d7f5c10abcd174efdacd3a5
SHA512	d6194281b4ee99d6cea4953224b362a4cb0df5b5941993e9f232da4b955aea80f0411e6066fba62c6036c352105d2c203da6e324e1e5d2bdbf9a062a8d892f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590016.TMP

MD5	6f87f3a29ac39af69943f038e78061fb
SHA1	14f3e345dafa50eb43273353aa1e8ce92c4d5803
SHA256	bc5589ee1246bd063463ffb46a1e3966b08aa85c3e9119a101c1aaacedbadb8d
SHA512	91f5385588cdfd46d9fe4cec9cf18daeae30aec3d1b7d93c76b176b0e79a269251c7e032157f00432b5e4b987d46dfe2003ab98cdc84d2d104b0f8fe4d04dc2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	8ec25b7a6eab0b0eabd8002232f8d13d
SHA1	3e95f3a0f63fd502883cae1e6f1d0519b8c83504
SHA256	530f4835708d9590141ab72ee506b7fca5c1b22abc425c6de95c5120cdee828d
SHA512	4d2e561b668b1262b12c55de5f215733ff1030993bbfc42dd32df9e34aa863791ef888f585fd7eecac7e92b28d736b79cbebd1cb7370b9095e0e71005286732b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	a9622a680f6e85f18afaba60bfb99f85
SHA1	071430e329e947fb5c7319a277903574f444607d
SHA256	853cdd00388016f9c9a4c361e20d9e6548599f4e41577c79bbd8f10ba7b7e2ef
SHA512	f5358e64c8ff6623b9dbcf15c9f00e308e81910a168a563a486905407bf04f8c25ef7a2a68636de5af412079a1f798f9c77c25c28020c58251e658e7011f4732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	f8419a175ebaa4722c5f99511443e298
SHA1	c6a6c14e4af5604de1e26f76fc884c5c8d6e3c13
SHA256	fae6e3a76a2b267e96d3fba077cb4c3a405e80f70a96de9ccc5d040e01086b15
SHA512	3c9afc92528f00ad60b94791688f7195f8ab90a4122c6a2b590bc832a9c6b7ebea82a0f28c7cde1869dcef8111e23c59e232e2b0e9ae4ba31b5363bdcb0a20d2

C:\Users\Admin\Downloads\Unconfirmed 124049.crdownload

MD5	84c82835a5d21bbcf75a61706d8ab549
SHA1	5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512	90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5	cc623663bca91359947654f794485769
SHA1	bef4638790c6fb0729da1a606dcd4553bfe742d4
SHA256	3d330f0c08b843ac24f90a0a54ba17ada640439d3b4ea74e723927304b49dc76
SHA512	bb4eb1e1af8f60336729d1eb65cc664720fbe4ce8736bcb8e430c0371c01ed727a56887a68d734afe39f83c377629bfc34253e86976a33f4f3725f1adc9bc68d

C:\Users\Admin\Downloads\msg\m_finnish.wnry

MD5	35c2f97eea8819b1caebd23fee732d8f
SHA1	e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256	1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512	908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/5200-674-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\b.wnry

MD5	c17170262312f3be7027bc2ca825bf0c
SHA1	f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256	d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512	c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\msg\m_russian.wnry

MD5	452615db2336d60af7e2057481e4cab5
SHA1	442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256	02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512	7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

C:\Users\Admin\Downloads\msg\m_romanian.wnry

MD5	313e0ececd24f4fa1504118a11bc7986
SHA1	e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256	70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512	c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

C:\Users\Admin\Downloads\msg\m_portuguese.wnry

MD5	fa948f7d8dfb21ceddd6794f2d56b44f
SHA1	ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256	bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512	0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

C:\Users\Admin\Downloads\msg\m_polish.wnry

MD5	e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1	3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256	519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512	e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

C:\Users\Admin\Downloads\msg\m_norwegian.wnry

MD5	ff70cc7c00951084175d12128ce02399
SHA1	75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256	cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512	f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

C:\Users\Admin\Downloads\msg\m_latvian.wnry

MD5	c33afb4ecc04ee1bcc6975bea49abe40
SHA1	fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256	a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512	0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

C:\Users\Admin\Downloads\msg\m_korean.wnry

MD5	6735cb43fe44832b061eeb3f5956b099
SHA1	d636daf64d524f81367ea92fdafa3726c909bee1
SHA256	552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512	60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Downloads\msg\m_japanese.wnry

MD5	b77e1221f7ecd0b5d696cb66cda1609e
SHA1	51eb7a254a33d05edf188ded653005dc82de8a46
SHA256	7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512	f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Downloads\msg\m_italian.wnry

MD5	30a200f78498990095b36f574b6e8690
SHA1	c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256	49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512	c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Downloads\msg\m_indonesian.wnry

MD5	3788f91c694dfc48e12417ce93356b0f
SHA1	eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256	23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512	b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Downloads\msg\m_greek.wnry

MD5	fb4e8718fea95bb7479727fde80cb424
SHA1	1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256	e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512	24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Downloads\msg\m_german.wnry

MD5	3d59bbb5553fe03a89f817819540f469
SHA1	26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256	2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512	95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Downloads\msg\m_french.wnry

MD5	4e57113a6bf6b88fdd32782a4a381274
SHA1	0fccbc91f0f94453d91670c6794f71348711061d
SHA256	9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512	4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Downloads\msg\m_filipino.wnry

MD5	08b9e69b57e4c9b966664f8e1c27ab09
SHA1	2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256	d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512	966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\Downloads\msg\m_english.wnry

MD5	fe68c2dc0d2419b38f44d83f2fcf232e
SHA1	6c6e49949957215aa2f3dfb72207d249adf36283
SHA256	26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512	941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Downloads\msg\m_dutch.wnry

MD5	7a8d499407c6a647c03c4471a67eaad7
SHA1	d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256	2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512	608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Downloads\msg\m_danish.wnry

MD5	2c5a3b81d5c4715b7bea01033367fcb5
SHA1	b548b45da8463e17199daafd34c23591f94e82cd
SHA256	a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512	490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Downloads\msg\m_czech.wnry

MD5	537efeecdfa94cc421e58fd82a58ba9e
SHA1	3609456e16bc16ba447979f3aa69221290ec17d0
SHA256	5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512	e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Downloads\msg\m_croatian.wnry

MD5	17194003fa70ce477326ce2f6deeb270
SHA1	e325988f68d327743926ea317abb9882f347fa73
SHA256	3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512	dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry

MD5	2efc3690d67cd073a9406a25005f7cea
SHA1	52c07f98870eabace6ec370b7eb562751e8067e9
SHA256	5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512	0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry

MD5	0252d45ca21c8e43c9742285c48e91ad
SHA1	5c14551d2736eef3a1c1970cc492206e531703c1
SHA256	845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512	1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Downloads\msg\m_bulgarian.wnry

MD5	95673b0f968c0f55b32204361940d184
SHA1	81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256	40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512	7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Downloads\c.wnry

MD5	93f33b83f1f263e2419006d6026e7bc1
SHA1	1a4b36c56430a56af2e0ecabd754bf00067ce488
SHA256	ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4
SHA512	45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

C:\Users\Admin\Desktop\@[email protected]

MD5	7bf2b57f2a205768755c07f238fb32cc
SHA1	45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256	b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512	91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\@[email protected]

MD5	7e6b6da7c61fcb66f3f30166871def5b
SHA1	00f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA256	4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512	e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	47e54127cb11f586ebf68207c2c68075
SHA1	22fe2b08521f4a2e95e6d6194b107bc635e76d73
SHA256	ef0bced95ca3fc321d2a11db35dc9e8d02c9a7120286d37e3699bae6374187e1
SHA512	ce038830e428b2babb178ec61b46795932c9ac077c31569bd78409ebbed3793a88d220f1901f59a4ed363a63828313c0aeee1f891aa7d3aee08fda41e3520d4b

C:\Users\Admin\Downloads\t.wnry

MD5	5dcaac857e695a65f5c3ef1441a73a8f
SHA1	7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256	97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512	06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5	4a5d390d9a943a52547efe1e128a7e2d
SHA1	3541220f86ca76701a8878dd8b8df13b8cf59688
SHA256	6f75fa3910d8e8b91c7043fddf016748de985869ba20bf56710926309b717adb
SHA512	47573e17c87e5f255009c7cbf21c1e320723252f0d02abbee8a71dff75f1c4fcee73a419708eda8f526747fe437c5006e8dd73f6fd62438426fdadf0981955b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5	ae21c7bac2e718d247dfa615e82d4b3d
SHA1	ba73125c00141ef96b7594becacb54f83de03154
SHA256	2f483e453905c3a5d6ea052ceed2f584809cf5af4a4a80a2b7bc6bb29b46eeea
SHA512	3623a493d4a640e7ff74008402398937bdaee739b275f40fc415316523b0fdc1fce03cae6b38e38a3a70361b0c3173d77542071b3fc58243d63645046e7a9d70

C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

MD5	fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1	53912d33bec3375153b7e4e68b78d66dab62671a
SHA256	e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512	8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/4748-2248-0x0000000073CA0000-0x0000000073D22000-memory.dmp

memory/4748-2251-0x0000000073BC0000-0x0000000073BE2000-memory.dmp

memory/4748-2252-0x0000000000A20000-0x0000000000D1E000-memory.dmp

memory/4748-2249-0x0000000073920000-0x0000000073B3C000-memory.dmp

memory/4748-2250-0x0000000073BF0000-0x0000000073C72000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 02:02

Reported

2024-05-31 02:04

Platform

win7-20240419-en

Max time kernel

93s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4382-melon.html

Signatures

Enumerates system info in registry

Description	Indicator	Process	Target
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A

Modifies Internet Explorer settings

adware spyware

Description	Indicator	Process	Target
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f6f6854564daecda338af9ddd8b61d363311edf0ba685f4d878021fe97a7d970000000000e8000000002000020000000ce7570e64f8e89cf066768eede144ccd4c999099ba608a888fbcd1a12083efbd200000003498cd5537aa54f058d49e064c9a430d2f8d00283e10db74d65657fb00e72316400000002dede26a283433b157f107685a20326c70fddbf1ba0970bf03f026e056d119bc643fb3f1736bc33f397aace9771b3ce898aec6b65f63368e19f91e7690cbca66	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000b5255b676c5d9e81e957d4a55240a09da1b95cb2da095d9a244d1d52a0147e2f000000000e8000000002000020000000ef781ac8fd78f0ec6799db2bfc2886cd283c8312d5dd8dafebaea3fe1133a59d900000008c0ba63e836677dd9222d2d151e3efd0d9cab66580e6c1c47ca76ce1991fa341b41edfd57c19b62bbfdc2c704baefdbce126af678b1ce77c706ba40c5e80b71bb2f582ab3ca62c7c77f2ade423c8a56845aab9ac139c52b2775e378b825ea4cc0f04f02d03f53a36a76f249ebd11ac7dba1c72c3ec267fde7dcbdfb24e85b747faf1c481e03df5c9d786d5efde5887c74000000074430e957d8e5b5d3c8f6dd7456f8e5df50ceb93d6a49ce08f81b673df91ea950944719719e7337d4b36639a76a429071b287c92a3ddb6a582c992cfe78795dc	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CDFA3831-1EF1-11EF-B781-461900256DFE} = "0"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\MINIE	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20aeeba3feb2da01	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423282804"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	C:\Program Files\Internet Explorer\iexplore.exe	N/A

Suspicious behavior: EnumeratesProcesses

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
Token: SeShutdownPrivilege	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A

Suspicious use of SendNotifyMessage

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A
N/A	N/A	C:\Program Files\Google\Chrome\Application\chrome.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A

Suspicious use of WriteProcessMemory

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4382-melon.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:406541 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5c59758,0x7fef5c59768,0x7fef5c59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1464 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3608 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2472 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1284,i,3639460183253784889,13568454567341938539,131072 /prefetch:8

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	cdn.jsdelivr.net	udp
US	8.8.8.8:53	kumo.network-n.com	udp
US	8.8.8.8:53	pfps.gg	udp
US	8.8.8.8:53	cdnjs.cloudflare.com	udp
US	8.8.8.8:53	cdn.pfps.gg	udp
US	8.8.8.8:53	js.stripe.com	udp
US	172.67.136.2:443	cdn.pfps.gg	tcp
US	104.21.78.167:443	cdn.pfps.gg	tcp
US	104.21.78.167:443	cdn.pfps.gg	tcp
US	172.67.136.2:443	cdn.pfps.gg	tcp
GB	143.244.38.136:443	kumo.network-n.com	tcp
US	172.67.136.2:443	cdn.pfps.gg	tcp
US	151.101.1.229:443	cdn.jsdelivr.net	tcp
US	172.67.136.2:443	cdn.pfps.gg	tcp
US	104.17.25.14:443	cdnjs.cloudflare.com	tcp
GB	143.244.38.136:443	kumo.network-n.com	tcp
US	172.67.136.2:443	cdn.pfps.gg	tcp
US	104.17.25.14:443	cdnjs.cloudflare.com	tcp
US	172.67.136.2:443	cdn.pfps.gg	tcp
US	151.101.1.229:443	cdn.jsdelivr.net	tcp
US	18.245.175.7:443	js.stripe.com	tcp
US	18.245.175.7:443	js.stripe.com	tcp
US	8.8.8.8:53	apps.identrust.com	udp
US	8.8.8.8:53	apps.identrust.com	udp
BE	104.117.77.187:80	apps.identrust.com	tcp
BE	104.117.77.187:80	apps.identrust.com	tcp
US	172.67.136.2:443	cdn.pfps.gg	tcp
US	172.67.136.2:443	cdn.pfps.gg	tcp
US	8.8.8.8:53	x2.c.lencr.org	udp
BE	2.21.17.29:80	x2.c.lencr.org	tcp
BE	2.21.17.29:80	x2.c.lencr.org	tcp
US	151.101.1.229:443	cdn.jsdelivr.net	tcp
US	104.17.25.14:443	cdnjs.cloudflare.com	tcp
US	8.8.8.8:53	windows.microsoft.com	udp
GB	2.22.102.181:443	windows.microsoft.com	tcp
GB	2.22.102.181:443	windows.microsoft.com	tcp
US	8.8.8.8:53	www.microsoft.com	udp
US	8.8.8.8:53	www.microsoft.com	udp
GB	2.22.102.181:443	windows.microsoft.com	tcp
GB	2.22.102.181:443	windows.microsoft.com	tcp
GB	2.22.102.181:443	windows.microsoft.com	tcp
GB	2.22.102.181:443	windows.microsoft.com	tcp
US	8.8.8.8:53	support.microsoft.com	udp
BE	2.21.16.124:443	support.microsoft.com	tcp
BE	2.21.16.124:443	support.microsoft.com	tcp
US	8.8.8.8:53	www.google.com	udp
GB	142.250.187.196:443	www.google.com	tcp
US	8.8.8.8:53	apis.google.com	udp
GB	142.250.200.14:443	apis.google.com	tcp
US	204.79.197.200:443	ieonline.microsoft.com	tcp
US	204.79.197.200:443	ieonline.microsoft.com	tcp
US	8.8.8.8:53	play.google.com	udp
GB	142.250.179.238:443	play.google.com	tcp
US	204.79.197.200:443	ieonline.microsoft.com	tcp
N/A	224.0.0.251:5353		udp
GB	142.250.187.196:443	www.google.com	udp
US	8.8.8.8:53	content-autofill.googleapis.com	udp
GB	142.250.187.202:443	content-autofill.googleapis.com	tcp
GB	142.250.179.238:443	play.google.com	udp
US	8.8.8.8:53	encrypted-tbn0.gstatic.com	udp
GB	142.250.178.14:443	encrypted-tbn0.gstatic.com	tcp
GB	142.250.178.14:443	encrypted-tbn0.gstatic.com	tcp
US	8.8.8.8:53	id.google.com	udp
GB	172.217.169.35:443	id.google.com	tcp
US	8.8.8.8:53	github.com	udp
GB	20.26.156.215:443	github.com	tcp
GB	20.26.156.215:443	github.com	tcp
US	8.8.8.8:53	avatars.githubusercontent.com	udp
US	8.8.8.8:53	github.githubassets.com	udp
US	185.199.108.133:443	avatars.githubusercontent.com	tcp
US	8.8.8.8:53	github-cloud.s3.amazonaws.com	udp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	8.8.8.8:53	user-images.githubusercontent.com	udp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
GB	142.250.187.202:443	content-autofill.googleapis.com	udp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.108.133:443	user-images.githubusercontent.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	185.199.109.154:443	github.githubassets.com	tcp
US	8.8.8.8:53	google.com	udp
GB	142.250.200.14:443	apis.google.com	udp
GB	142.250.178.14:443	google.com	tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab15B4.tmp

MD5	29f65ba8e88c063813cc50a4ea544e93
SHA1	05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256	1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512	e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar15D7.tmp

MD5	435a9ac180383f9fa094131b173a2f7b
SHA1	76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256	67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512	1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5	3e5809e1878d55bff88402578bb91f10
SHA1	d60b323d34b126c7393a952badb161ecf766dc22
SHA256	d4702dc0e67875ca0ef2c64692ba098727840986a68a91614f8ba801cbb459ba
SHA512	4fad25e3d832dff7172346f8af3475bd3435e26bc6fbeea1526056484bdcf67ad89c848d1f5d19cd9687512a214e8af4bb2b58eaa79f55a2077b2b512f29328a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5	103272b7a658c43ae27fc825e78357cf
SHA1	e741ef843fb2918683f66402f97415d891f60d05
SHA256	ac84152460a7f44be0414eb98e50156dc616d7cdf11238cebf3120a89ae1abcb
SHA512	6b459d6d9b7f6953c64b85aeb516c3df18ea4bb5824ca38d2b4fd19171cdd25821b3429e1e9521af9a12dc490c942a877a3e2a6d4641c13664d41d68982bd89a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5	bbda56134b71cd28c8eca64d81db7017
SHA1	15d19ef9fe2e8ce40e009cd80347a6d8a090c300
SHA256	22d1122d8742dde91ffa3fb39a1fcf3c03b5c527498ba63f14430922f6d3232a
SHA512	a5dd0baa597080f58a6ebfa714f5f2df448c9d6aa3bbad159ccfb857edfe637003ba1663cafd456c1f6677d04d592fd0f689c30e6e816d7297a63ad56e4f97aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5	49aebf8cbd62d92ac215b2923fb1b9f5
SHA1	1723be06719828dda65ad804298d0431f6aff976
SHA256	b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512	bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar16A6.tmp

MD5	4ea6026cf93ec6338144661bf1202cd1
SHA1	a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256	8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512	6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	97bc29058cd5ad46b356d9c606e658c0
SHA1	f5557f68286b9b033088cc9e8ca15baefbbb1646
SHA256	82d1ee6e95f31d44f5fbf7c1e5bde3885e74c532735da6d3cb9f14079e1604ee
SHA512	e3762eafbbeeae987b4307f0fc423d725e14596a4cd216eead00c3217ea96247521ff1ca83f6333f96fdd8be9ed7dd8809531b8997f0a4865b5aa6c143697985

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	f6daae25a844cd593093900c029bfa49
SHA1	d36ea122612c6f87e384de90bd704b4268582df1
SHA256	2bf3101fcef8c1f604169b474c6b95421211734e56a8986bc9a4ca8314dc3c32
SHA512	14b6f89687cb039d527e12547dcc999c54fe7a00344ea128e5548766b3db2f5d84fef717afb5b2a215d827383f2d9dd2e139bc997db03ea0c1b0d6f72ad93a47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5	fe34441c46337c2bbbc093a8029df8e9
SHA1	9594457c3fbf5d9d7a00055339ac7bc4907d0c4f
SHA256	41e0a5442072151f9a1076d1f0e63d72e2a75a4a3a4ca4f4599c418ca22fbbb1
SHA512	dc48371b0edde5b696702986940b5b3d55a532d9d313fba4e91a0f089ecd59f554a834cac6a9fbf78f12fc8989744e5a202542643c3e4875ee3b25e1f24f11c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	820c57e7ffe69e17ef410c0c6461d4e4
SHA1	e5d04820b0b415974d8636a0a7b433272ebd4bac
SHA256	197bfabcd51ecc27a8c6706b0431ed2e103e8a7259c1c71e1e00ed511715af35
SHA512	fc98831de3653f4576711309221d25cb4bda095a140797a6efb2130f5b627603bdb7c4221fe81ca611c94c6c63727ff414872965fcd4f322389d417e28de5042

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	bc9866469138769e07fd6b8574a55426
SHA1	4127d4fd2cd261012df2c64e7483bd0255fa01eb
SHA256	876bfb8f24cf51dbabd4615b6a05a191ae31735f79c6e8530daa22770f23555e
SHA512	d157fa9ced9b48151337f10758204e6eaf98a3da8e75c592450e9fccd66302e9bb1513dcd96cf77489ee08f9de96fa1dd3fbe69f96a703ec83fe7bc41aff7566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5	8202a1cd02e7d69597995cabbe881a12
SHA1	8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256	58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512	97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5	c5dfb849ca051355ee2dba1ac33eb028
SHA1	d69b561148f01c77c54578c10926df5b856976ad
SHA256	cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512	88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	56c25749cceb5c345650a257cd440875
SHA1	842d068c76dbe56a4db1c5cb130fa086220a49e1
SHA256	5e1d9292b4a4308e10035be055ec6bfc3ce0d8244ae3b831a08ed1d221ecb9e1
SHA512	e878732e3ca38548bda0704fd6fa2fe514116b4fa94b6e294fb9a894890ade47c0b030f728da14e50e0acbe13ebca2838faa83fae167ef0c589a6ccf0a7cdeb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5	4691f748c3d54eab4f2670a73000f9dd
SHA1	fc749a482c272ea989f1c971ede445a8e74b561f
SHA256	f897e38ec0807ce65d20c232be195d9934de48090e8a388cb750f580852c2afc
SHA512	c114878e4664b542fe45af11d6eebf8ae08a8b0c2122aa1216815a8a019e8e157648c9daa0b060aa8bbae63605df32b0a21412b7ce2a5795e7338083fbbe6e40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	2b9a55d3e40d09be3cc41cf9405a9eef
SHA1	d90acc6fca84696a498b8ab3bd9155ef0deaaf62
SHA256	c04bee97eda4c78f873525fc83181324c148b287e22721f9ade435238dfbfe89
SHA512	37c6b2508f9ec4427a23e302b923a8eb527c6dea0193ff303d7063ef4789f20c4643a38a16c05c0bff443d7df640813aa60ff1116f842a91cc38fd25e83b5578

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	f4c9bf9cbf874b616e062b9b7f7537a0
SHA1	08ff5f2e18310d59a6307b94628868cd092f4a6e
SHA256	04e055f2f369a030921676d4ca76b80cb18294d71ddd4736ef0b29810724b607
SHA512	19a5838f5a5e9d484629f3dd611fcf6ff6aa93580f80f0e6d53f069366f4b14eaaabea8ec2a9a93e48b0d3233f3cda90db664dedfe4cd493440dddc03813af2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	fbdabea25c89ea29105468ff47db2f75
SHA1	6549f784475f047496023a7739d1f5321f5ddb99
SHA256	e57749782c7e22756d038d96da792b6590a1c0fb0bfeb8dea9284dd9dc46e1e5
SHA512	951a8b648f2d1cf4f6ba5bce4eb08c4d17f2591761f67547422ae4f05bf9052f14be5e2ef2cfff4a6ed6abff4a64a08395bd2c94c9b457a6eb720f1306ae81ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	a0183ac4ba504420b4ebd1be630bc4d4
SHA1	082096af0ce6efe17420c7d9e11bc105a5ac88bb
SHA256	6620f8887cddf79c6dd28434b3da6f56c350120308a3e05dcd91a466f27af96d
SHA512	ced81b8390ec918c47ae9ee36028fc3d2efb2e27a550fe459327f18a5e505d516bb65d5830a8fba90fcb466de723c5baa09e59ee6a0fd50f44f225a565fd2213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	1f1d7c166cfbced4fddd66e918873cb9
SHA1	78b0ee1bf2a37739e76c893b58f9e21dcd563b9c
SHA256	e3ca15495cbf45744c79ae5068ba8db27b02ddd155d40f05a7266ec6c115f752
SHA512	c109d6ee849cf8a3444573e3ea7ee1b02119e6bab49bfd33e1f54cf8f8605fbecef03b0d497ec54cbfbac23ad82aca6f5b014b373a42290ddfec4942b2bd8102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	d559aeb636ffef13b067f494a167bccf
SHA1	9daf569fe4cd186a29b5b98f1106fde5022eca53
SHA256	4743a49c0dc9265ccf969603073a7e1273be8569be2df02479b30b90ff104c26
SHA512	796757111e74197a1c3232d8889b9c79576ada619173430cbf41e41ac937e67d7872c25f88544d5266aa514519da423870ad78feca9bfd36d0753d4c05182ce0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	3099713bc5b8fd2b6ab54acadfb95727
SHA1	5432452524cc2d2baccc2ea0a6851793511b5ae3
SHA256	eb3d90b35411558d7116ec1a8c58a17fb3bbd0e16f2d5f7832d15e0047233906
SHA512	9bdf1fe335f6b78d50901c2a2d530ff98012e8696760410a980275c782a313f2097ee2e5feae8696b1ca25fda73145f22d98a399ca1239caf556b98dc51e8107

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	48c67e19cf49b9b1fdd021b4d10bbeec
SHA1	38b8af200736ae7c682753ab88afe89efeebfd91
SHA256	dc3bf0ee22480b11c5a720e4fdb79bd0fa33240feabd76c245b7a22a781b009d
SHA512	40bafacb87f484eea8150c568b7ec700dbe97761594e5b7f6015d528bbfba1801c8ca3370f77bceb4c30a3720fcb15ec319146aa02a3445cec9198000f5dadeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	18b5a17d99787ddb933c94b746263cff
SHA1	1dc33c68e267881408651496bec6bfe02a7dcf42
SHA256	e44b3800b00236ed7b045546986ef4196aac807e9c1f33e76e36b623ff612577
SHA512	e22ac1031020ed5f8f8fdd3377f0b3640695e7fcf21eb6ee92827b7f71db58a973f75a7a39139655a272e0b76eb8fd60373877bb8e165135daad147d03053dc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	e0c356c42cc1a7362b1e894b4eb1ece5
SHA1	8a749645bdc5caa7579827d21eb4e2b303fff576
SHA256	a743ed7022d1838c1e0b0d9ff1a1af254e936f07fa86b4fe936183261bd1fa89
SHA512	3c8d93a4c92f758d63c8ef5c7722c230a1df0e734aa587690e938843a8f00f569e724a0e750958e7fca291cda192ce1a216bbe23b056dbca82981b0748cdca3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	a19831ffd53081aeac8d05633ae0e6e8
SHA1	c3d7408cddccb86a6a644717ae0c3c02030611a4
SHA256	6806f3356553a904aa0b209fb16862f09a5ee19d6c7194cdfd0c696bd73e6d41
SHA512	a53e7af9d8b02d5761ec7fc29cdd75c2c759845c5e519430a1359886d8f5818b85f3c02d07487e46f26625f8174d6a22e5a2ce403312af8da795b96b1be3aa5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	ed82aa8ebb6057901b430c7ead607827
SHA1	fee9d4af31523b5512f4bc54c3701b7cfa58ca3c
SHA256	422bd454d0fa391b46196eeec148f8f95f7ef2261e29822500eb5fb0614e456a
SHA512	77aeb2cb8463ca9ee79c217647e2949097efa3fcab8edd96596e7535b57da56bc8f5f393ed7490d79b319d7fa8b679845270bad11f570e169813a05b88e2198b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	0c7925de7da1c8bb5d2bd81ff0c2ed6f
SHA1	c68ecb809816786f0e1281e102b877b858783ac2
SHA256	2bd0ee35750777dad9a28eb8b6005b6f5113d8175cb743f59414d97a34592726
SHA512	d6bb9b9d16c65aaf2b84aa46cc983b6abe2d121e28f6a1eb37fc570baac8aa658630ba4aeb03c9f30ff67ebeacadf1f866486c9000380c06a53ceb9e3a0b17df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	f4d393dccedce626365480cdcc53ade1
SHA1	59818e501bc2dc3feac9c07e188ef79cd2dc5876
SHA256	c76f47a40de6ce7da13ac2ca8e5afc8ec736065b30dcfa7bd2732b2e513afef8
SHA512	8930d7d0fbd2f8ed9c27f752c8dc7724de28961761677d7e4e497beba9ea431045a8ed0999f32dfdc0884ad76c9f76e48d98f2c4525a3b287f5af0a8fba131a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	42439cc10aa2db6ea05c9766bc7232a6
SHA1	c579d73601a49d46badaa0d9c752a662483c4ed4
SHA256	e0c4e09f9d3b48d713ba097bf1b2f8a7be11c229df63a9cfaeec54c217dd06a2
SHA512	bc48aff40c1b11f30c0414db63ff1d223d29dc0c192a741c12615e294892f3dd74f244b40e054756387c0664825ef6df7247f162ebdf11376919e5af53c881fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	25a5e75a6afc7f9df642c7a5184f0406
SHA1	43916e58cd8bbad210eab5bde87fdbf2c1c7aa54
SHA256	f556e650756fe128e8bdab9796f725f985a6c12b5844e7ff8a478131795db2c6
SHA512	d5e21e43c710291233fe4adbdd979b34d9aab5eab217b914d0d22d08790232a44414be1a4106cd03f251972686df2a192389b3b4112b7e51a73405c2b32bf69a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	8519f7499625382f32a08347d9c8e16f
SHA1	c86d98bb809de7aa0ea7569204161d5148b84643
SHA256	090b871c584916209a522e06a8524a9e8679af76b4d423669c8b0c4b3fe47c9e
SHA512	6c2640e9dd132304b6027f34726a9c11dec3a9d5d2514f7e75b9304f30bee220266b48346e83a66903bcc8bcce46d6eb924d3c091ffd7d1d696bc9bd90d30e0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	c7f2612e71fe69bf190f9a34882dd2ef
SHA1	da2eb4c7934452d2c31e16be94b2a76b87076a0a
SHA256	7760b28e19c06f2cb6a5e728fbed897af8e07031ea00f3c5a822fc8f5fc97977
SHA512	ca76de218a155afb322a1dcc215e31d7fc0b51fe588bf4e6f9c75da6a63a46eb96fabf3bbeb777a7a649f3c45b84ba0cb7759778413e5fb952b9900899ac90d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	6320f8d054a9419c6c04b9dff146afad
SHA1	c15efd6eb9ac6938af01501f97ad7ccb60a44d7b
SHA256	050012b445849b231c0f8704259abc3e7a52763adc29ecce0058409bb5832732
SHA512	740b6ed94dd4f7c76c39a1c6f5fbc99a725ea1775f09fcba09c33d3fd7a61ac45457f014f807b130fab8aa3b6d95966d09d81ed9f53f250235a53e353806092a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	cb82e29332dff1e9b77894f79bf80433
SHA1	c5ad79b12ca0a5ee445d33e630205784c8274a13
SHA256	eeaa00fc48710bdb6280630f6c1f7e678e58c29037299256e18381099f9d3bf1
SHA512	6af2c87ab2ee29e8f0760a6454399167625ea043c7a73898704467a225fb1b929d7041e4eb8f0cdf59952c77f3c7702f438da06f935d1154ae7ec8127aeb02ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5	5ed4eb20886fd56e608c5c5f2d24084c
SHA1	15f9a0f8a437c1239b46ed4fa8f19452f0e39ec0
SHA256	434c338d3639e9030e553ab1e6c69141abe73f55201d3f69e0ca6a0f316cb16d
SHA512	b071b26c2921f35dc014464d4941023f3525b7fab96ec66f3350537e90303d3f8a513106ccdb0ed041d9605ab545cc2b04d29f0ad40c9f6ed5fc41dd5444fb7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5	a266bb7dcc38a562631361bbf61dd11b
SHA1	3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256	df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512	0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	e62f18c6ab804061665f21813d84ebeb
SHA1	eeb92921db46e80e87b28122f404bcae667c1f21
SHA256	05d843367f7e77730746fe819bd63215580c0933c191601c7632a1b6c25b655b
SHA512	0d597e69734027217a7884cb36461021e6ff0896c86ad1b5cd6fbbcbdbba75b1633eb479f868c0d80d008ae0925fdbb0a43caa0194024fbc43627b8f445cb739

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	8c0e3eba9120856f79c9012cb4893ef9
SHA1	a0a17449c3117445862c616ed1370d6c6bc05cb5
SHA256	eb93a6566127c7f7c5e8d2ebf258cf136262e01851c940a644bf9a545e7ab3b5
SHA512	4e5958b3308087ec3b54eccf5ba764c8745c563e21031588cb4f5e8c2fc65b4c5753194445b97406087d5e6c2c81e1988a14620b7e0923d14ca60dc74f2891d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	d73b090cd76a32848438041d26147b1e
SHA1	a8d0959945e0ba04966949f73420c2c1bc286586
SHA256	6ca2d1eb177bcff619d09cfdd4de4e8fc90ac617c1e8582e1aa6138cce137906
SHA512	901cb5dc879dd6c293c285b4f2fff5b86fba6fb63bc56a86335c36387ea49c37d3d534bba99a9ca802ce502ca902c7c02e154759c18b5adc579881509bcb4211

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	58e733be86d5f64a61714361e3e9f47a
SHA1	81d5abbddb4221ead90cd58c464517d02b200f51
SHA256	5a05462fd0e9a769ac8abb0e46b286f45d42bae4708071ef7a308101de2d02fe
SHA512	bd37b8f2de12ad41d8eab4ce8508fa47737796d16307d8f113cb5b858f0a6cb3e9d48924d9d95d23ef0b7e181f8312d22a107b6c98f47304d25f059fd3888835

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	3549068d30f06754e4a4d71dedac181b
SHA1	e79916d9cadf88b867acb036de818d87a5484b79
SHA256	99f2b64a51fd485d901cba6d5904b2dace48468b8e47347a23184c4b8c3c6d97
SHA512	b90668b154f2ae3af563d35399ed1f076085528138ee43ec8815f4c9d9a0da735a2ed8544fc30c2cc45725d290d313268031b01b62208cc85c5b9a27dad9d0b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	eb54f06faf6d2522fa3b2bb90750e54f
SHA1	67b47e3b2cb4c160eadbfe15e38621e33c10d811
SHA256	1a823b99d0ffa47bb813d594b81c2f320f14017f60cd299243703e63b5effa17
SHA512	e2944e14b2419fcfca35fd5fb5174771bf9c84de5765d0da1378d675c98f3830752c12cdc1b770e980c4a8e18f51c75218df918d426ad1122c451f5d4a330a3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5	e4a68ac854ac5242460afd72481b2a44
SHA1	df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256	cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512	5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5	2c98a91ba365210fef40fa2324bb820a
SHA1	b02749eb73f7b5bd5c070f29ea7c32d746030e28
SHA256	269b5ded3364d12618f842e05b0a703a962d399202e6522861cadf263c2e292a
SHA512	00457907a1c8ff5e7de7846bd2184399e700b7b6b9c43c544a1d0ca89669b102ca115dc63b9f9acebf710644f9bc6a1a07f400780b5a6c44bbb9a4fee4f6492c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	dd2498e1bc1363554ac11e452d0322d5
SHA1	8b8a0ea41e1db2e1cdd10ef737f1ee7dfecda388
SHA256	7ecb602c5ffc1aaa9896d178ea873f92a69fcc02c8eaf58a26da078121f9da65
SHA512	5984048766022b75689fd4caaf575185590fd0adb6353eb147398aefd0cf66ae6b0e9574b3077f0b4e9305a93f8852cca914da849a685dd3ba7556b11996b276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	3728372461f489cac544d908f0c82187
SHA1	7840114cceb2bc6c329a8482e04c93be178e617b
SHA256	f84ae1264eb89ee3086487a21503478e2fb00f8faefbc7d3a699a5b3558d70dd
SHA512	88911212e18f467add090336b06053e00b994cd4bacd10913451eec319b9e512f72ad24b3dcbccb7b10fca4075e20f98d2c18375cb36aed0ae944cbd9ea961e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	22e8115e4e57728713264036eb60c30c
SHA1	fac48bfe051d99b185fe05f77e6a6b4da1b79217
SHA256	7b6e1f1c112f7e53a58d8761487e44ebc930430b804d45729b8b77a368d1a0f0
SHA512	9a6a176cfd47df9debe2489533439642d9b00f576173fab549c25e91a3222ea9b3e17143e26826d4c64f911b0935b04975c36809cc083ba4f765ce89213eca73

C:\Users\Admin\AppData\Local\Temp\~DF937BE38BE91387B0.TMP

MD5	4f4770bd654ae332cc997760f9240c53
SHA1	93ea8c78670c001b1925dceddd0a601151dae951
SHA256	a536e29445f87262e5da918642742c765a5cf89af434dce19f54b264ad3824f5
SHA512	d53c456b42df3155e92098ef532fe67ccc8621b78eb347c405d72bab5d22d558010004be9a0b046a7bcbd5b8130407603d0867b1cfd74aaa912ce16b3a73773f

\??\pipe\crashpad_300_KYGLBOVUNQIJIXLJ

MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5	18e723571b00fb1694a3bad6c78e4054
SHA1	afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256	8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512	43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5	ac89a852c2aaa3d389b2d2dd312ad367
SHA1	8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256	0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512	c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5	3de89a57f45e251d8fde2438800b7ab9
SHA1	0d51b6d0b00be5f5de536529d04bcb74d12f6671
SHA256	e9c9f087dc6b3adf0b3fa349e70be82165c6fed1e78d4fc2563668656a000ef1
SHA512	d4849e964d36f1ad796d508b42145609c5c437657a547ac06972c42229ca02143a19d986288e5c9fc6022d014adc493bc18585e5567bda76edfd354f2edb61c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686

MD5	c0e20388f49cdfab4fad44736cc47941
SHA1	e6c29c7f08caa432441eab53ff28ad8146aa08b6
SHA256	2738fd8e5ee95fe4f3a61cf4e731964e96affb6f9178f124c504417b7c30e7dc
SHA512	7eaf29ce9a2716d4ac7613b94fe619a4bd2a28bcd402c947d2815a2e58fd2ab688c13ff20c64b371bd183e51ce4e87e431ebfd45c16c12e146a46f506d4a4cb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686

MD5	480dfe0f700efc0c75e4b2ac062dfe0a
SHA1	346f7da6cbbb95e6aa55b87f1da38aa37d547ff1
SHA256	a1d6661bfc1c1f25a00a11cf1769f2405d21b712c7044607f8904c6fbfce4ff0
SHA512	e087b35ceee2524b7fdc6cee878a80292d3cfef94d3cfc374df13fd542981ecbee4920f5e2b394aba986a2578b16042b045521004739ab298827d4cad6e19aeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5	cb5db6f99235e8f6b34f7bd9122c24b5
SHA1	9b5097939ad3bc4f3b37a5dd9078f17dd04c2b11
SHA256	04ae2000b157a7edcf2826d0333a52d7b3b695e5c32d9b3ddf462fd1d95821e2
SHA512	f43a7d7cde7cb2fe04f22a9e6482a7773b2e3d40ed5c16c7a6e60d4c26d8259daeb77d5bb4df54378a110c41d05b90394328c70439cefc3928f1a5982f1cf1fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5	f50f89a0a91564d0b8a211f8921aa7de
SHA1	112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256	b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512	bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	6fb88ba5144887725f0e92283d9145c2
SHA1	70ca1dbf48a2f8441ac69280860fae4a8be077cc
SHA256	1d8f0cbae1a31d2e9ea80601644131be7fac7b054f73312ee80a5abadc0795e1
SHA512	c42902fc12f52e0fe96bdec5583c9d928ff12600d2cd2ccfa7d40bb90af71dcf533b49a665e129637db3df41166b1713cb3a58d4de1b268d63ff9e8ff5a92c2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	c2dc139e0a2e126ae1c3e8e22a30df59
SHA1	68f1e27878da61837f25533aef1e56cf83c6edef
SHA256	c3b091854cd46233d2efb46b1f3835510c3b6423c2e0c0ec5999848746a0f29c
SHA512	c55a959693371fc705d55c2cc76aa79743d9598a4575459309bb864f3b75ed2b1a9bf3440c983f925e809c5e4754e7aad1446863fc2c1a2c1f91851fb568feab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	4882476176b75cf1cb8963f5d52f2f23
SHA1	e425268f692d592d0e367c0c00cb9a1535cdbbc9
SHA256	0eb9b2dc9a84ad4d7e611f4c2350125bf45329e476b97999f9f24ae86b7aaf9c
SHA512	21be6c815fd843a5e39d087c414a21b6090ea1f97279a9b254921f6c172d9f5a323cc423d6bfae7d78ea017033431634552bdac4b99fde21e7709c4bb346c213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	3c9d254938048f7b32d3778830f17c86
SHA1	d3975c37cceeb2220c7d92ecdf389f3c73477e0f
SHA256	09f0b7a4a30a9e4bc3b22584fc757ac3cc9d2c13f89d00e38f6e88ede44286e6
SHA512	ca0e263a8692c0774b01c61f5460c319455c52194e4f3cb7394bbcb7a1d30ee2500e5ae008105c78cda9a4f555286be3ad250f57ab11015732e90c4c9c8bbb88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	1b40801352c13e20c8bacd7f87a9741d
SHA1	a9db689a0c8fd35a79a7c76ef22ecaa9492ffce0
SHA256	4bdb0e288c9292ecd9fdcde471a21eb9df3a7d3cec2d8c698816f8638b56c43a
SHA512	801eafb4b54ee2aab4b67fe60e7328d14f63aeef91dc2cc3a4d8664576826b2ef5a78afa27436d2bfd1cd877537f8e6a7be0ea173b1106901e5da107d9b90f7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	0f248a7196719fdfc5b0951b8fb4f5f8
SHA1	68759d4e51b146183891ac973ee1cb979a3493d5
SHA256	4a70190ea00af3a1864ee5d128f466df2310ab28a41310de9871eb89d88cdfd3
SHA512	f1091ef89fa0de356c74f5d46c7463c40cd8d9d61aed0f8d0b0b869d42fa3fb662c7604b6627e6165dbbe731ac0e9ef8507009e32a1c5ba64e6457e5caceea2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	fbd86ae3e4258a5e42ff56473e35372b
SHA1	a2ca439c0e0a8a7ef5476d5cd492ff04ddd2d0e8
SHA256	66db08fdaa7c14a32a43cd7da80e997e787e50942d23402ff83cdad42c3fc850
SHA512	bb993bced7f3ee2e36c756c5a595b3e88688f5c34d9f0c78e5f10c59a24392e118a5285b89b18cdb4983737310298d70da0888099ca19f704c8d4ada03a20a9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	b34d5c75f658aac883b18b48965afc4d
SHA1	f9aeda6d8177cd98dc448c934ae589ba764195bb
SHA256	10767d7cbbb8d1d5fd519f8514a26b4d7f7c0fdacdca7706a052200416ab411f
SHA512	eb75a8210a2b5a3f67874f11e0a03ca2824ed89aae317b2aa6badbbf95f417e118dd5dcec67abd64c0af889ec35e9ee0500ee078bae3429bcb6fc903d9ca794d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	0e0eb6ea564629da72d89872058b7b78
SHA1	a4eb628088c8b2dd79806935d393631968d05414
SHA256	cd1e545ac428db73c95f48f32ab718938c22908ed506bcae85e266eb88f9894a
SHA512	f96823a4ce90786ce619e83cbb9ba48b5fbb1ab241e34964f099359e69c5402ab658c7c74095d7d0f76553139fcddeca0b3f939b4bc3dcda4185d311b66b3cfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	dc4dbb34f8c65801e3c2176cb259a4f6
SHA1	ba4eea40fcf0a3f1f9643570e2664a64e33b616c
SHA256	2201edc1ddcb174c7f471c41378937424ac8fc2ffb05ba5525dc2ec5d14bec7f
SHA512	b1340ba428753810213b7c3db689b10ce586d32d5beb9108fffb0819a37c61581f6a20abf013038f92b8b2feee3793a54cd1f20437cacb9e604425f3bc604d8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5	aefd77f47fb84fae5ea194496b44c67a
SHA1	dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256	4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512	b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5	eee577418b300ddcfa2dfdcfdcd9644b
SHA1	269de2f851603cc913cbacba33a738d5a7dbe84b
SHA256	e12802650e2b443b7599201f35fae1a96ac155cbf887b9035748b2f1c9824112
SHA512	3d462ffec9e5b69fa933e60b411350706f21bf7d4f91586b02eba0f01d716e02b2a217bb982b996b429efd97b5ee9753e2d22de0a64b7e53cc57fd368d9b9523

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	9134ae665a07b1e3c5ccc2e8349d3e50
SHA1	c7948ca889ca5b66723542085ed7117074e7f5f3
SHA256	faa367aa01f24585d3a49271b95e2a3b47d18bc7d41a8c70f4545562796436c4
SHA512	85a6c28ceb023d4322ac91dafa2cd5e37cbc31921735dd2c2100ae4391aad183c760620da299f3e07d7708511801db0e4a3393f144f8066184f22865c0de23fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	543166a003367137fc9bb7b7722add5a
SHA1	eaa5831e221baddbdc6aadf55768d76af81f1447
SHA256	b0d7ef943be5e3eb099c526ae936a20c38d31e60719f4da6d8248f87c2710a5e
SHA512	c20fea9517e8df98faaa4cf15b09ab12e6be6dc34c4ea4165a2dc6282ccc155b93f9d408889c52e73f9ab33aaae2c95787c25c5756d3a8550d94142e1b8ee070

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	d1713257f582de4900bfcd97f4eb7664
SHA1	99097d256bab9427645abc7531f80e3111179d3d
SHA256	7a45c142319578edea58524b1aac9fb49a8aff66034f160532b757ad74ae2197
SHA512	c0d88be5c262219262868eb8f0f95a9f06333e78266be2a538c42b26c330dd69c6ba64b78a3adea05afe40b941d11d1a48b39ff02e564c48e91925e3c991095c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	ca46f13bcf882e70307935679add5516
SHA1	0726c7e9d29ca3c0af7fedf6a2a8aaa0571b339b
SHA256	0d1c7e50b3750ae2bba91bff518878dc8816102bbd36f6cd2ba4341531c44092
SHA512	b5e1c7643b3c63249324f907dad112283b043591a5e5ad6cf80c5e3204e898ecfcf38815bda7334efc6367a6a27cacafd457411701ba4dcf5691fb4c168b04a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	f605751680c8a70d6e80ae783eecb5c6
SHA1	ab02a37d6f3cc36efe400b8b0073161987eb8924
SHA256	1f4e2943df1361772e195101437399be9294cc199a57ab88245b58fd2625b6e1
SHA512	9d644df241fbe28e3d7a0edbc1629957bec4bf1320dc727336f0d15db6d963c674cedc744f083e9a2bf4832bb6f68998a821af2a2b9d049886463052c2960dd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5	9a0aa86d0fbcb8c2759554703725c1fe
SHA1	18ca439da814772f2d9f859e3ecab325ac9b8993
SHA256	e45701b60a702a0b024827fc4416980dcb58e9ecaa5857ba3b237ff4d1810d4a
SHA512	c1fea87890f9142cd6de7bb423a3f4038a9ba9d1e39bcb359b39829033f3ca3eadd8e835f6781f2409116de26f6e397c15a85b5cab356cd2d5217dd6994be99f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5	52cc49e2cb0f0920f4c12816552d30e4
SHA1	06e0d89003d3e286dc1d1009fffec391497c6999
SHA256	9f871f88aa369b2c9fccc996c31cc26ad650b2df3f44ca62a1b8a4733612faba
SHA512	8c903eb50e66c9836b01c0a412cdf16beaf4de2fd2e9be13833bb66230724a72d953b3d56f0e42a11e82ac8a369f72a4b38ee9cc9ebce65e7386022b6ab13169

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\935d3504-043b-40e7-bdd7-d1a3d52eb786.tmp

MD5	33c47566a0185d83f0df21431bb86f03
SHA1	e0687fc9fa0b7d39bae0cda694b1562295e4a611
SHA256	5394eb2c94352491f076eea762a2a91a34bcf8731399fd8661881823285ede7e
SHA512	8697066c33863a62e506829b2ac9ea8b79138f234fd61ff314d370c27fe0a90b38f716cf5aad4dc0c08bdb5dd248b4abc66d7d829b6364357af6b84b11791fdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b5c9d7ff-0e09-4177-a140-69fe24863aa9.tmp

MD5	c204a33e059060478c84dac96eb62d64
SHA1	6f63e39e080e6fe516a007f4d6ef729c1e23cd3b
SHA256	c8c89f75b54fce402fb3ad5b60a604a6ac38e1e6e98db49b714bc22b5ee7e6ba
SHA512	d55b1c0d5e207c7e54123e28d14dd96405011c32f71b806c1e47af733c8495fc1b27a0101ec4501ef5110e90bf2a4eb870d520d4a2cbc01ac95dcec5580e790b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5	7ab25ba6d946907386777626358dbbd7
SHA1	1d9bf3f369294f6827a9cb4e1556d292e24c2673
SHA256	70114a8e05e76149037da82f31b8cb79f0bb51fec2011c1068004e044aaf7a2a
SHA512	da67f8f226a0d3d6a2d5c58b3a4f7d55b011f517c7c4b0635611d3f2c9cef19e45484f4b026a58e09c02c90dcc8648a2d9a193b05d9da3fcc1d8f598d66e9731

Sample ID	240531-cf75lscc92
Target	4382-melon
SHA256	29c7f97f4a9706d883bca218a584b056f71e6ebf18929eb50e485fae2fe55993
Tags	wannacry discovery ransomware spyware stealer worm

Malware Analysis Report

2024-08-06 16:45

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files