Malware Analysis Report

2024-07-28 05:18

Sample ID 240603-w7km6seg3v
Target 54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf
SHA256 54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf
Tags
socks5systemz adware bootkit botnet discovery evasion link pdf persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf

Threat Level: Known bad

The file 54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf was found to be: Known bad.

Malicious Activity Summary

socks5systemz adware bootkit botnet discovery evasion link pdf persistence spyware stealer trojan

Detect Socks5Systemz Payload

Socks5Systemz

Modifies Shared Task Scheduler registry keys

Drops file in Drivers directory

Downloads MZ/PE file

Modifies Installed Components in the registry

Sets service image path in registry

Uses Session Manager for persistence

Unexpected DNS network traffic destination

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Checks installed software on the system

Enumerates connected drives

Installs/modifies Browser Helper Object

Modifies WinLogon

Writes to the Master Boot Record (MBR)

Checks for any installed AV software in registry

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Checks for VirtualBox DLLs, possible anti-VM trick

HTTP links in PDF interactive object

Enumerates physical storage devices

Unsigned PE

Kills process with taskkill

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Modifies Control Panel

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy service COM API

Suspicious behavior: LoadsDriver

Uses Volume Shadow Copy WMI provider

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Winlogon Helper DLL
T1547.004
Browser Extensions
T1176
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Winlogon Helper DLL
T1547.004
Defense Evasion
TA0005
Modify Registry
T1112
Pre-OS Boot
T1542
Bootkit
T1542.003
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Software Discovery
T1518
Security Software Discovery
T1518.001
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-03 18:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 18:33

Reported

2024-06-03 19:20

Platform

win11-20240426-en

Max time kernel

2683s

Max time network

2699s

Command Line

"C:\Users\Admin\AppData\Local\Temp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.exe"

Signatures

Detect Socks5Systemz Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Socks5Systemz

botnet socks5systemz

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\Drivers\ce4e31d7.sys C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
File created C:\Windows\System32\Drivers\klupd_ce4e31d7a_arkmon.sys C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Modifies Shared Task Scheduler registry keys

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ce4e31d7\ImagePath = "System32\\Drivers\\ce4e31d7.sys" C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_ce4e31d7a_arkmon\ImagePath = "System32\\Drivers\\klupd_ce4e31d7a_arkmon.sys" C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_ce4e31d7a_klbg\ImagePath = "System32\\Drivers\\klupd_ce4e31d7a_klbg.sys" C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_ce4e31d7a_klark\ImagePath = "System32\\Drivers\\klupd_ce4e31d7a_klark.sys" C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_ce4e31d7a_mark\ImagePath = "System32\\Drivers\\klupd_ce4e31d7a_mark.sys" C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_ce4e31d7a_arkmon_FD710C43\ImagePath = "\\??\\C:\\KVRT2020_Data\\Temp\\FD710C439F89CA6B7D8CAF3EE6F307D0\\klupd_ce4e31d7a_arkmon.sys" C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Uses Session Manager for persistence

persistence
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a000000500061007200740069007a0061006e000000 C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\Unhackme.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Voice Changer Emerald\unins000.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\g7z.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\NPE.exe N/A
N/A N/A C:\Users\Admin\Downloads\KVRT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Reads user/profile data of web browsers

spyware stealer

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 45.77.153.162 N/A N/A
Destination IP 141.98.234.31 N/A N/A
Destination IP 45.77.153.162 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ApprovedByRegRun2\AntiRepl\0\Operation = "1" C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ApprovedByRegRun2\AntiRepl\0\Target = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\_iu14D2N.tmp" C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ApprovedByRegRun2\AntiRepl\0\Source C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ApprovedByRegRun2\AntiRepl\1\Operation = "1" C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ApprovedByRegRun2\AntiRepl\1\Target = "\\SystemRoot\\system32\\drivers\\speeder.sys" C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ApprovedByRegRun2\AntiRepl\1\Source C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\af5a1d77-6576-45c6-bfc3-2a31123ceb8d = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{3a35aa35-7ee3-4559-889d-a47256272d48}\\af5a1d77-6576-45c6-bfc3-2a31123ceb8d.cmd\"" C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\SOFTWARE\KasperskyLab C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\S-1-5-21-2994005945-4089876968-1367784197-1000 C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\S-1-5-21-2994005945-4089876968-1367784197-1000\OptOut = "1" C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\WINDOWS\system32\Partizan.exe C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
File created C:\WINDOWS\Syswow64\Partizan.RRI C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
File opened for modification C:\WINDOWS\Syswow64\Partizan.RRI C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\Downloads\KVRT.exe N/A
File opened (read-only) \??\VBoxMiniRdrDN C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\ChromiumTemp5936_1294082891\model.tflite C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\ChromiumTemp5936_1030719098\model.tflite C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\ChromiumTemp5936_1827872245\model-info.pb C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\ChromiumTemp5936_1827872245\model.tflite C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\ChromiumTemp5936_20105984\model-info.pb C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\ChromiumTemp5936_20105984\model.tflite C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\ChromiumTemp5936_1294082891\model-info.pb C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\ChromiumTemp5936_1030719098\model-info.pb C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\SYSMONDRV.SYS C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

HTTP links in PDF interactive object

pdf link
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000d8dd4a42a297a22b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000d8dd4a420000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900d8dd4a42000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dd8dd4a42000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000d8dd4a4200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A
N/A N/A C:\WINDOWS\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Control Panel\Desktop C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\URLSearchHooks C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Extensions C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Search C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Styles C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\SearchUrl C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Toolbar C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Plugins\Extension C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Search C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Explorer Bars C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000\Software\Microsoft\Internet Explorer\Extensions C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619140805572429" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa25900000001000000160000005200530041002f0053004800410033003800340000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "15366" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "4" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Rev = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1042" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "8642" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Sort = 0000000000000000000000000000000002000000f4eec83032a8e241ab32e3c3ca28fd29030000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\IconSize = "48" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1075" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "8642" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHo = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2994005945-4089876968-1367784197-1000\{2ECE4069-ACD6-4994-898C-F6E1D2303854} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13716" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f80cb859f6720028040b29b5540cc05aab60000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "8642" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "15366" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13716" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2994005945-4089876968-1367784197-1000\{7726A124-4E2C-4922-9081-F8E45E12A098} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13716" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1042" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133586190162017495" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{885A186E-A440-4ADA-812B-DB871B942259} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1075" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\a78abfe6-0bce-460a-95d6-e1a1f92966de:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\6a853c64-2f27-4b17-a762-a9960a45546a:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\27eae360-2a72-4cd8-8dff-cd4e4ffaa348:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\NPE.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\KVRT.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 772146.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\f772fe40-a9c5-430c-ab1d-daafc949a704:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
N/A N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\Unhackme.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\ComodoAptAtScanner\cmdapt64.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\Unhackme.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\WINDOWS\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\WINDOWS\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\WINDOWS\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\WINDOWS\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\WINDOWS\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\Unhackme.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\Unhackme.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\wu.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Voice Changer Emerald\unins000.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A
N/A N/A C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3368 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.exe C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp
PID 3368 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.exe C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp
PID 3368 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.exe C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp
PID 1628 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe
PID 1628 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe
PID 1628 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe
PID 1628 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe
PID 1628 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe
PID 1628 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe
PID 2760 wrote to memory of 1776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 1776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.exe

"C:\Users\Admin\AppData\Local\Temp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.exe"

C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp" /SL5="$40242,7039807,54272,C:\Users\Admin\AppData\Local\Temp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.exe"

C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe

"C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe" -i

C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe

"C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe" -s

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa1cb23cb8,0x7ffa1cb23cc8,0x7ffa1cb23cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 /prefetch:8

C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe

"C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6204 /prefetch:2

C:\Windows\ComodoAptAtScanner\cmdapt64.exe

C:\Windows\ComodoAptAtScanner\cmdapt64.exe --service --scope "processes|drivers|autoruns" --status "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\scan_status.txt" --output "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\out.xml" --tvl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\tvl.txt" --trl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\trl.txt" --filter "*" --scanPeOnly on --flsUdpPort 53 --flsTcpPort 80 --skipGAC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,13309486981984915188,17841299262332022839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\" -spe -an -ai#7zMap9083:126:7zEvent31471

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\Unhackme.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\Unhackme.exe"

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\reanimator.exe" /wiz /full /imode

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\wu.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\wu.exe" http://greatis.com/dbs.ini /r /i

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /PID 1628 /F

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /PID 4464 /F

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /PID 3368 /F

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /PID 2816 /F

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /PID 4188 /F

C:\Users\Admin\AppData\Local\Voice Changer Emerald\unins000.exe

"C:\Users\Admin\AppData\Local\Voice Changer Emerald\unins000.exe" /SILENT

C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp

"C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Users\Admin\AppData\Local\Voice Changer Emerald\unins000.exe" /FIRSTPHASEWND=$3027A /SILENT

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM chrome.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM iexplore.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM firefox.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM opera.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM torch.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM browser.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM crossbrowse.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM browse~2.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM MicrosoftEdge.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM MicrosoftEdgeCP.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM amigo.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM msedge.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM vivaldi.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM brave.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM chrome.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM iexplore.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM firefox.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM opera.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM torch.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM browser.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM crossbrowse.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM browse~2.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM MicrosoftEdge.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM MicrosoftEdgeCP.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM amigo.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM msedge.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM vivaldi.exe

C:\WINDOWS\system32\taskkill.exe

"C:\WINDOWS\sysnative\taskkill.exe" /F /IM brave.exe

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe" /postsa C:\Users\Admin\AppData\Local\Temp\reatemp.tmp

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe" /upl "C:\Users\Admin\AppData\Local\UnHackMe\fixed.csv"

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\regruninfo.exe" /postga close:deln

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\g7z.exe

"C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\\g7z.exe" a -y -aoa C:\Users\Admin\AppData\Local\Temp\RegRunLog\regrunlog.7z C:\Users\Admin\AppData\Local\Temp\RegRunLog\regrunlog.txt C:\Users\Admin\AppData\Local\Temp\REGRUN~2\fixed.csv

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa1cb1ab58,0x7ffa1cb1ab68,0x7ffa1cb1ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4188 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3332 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6f669ae48,0x7ff6f669ae58,0x7ff6f669ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3976 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3316 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3812 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5108 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5312 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5264 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5548 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6348 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 --field-trial-handle=1832,i,2497695614771708460,15473864020258607238,131072 /prefetch:8

C:\Users\Admin\Downloads\NPE.exe

"C:\Users\Admin\Downloads\NPE.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\NPE.exe

"C:\Users\Admin\Downloads\NPE.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa1cb1ab58,0x7ffa1cb1ab68,0x7ffa1cb1ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4412 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3708 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3064 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3192 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3112 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3120 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5052 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5628 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5936 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5492 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5652 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 --field-trial-handle=1608,i,2903575324977377990,496560765411096220,131072 /prefetch:8

C:\Users\Admin\Downloads\KVRT.exe

"C:\Users\Admin\Downloads\KVRT.exe"

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\527e9fa6.exe

C:/Users/Admin/AppData/Local/Temp/{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}/\527e9fa6.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 104.20.138.65:80 tinyurl.com tcp
US 104.20.138.65:80 tinyurl.com tcp
GB 142.250.187.238:443 clients6.google.com tcp
GB 142.250.187.238:443 clients6.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 216.58.212.202:443 content.googleapis.com tcp
GB 216.58.212.202:443 content.googleapis.com tcp
GB 142.250.187.225:443 drive.fife.usercontent.google.com tcp
GB 216.58.212.202:443 content.googleapis.com udp
GB 216.58.212.202:443 content.googleapis.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.14:443 contacts.google.com tcp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com tcp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com udp
GB 142.250.179.238:443 play.google.com udp
HK 141.98.234.31:53 aibtddi.ru udp
BG 194.59.30.121:80 aibtddi.ru tcp
FR 62.210.204.81:2023 tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 cmc.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 142.250.187.238:443 ogs.google.com udp
US 8.8.8.8:53 fls.security.comodo.com udp
US 8.8.8.8:53 accounts.comodo.com udp
US 137.184.246.236:443 accounts.comodo.com tcp
US 8.8.8.8:53 236.246.184.137.in-addr.arpa udp
N/A 127.0.0.1:445 tcp
N/A 127.0.0.1:135 tcp
N/A 127.0.0.1:49669 tcp
US 8.8.8.8:53 verdict.xcitium.com udp
CA 15.222.185.255:443 verdict.xcitium.com tcp
US 8.8.8.8:53 fls.security.comodo.com udp
US 45.77.153.162:53 fls.security.comodo.com udp
US 45.77.153.162:49669 fls.security.comodo.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.169.91:443 storage.googleapis.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 8.8.8.8:53 91.169.217.172.in-addr.arpa udp
US 45.77.153.162:15378 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
BG 194.59.30.121:80 aibtddi.ru tcp
FR 62.210.204.81:2023 tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.238:443 ogs.google.com udp
US 45.77.153.162:27527 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:62985 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:12485 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:36356 fls.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:13102 fls.security.comodo.com udp
US 8.8.8.8:53 greatis.com udp
CA 144.217.89.149:80 greatis.com tcp
US 8.8.8.8:53 www.greatis.com udp
CA 144.217.89.149:80 www.greatis.com tcp
US 8.8.8.8:53 149.89.217.144.in-addr.arpa udp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:42683 fls.security.comodo.com udp
US 45.77.153.162:80 fls.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:37555 fls.security.comodo.com udp
BG 194.59.30.121:80 aibtddi.ru tcp
FR 62.210.204.81:2023 tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
US 45.77.153.162:80 fls.security.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 45.77.153.162:10292 fls.security.comodo.com udp
CA 15.222.185.255:443 verdict.xcitium.com tcp
US 45.77.153.162:53 fls.security.comodo.com udp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
BG 194.59.30.121:80 aibtddi.ru tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp
GB 178.255.85.135:443 cmc.comodo.com tcp
BG 194.59.30.121:80 aibtddi.ru tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 verdict.xcitium.com udp
CA 15.222.185.255:443 verdict.xcitium.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
BG 194.59.30.121:80 aibtddi.ru tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
GB 178.255.85.135:443 cmc.comodo.com tcp
US 8.8.8.8:53 greatis.net udp
US 8.8.8.8:53 api.gameanalytics.com udp
US 3.223.115.228:443 api.gameanalytics.com tcp
CA 54.39.156.188:443 greatis.net tcp
US 8.8.8.8:53 howtostopmalware.com udp
US 104.196.128.85:443 howtostopmalware.com tcp
US 3.223.115.228:443 api.gameanalytics.com tcp
US 3.223.115.228:443 api.gameanalytics.com tcp
US 104.196.128.85:443 howtostopmalware.com tcp
US 3.223.115.228:443 api.gameanalytics.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 img.youtube.com udp
US 8.8.8.8:53 img.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 support.norton.com udp
US 8.8.8.8:53 support.norton.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 2.21.188.35:443 support.norton.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 2.21.188.35:443 support.norton.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
GB 172.217.16.234:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 websdk.ujet.co udp
US 8.8.8.8:53 websdk.ujet.co udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 2.21.188.35:443 support.norton.com tcp
GB 2.21.188.35:443 support.norton.com tcp
GB 13.224.222.85:443 websdk.ujet.co tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 2.21.189.25:443 assets.adobedtm.com tcp
GB 172.217.16.234:443 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 nexus.ensighten.com udp
US 8.8.8.8:53 nexus.ensighten.com udp
GB 143.204.176.68:443 nexus.ensighten.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
GB 2.21.188.35:443 support.norton.com tcp
GB 2.21.188.35:443 support.norton.com tcp
US 8.8.8.8:53 www.nortonlifelock.com udp
US 8.8.8.8:53 www.nortonlifelock.com udp
GB 142.250.187.238:443 www.youtube.com udp
IE 54.171.118.212:443 dpm.demdex.net tcp
BE 104.90.25.237:443 www.nortonlifelock.com tcp
GB 143.204.176.68:443 nexus.ensighten.com udp
GB 172.217.16.234:443 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 symantec.demdex.net udp
US 8.8.8.8:53 symantec.demdex.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 symantec.tt.omtrdc.net udp
US 8.8.8.8:53 symantec.tt.omtrdc.net udp
IE 63.34.17.39:443 cm.everesttech.net tcp
IE 66.235.152.156:443 symantec.tt.omtrdc.net tcp
IE 52.19.228.126:443 symantec.demdex.net tcp
US 8.8.8.8:53 oms.norton.com udp
US 8.8.8.8:53 oms.norton.com udp
US 8.8.8.8:53 oms.norton.com udp
US 8.8.8.8:53 oms.norton.com udp
IE 66.235.152.225:443 oms.norton.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 login.norton.com udp
US 8.8.8.8:53 login.norton.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 login.norton.com udp
US 8.8.8.8:53 login.norton.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 13.107.246.64:443 login.norton.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 zn7ngvh48sidro926-gendigital.siteintercept.qualtrics.com udp
US 8.8.8.8:53 zn7ngvh48sidro926-gendigital.siteintercept.qualtrics.com udp
GB 2.21.188.35:443 support.norton.com tcp
US 104.17.208.240:443 zn7ngvh48sidro926-gendigital.siteintercept.qualtrics.com tcp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 104.17.208.240:443 siteintercept.qualtrics.com tcp
US 104.17.208.240:443 siteintercept.qualtrics.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 www.norton.com udp
US 8.8.8.8:53 www.norton.com udp
GB 2.21.188.35:443 www.norton.com tcp
GB 2.21.188.35:443 www.norton.com tcp
US 8.8.8.8:53 buy-download.norton.com udp
US 8.8.8.8:53 buy-download.norton.com udp
GB 2.21.188.35:443 buy-download.norton.com tcp
US 8.8.8.8:53 sb-ssl.google.com udp
US 8.8.8.8:53 sb-ssl.google.com udp
GB 142.250.187.238:443 sb-ssl.google.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 172.217.16.227:443 id.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 www.kaspersky.com udp
US 8.8.8.8:53 www.kaspersky.com udp
DE 185.85.15.47:443 www.kaspersky.com tcp
DE 185.85.15.47:443 www.kaspersky.com tcp
US 8.8.8.8:53 sgtm.kaspersky.de udp
US 8.8.8.8:53 sgtm.kaspersky.de udp
US 8.8.8.8:53 service.maxymiser.net udp
US 8.8.8.8:53 service.maxymiser.net udp
US 8.8.8.8:53 d.oracleinfinity.io udp
US 8.8.8.8:53 d.oracleinfinity.io udp
US 216.239.38.21:443 sgtm.kaspersky.de tcp
NL 23.62.61.147:443 service.maxymiser.net tcp
NL 23.62.61.146:443 d.oracleinfinity.io tcp
US 8.8.8.8:53 media.kaspersky.com udp
US 8.8.8.8:53 media.kaspersky.com udp
DE 185.85.15.31:443 media.kaspersky.com tcp
US 8.8.8.8:53 dc.oracleinfinity.io udp
US 8.8.8.8:53 dc.oracleinfinity.io udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 63.32.160.254:443 dpm.demdex.net tcp
US 8.8.8.8:53 api-router.kaspersky-labs.com udp
US 8.8.8.8:53 api-router.kaspersky-labs.com udp
RU 77.74.178.40:443 api-router.kaspersky-labs.com tcp
RU 77.74.178.40:443 api-router.kaspersky-labs.com tcp
RU 77.74.178.40:443 api-router.kaspersky-labs.com tcp
RU 77.74.178.40:443 api-router.kaspersky-labs.com tcp
US 8.8.8.8:53 kaspersky.demdex.net udp
US 8.8.8.8:53 kaspersky.demdex.net udp
US 8.8.8.8:53 otr.kaspersky.com udp
US 8.8.8.8:53 otr.kaspersky.com udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 cm.everesttech.net udp
IE 66.235.152.225:443 otr.kaspersky.com tcp
IE 52.209.221.170:443 cm.everesttech.net tcp
IE 34.252.224.238:443 kaspersky.demdex.net tcp
US 8.8.8.8:53 content.kaspersky-labs.com udp
US 8.8.8.8:53 content.kaspersky-labs.com udp
RU 77.74.178.40:443 content.kaspersky-labs.com tcp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 cdn.gbqofs.com udp
US 8.8.8.8:53 cdn.gbqofs.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 resources.xg4ken.com udp
US 8.8.8.8:53 resources.xg4ken.com udp
US 8.8.8.8:53 js.go2sdk.com udp
US 8.8.8.8:53 js.go2sdk.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 kasperskycom.push4site.com udp
US 8.8.8.8:53 kasperskycom.push4site.com udp
US 104.17.248.203:443 unpkg.com tcp
US 104.18.24.13:443 cdn.gbqofs.com tcp
US 104.18.24.13:443 cdn.gbqofs.com tcp
US 2.17.251.25:443 snap.licdn.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
DE 185.85.15.47:443 www.kaspersky.com tcp
US 204.79.197.237:443 bat.bing.com tcp
IE 54.229.185.251:443 resources.xg4ken.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 143.204.176.83:443 js.go2sdk.com tcp
US 104.26.5.117:443 kasperskycom.push4site.com tcp
US 8.8.8.8:53 s.retargeted.co udp
US 8.8.8.8:53 s.retargeted.co udp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 151.101.1.140:443 pixel-config.reddit.com tcp
US 8.8.8.8:53 track.omguk.com udp
US 8.8.8.8:53 track.omguk.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 151.101.1.140:443 alb.reddit.com tcp
US 172.67.206.65:443 s.retargeted.co tcp
US 8.8.8.8:53 12346775.fls.doubleclick.net udp
US 8.8.8.8:53 12346775.fls.doubleclick.net udp
US 151.101.1.140:443 alb.reddit.com tcp
IE 34.246.81.71:443 track.omguk.com tcp
GB 216.58.204.70:443 12346775.fls.doubleclick.net tcp
GB 216.58.204.70:443 12346775.fls.doubleclick.net tcp
US 8.8.8.8:53 sgtm.kaspersky.com udp
US 8.8.8.8:53 sgtm.kaspersky.com udp
US 104.18.24.13:443 cdn.gbqofs.com tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 push4site.com udp
US 8.8.8.8:53 push4site.com udp
US 216.239.36.21:443 sgtm.kaspersky.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 172.67.206.65:443 s.retargeted.co udp
GB 216.58.204.70:443 12346775.fls.doubleclick.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
GB 142.250.187.206:443 analytics.google.com tcp
US 8.8.8.8:53 c1001.report.gbss.io udp
US 8.8.8.8:53 c1001.report.gbss.io udp
IE 52.213.27.17:443 c1001.report.gbss.io tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
NL 157.240.201.35:443 www.facebook.com udp
US 104.26.5.117:443 push4site.com tcp
US 8.8.8.8:53 services.xg4ken.com udp
US 8.8.8.8:53 services.xg4ken.com udp
US 8.8.8.8:53 5015.xg4ken.com udp
US 8.8.8.8:53 5015.xg4ken.com udp
US 8.8.8.8:53 devbuilds.s.kaspersky-labs.com udp
US 8.8.8.8:53 devbuilds.s.kaspersky-labs.com udp
IE 63.32.226.107:443 5015.xg4ken.com tcp
IE 63.32.226.107:443 5015.xg4ken.com tcp
US 8.8.8.8:53 devbuilds.s.kaspersky-labs.com udp
DE 195.27.253.3:443 devbuilds.s.kaspersky-labs.com tcp
DE 195.27.253.3:443 devbuilds.s.kaspersky-labs.com tcp
US 8.8.8.8:53 5015.xg4ken.com udp
US 8.8.8.8:53 5015.xg4ken.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
GB 142.250.187.202:443 optimizationguide-pa.googleapis.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 api-router.kaspersky-labs.com udp
US 8.8.8.8:53 api-router.kaspersky-labs.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 204.79.197.237:443 bat.bing.com tcp
DE 185.85.15.47:443 api-router.kaspersky-labs.com tcp
US 8.8.8.8:53 touch.kaspersky.com udp
US 8.8.8.8:53 ds.kaspersky.com udp
US 8.8.8.8:53 touch.kaspersky.com udp
US 8.8.8.8:53 touch.kaspersky.com udp
DE 81.19.104.200:80 touch.kaspersky.com tcp
CH 82.202.185.148:443 ds.kaspersky.com tcp
US 8.8.8.8:53 click.kaspersky.com udp
US 8.8.8.8:53 click.kaspersky.com udp
US 8.8.8.8:53 click.kaspersky.com udp
US 8.8.8.8:53 crl.kaspersky.com udp
DE 80.239.169.154:80 click.kaspersky.com tcp
FR 212.73.221.196:80 crl.kaspersky.com tcp
N/A 127.0.0.1:59655 tcp
N/A 127.0.0.1:59658 tcp
N/A 127.0.0.1:59662 tcp
US 8.8.8.8:53 dc1-file.ksn.kaspersky-labs.com udp
US 8.8.8.8:53 dc1-file.ksn.kaspersky-labs.com udp
US 8.8.8.8:53 dc1-file.ksn.kaspersky-labs.com udp
DE 195.27.253.15:443 dc1-file.ksn.kaspersky-labs.com tcp
DE 80.239.169.154:443 click.kaspersky.com tcp
US 8.8.8.8:53 devbuilds.s.kaspersky-labs.com udp
NL 80.239.174.35:443 devbuilds.s.kaspersky-labs.com tcp
N/A 127.0.0.1:59881 tcp
N/A 127.0.0.1:59919 tcp
N/A 127.0.0.1:59922 tcp
US 8.8.8.8:53 dc1-st.ksn.kaspersky-labs.com udp
DE 195.122.177.160:443 dc1-st.ksn.kaspersky-labs.com tcp
CH 82.202.184.185:443 dc1.ksn.kaspersky-labs.com tcp
N/A 127.0.0.1:59927 tcp
N/A 127.0.0.1:59933 tcp
DE 130.117.190.148:443 dc1-st.ksn.kaspersky-labs.com tcp
US 8.8.8.8:53 dc1-pp.ksn.kaspersky-labs.com udp
CH 82.202.185.151:443 dc1-pp.ksn.kaspersky-labs.com tcp
CH 82.202.185.151:443 dc1-pp.ksn.kaspersky-labs.com tcp
DE 195.122.177.160:443 dc1-st.ksn.kaspersky-labs.com tcp
N/A 127.0.0.1:60716 tcp
CH 82.202.184.185:443 dc1-pp.ksn.kaspersky-labs.com tcp
N/A 127.0.0.1:61078 tcp
N/A 127.0.0.1:61080 tcp
N/A 127.0.0.1:61188 tcp
N/A 127.0.0.1:61279 tcp
CH 82.202.184.185:443 dc1-pp.ksn.kaspersky-labs.com tcp
N/A 127.0.0.1:64886 tcp
N/A 127.0.0.1:64891 tcp
DE 130.117.190.148:443 dc1-st.ksn.kaspersky-labs.com tcp
N/A 127.0.0.1:49312 tcp
DE 130.117.190.148:443 dc1-st.ksn.kaspersky-labs.com tcp

Files

memory/3368-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3368-3-0x0000000000401000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9I5J8.tmp\54769bac6af10ab480fa975336db365ac471a0fe60de743d8c91654e76c830bf.tmp

MD5 06dd00456e1bab28b909bc85f775c9f7
SHA1 e00b1f204870633d3ffa407414a975a0e346e44f
SHA256 5909886a7138fbfd08006f1c51d58d011596cfa434c6a69db1b0915ba3c4b715
SHA512 72cd0f25864185d863922a50a965fe71c9d618f50ca5d02f7fdf942ff365423765def91f8c39cd58fd355b0e67618037ee6ca23359769a5fd1d2fc1aaa63f203

memory/1628-10-0x0000000000400000-0x00000000004BA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-V600L.tmp\_isetup\_isdecmp.dll

MD5 a813d18268affd4763dde940246dc7e5
SHA1 c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256 e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
SHA512 b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

C:\Users\Admin\AppData\Local\Temp\is-V600L.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Voice Changer Emerald\voicechangeremerald32.exe

MD5 bd4b8d870d15f8c957be1b4ee46dfd0f
SHA1 9e749f58b142313e30c5dfc723850bde78cdc6a0
SHA256 fb56b199e08e4c48b8dfe2d5e954963f0bdd47658a9f517208f663efc5a196c1
SHA512 c0e015c0e79321ed046e9e86b018199bdada29696daa76a3e808408136f1e3ea0af8b0fa50543053a3923c246090c7aa58bf6679b03c427367ef1a7c26cba617

memory/2564-65-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/2564-70-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/2564-69-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/2564-66-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/4464-73-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0c5042350ee7871ccbfdc856bde96f3f
SHA1 90222f176bc96ec17d1bdad2d31bc994c000900c
SHA256 b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b
SHA512 2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce

\??\pipe\LOCAL\crashpad_2760_ENHFYCPOZOCRSIYI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dfc02c76b67a5565fb20f6e2ba5232a7
SHA1 9e968e1c21e8ac0b1dac848063da2dc4b66b8f7d
SHA256 35987fbfdc3bc416c403c67511654475d5def6c7ad62e4f69598be496f889a1d
SHA512 89bc814c169c2ac4c0e844dcfc73eb34b21b9cad81d043d4e1ca28ae84cc072fc376e89139dd8ca814c6249bf278d49136c10f99cf9e26a892acb48f394839d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5e027def9b55f3d49cde9fb82beba238
SHA1 64baabd8454c210162cbc3a90d6a2daaf87d856a
SHA256 9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83
SHA512 a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e

memory/3368-102-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1628-103-0x0000000000400000-0x00000000004BA000-memory.dmp

memory/4464-104-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8bbf53266e2a2739357f1d7ba0209d0
SHA1 c6db1c9bc79b5d45762a154e0d35e943d11a4a8d
SHA256 fb948f5b6b636ff1bbe295e4360312d2315a5e3eee6875654ea5920d20cafb52
SHA512 e9dc3377c7b45532335ff485e3d5bd6eb60f9f1d6dbbe8af7231d882a41d05a285e676853492122dd75115930b2826074efbb70daa985def7a100885d830f2d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95e85bc7341cb473c331103f83767e8f
SHA1 c57455952c96aa13b7cedb80587174a90b0e2f63
SHA256 857b74761f3f7e4761c443a117c7fd3db3ea98720366ed03932b4e2d6fe29b87
SHA512 5cde7cf4e7bc9a4dd932457400b93b0436cc1ce0e6e9820c5700e80cd6bbbe8677e255ecf29f8ca5eb15e27faaf760b8c56e8ee0d3bed34a1034692442a497a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/4464-141-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/4464-142-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 34025dd7e89ae81aafc66e8f55f05aa6
SHA1 dc1df7a869ebb17b4e4d1b3a1f66bb5cc7225857
SHA256 9b0f3379ffaf3a9e3e79d8bd12e6798e8b4aed3546737a727e5dc72bdd3814e1
SHA512 9c65f0a8a1ce939560ca5b10ab1bac789727c646a40ce8576764778c8ecf871400ebcdb1c5e95a1845d4f7ada4545a7ae710b32f459bc425fe39518df356ee1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c5a3bba6af1bd2908bc0e3ebe5a88ff
SHA1 b76acf31937f683788890f73d05f4a7aa46b6bd8
SHA256 2656e7a478b6ba43d9be48a9d9ecde4a092497e249eecd0ed7f0c4830570045c
SHA512 b3a90a4bd56a1b6b0456c051d4f4a4bbcadd77e83cc89a94143a577504f9656680f942549db9c511cecd39f130df452e10699e1d51311739acca2464d72c0d97

memory/4464-199-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bafe71bc638604135ffff88477e058e
SHA1 be6290c9ff60e8e344adc2a51a82258e66d441a9
SHA256 48a60fa407d9f83ea7db9c93b889a85608bc457e76bafedd611c2c08d1a32e56
SHA512 2fae61dd0cfd85fde22a9bfc89e8e6ee7632c294e073141a28fc2294d69f471fb2aa39d8cb46263600f9049b4c6984f569b70f4843def44994464ae0b97ecaab

memory/4464-292-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/4464-301-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 52c0f362e41932f30a77ad6680845afa
SHA1 ffe587fc164c527910b5b7876eda048e1dc5cc7c
SHA256 2236d892cc26f110f014b6e144b65bad66536350a7c29920dade9392aa7056e0
SHA512 e47ef1ae0bb575d82673923d8c8ef7a0f4ff6c104bb67d98cbf5424370e36c716ebeea222cd68eb2b71bd4e89f05fb90ad249eb47802035f4ad99fe7b874965e

memory/4464-318-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/4464-319-0x00000000026C0000-0x0000000002762000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 97f07e182259f3e5f7cf67865bb1d8f0
SHA1 78c49303cb2a9121087a45770389ca1da03cbcdf
SHA256 c3a70f23a2cf331852a818d3f2a0cf7f048753c9b47aa4e7f0fee234c46b226c
SHA512 10056ad3a71ee806a8d8aff04d513a079568bf11799016f76f27c4255be2141a4c2d99c1f46bbfde9c99ba0f8b44e780a92b59f514d3cc1c248ead915c31b5dd

memory/4464-341-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\04e4b02f-6db5-4e61-8122-8033f1044559.tmp

MD5 0bdbdac1e1e360c5e2e8f939a01b8967
SHA1 fb178de728b3cd9548b0cd3163878ee6ddacd0b6
SHA256 bc2233e7d0484d6c35ec3ec181838c28d2a631bf000297e01eef728575dace1e
SHA512 9c96feb1dc01b538435b43f14731a8d0df73d46c2cb651aa8a1e0de274d36254b18650fb807f1456b6d4e8b1320683ab0dd2e3c89878654d5739387300f4864c

memory/4464-367-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0f9665b0fb0f35704286df09c4cad2d9
SHA1 9ef3d7c01e94375c6f6476d2afd5b93b7a94f0b9
SHA256 a89a80b0f9e37a54d0d8bd412e009079b51757ad6dc05b5f96481c821be53fe7
SHA512 f1d882442f47e05224a147e5c4ef42d5b6876313d61ca04f45fdce22e0aeacceb5ba4bf2595b803484e03c3e4146e93b2b7aef97cd2a4a532975aa567c4b258b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 92f83c3f62e798f76673407051a42a14
SHA1 54c67f1bc1023875e68d4feb93011d04f298b6f4
SHA256 18b13ce86085879ff8d4ae2929717ec739d51c3d8be3f6e54328b82ceb944a70
SHA512 ed1c4966e1440d1b1c1744b8c394298875cf5335e70c11b6f467755926b57fab9c1221a297b18a4f4d4d16ffe8b336c07701fb93b6cfc27b82f87243362d1322

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58be79.TMP

MD5 0f4279cc92ac4b4b49f85a1a0bc1e855
SHA1 ca4ea1057c8e2b91cc31de21942afbf69053d666
SHA256 abc0178f14d1edb4033cd4ebdce1a8dcc2c22eb87f93ee040abd59e944ce00da
SHA512 d829ff6f34e0f17aba5bf60b65dc742095d8309d39362511b669f7e34def5d728ea4746cd034e667d73932eda78a5da5e21ae7280e95aa4f6e891bc3507bc384

memory/4464-389-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e7ad1ef04a0a3a716670ff36895eafaa
SHA1 74c679ffdc871429ac6fb32dd7e9234150efa937
SHA256 2760044e0280d6b4b1d80d32d7a84c72dc059ce89648c29e4f1f56a2f4a7e56e
SHA512 4f03fe3c5e50d36ea86763891fcdd269736da8071ef1668b65f6f17ddece2a181923f53ddd42117574a3def147c5736f0cdf037d853c17d5be59588f87f0fd4a

memory/4464-412-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 772146.crdownload

MD5 ddf8230ab47c7c517397ef1c5b1ee2e0
SHA1 4214d7217f353b7b8519ddb768ad238a9afa10f2
SHA256 688de6269eabf44a59a497e26920466976fa26a7d6b4ac4127cacf03da2edcac
SHA512 464dcf2958971a2b38e5e61c746578a88c571d976b5183489e3e8ec05953c51c860bd97e1839ea77faea18defa28da1d19f9d113037e4b7d98e5692ee6488ff1

C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

memory/4464-439-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e175a900b24b5f67fd2c25f9401f390e
SHA1 34d3853cb65afdf13b89d07edb1404edc512bcac
SHA256 9d3d12e2e07f9b5ea93e1ac2d7a03d34dfc413980556469fc7ed0c11e35fceca
SHA512 3f92c7bb96ff000a50806ab0cef890d17b4ea0ee4863d6e9a059f7e2cf0267736510410268f35ee1a575cee5e148598a1fab834c36fee229ca1f61f727432508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 85addf3934c89a93795ea90f3a0c93e7
SHA1 7d7960b592e43e72b6e2321d7ea3ba76c688b8f8
SHA256 7040c97c660e5fe8a1e9633dfb974bae822bfa9f6283aa8a14142de5621a6181
SHA512 4deabbdf3777d77c151cb408fdb9e3b174df49bc48082fc8269c9948cd6c4192015449a1be91622fb3cc49753efb8faac9ac8a501f450c0fdc63c86aa4bd5915

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe

MD5 9dbd87da3046935d74a6026cb0e9bae9
SHA1 11584dbe6847d90c5797d0c2ca6ad4247154ca60
SHA256 381f108010501d81a8442290432434074e74b131a30a5c77a27d1e514a29b45c
SHA512 f2a57a0e86abb96d491f0b1ebc6c1efbbcd3e48f1e03e83b90b049b18c20b62e2d5ad56a35ae219b536a8ddec712072b002296a0d5adffcd573490855fb5ae43

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe.config

MD5 c006fafdde9bbf29aa270f536aa97d33
SHA1 fc43e9d0d0cd187e1a18a7ae01b6ea9fb3910a45
SHA256 8003ec74c61264a3b6e73b3f7090355480f12761680c50fd2dadbb60a2b40ab0
SHA512 fa7e68ef024291ddadd37047928bc48464858c0b317642ffcea4b6f5e961e7ea8fdf01323a661954652cc8ac0b5eb71643a6aef9f4c91cb5eb1a0b37663283b9

memory/2816-605-0x000001E34D440000-0x000001E34D6B4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Common.dll

MD5 620b8b022ae59a02b5217cc25ef09421
SHA1 f9c7ceff25deba9f6bfcd723d8695c11d1c2b4fe
SHA256 6c6ff80ffae631e803f57ab9b53075786ab003b583c4758047ee2df703249876
SHA512 b8157748a0e6093f9de4f5e95f8cb882a375c04f1026d4eb278c6226768107efb1232b78e71e2623b27ad72d1aac65433042aa846c9d55f8bf599c464735cd55

memory/2816-607-0x000001E34DAF0000-0x000001E34DB00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.DeploymentCore.dll

MD5 db85afa75c1f8500c743db52755a01b7
SHA1 e38af07ab64904bcfab45c058057e19bc749285f
SHA256 e469020d57d38d5d43c10a540f4cf0b91cf4e1deafcc9426ef219df5ae03ef52
SHA512 968012fc1370c652ef9994908fb0c857c3c63419e0792c76a1a8ca85043c33543e3e6757236166faf0791b6211461eb5aaa0f5257dafb216d03aa46400c7b6c8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.DAL.dll

MD5 6448d6dde5acdd8e63a97a7652ffa3c4
SHA1 cd2db209db5b2fd25a94c32db7ec57b496dcfb25
SHA256 873d052480df1d18381993c4106be5596b0da65ccb42b9328af4c3904c27fce4
SHA512 e58dd82274431775267b4736c859a6cf4a00801f902365cbbf11f9249093f19cbf9fabfc3e973d6c9365bcfa1dde78c874b57de5f262fc3be1b919f0d5e28931

memory/2816-609-0x000001E34F330000-0x000001E34F368000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Core.dll

MD5 8888b0b243f728265ed7f0ac33edfb98
SHA1 7867def2aaeff6c26391186ace0fd24cefcab8a8
SHA256 537b5fdb3a29a67897949b0393474e016dd25ecb312aba5a909d74dc768200ab
SHA512 acaf3dfd856ed10705d9d2d54773307511084b6ec21cdeb3c400bad3c1c11fe02d7139b8506194c9545d99a12fd71b2b7a6efac086e2ffa308407863bc32de5b

memory/2816-613-0x000001E367F40000-0x000001E367FE2000-memory.dmp

memory/2816-611-0x000001E34F390000-0x000001E34F3B4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.dll

MD5 6c8cc2eb4303baf8d7d26d4a0887fa5a
SHA1 9bb0c565c79e2d7a82669a7f11b3df5851d9c9fc
SHA256 83ca6a8fbef980905c29fb182f42868e9b07cd352cd87817a9f5449dc70b12fe
SHA512 6fbd8fc0b7e947ad4053c4fe449dbdf972c0ca20cdd2a70dbb47a4dba939566fdcc0e21a487ab22421eab71995982c13c6095491ae05434b7cf3947955d7816b

memory/2816-615-0x000001E368360000-0x000001E3686C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.GridView.dll

MD5 45e05d6966567000063bf7cf6c082252
SHA1 25113978e8acc2222165c3928ac588b0f305cca1
SHA256 16bde21916a973d7fbd50eda42c2c9b2c36f74b0bf6461f22d870fbe2a85df19
SHA512 0a6f439d7395107d7e5375eed88e4c9ef925834ddf08b36aa52c297ce0b0a4a2b038a83efeb68e180d92408c764804a06c4ee43c17e31c0d5796cda7b382a4ba

memory/2816-619-0x000001E367E90000-0x000001E367F08000-memory.dmp

memory/2816-617-0x000001E3686D0000-0x000001E36896C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Data.dll

MD5 9ea393be611a5edfffbe303a098650fa
SHA1 ce21c5e845d81e3b32c8cba4137f75ce8f0acffe
SHA256 9fae89b6f0288bf95dafceee1e04a570afd78f681f961642aca48ade87788e26
SHA512 84f9f95ff66c67f406e858d66a15b87d746c852c9c53d910a9682e04b0a6d6818e49015cfccf1e6ebffa91cf5240d848dd433238d2bcfd1d86d51fcaf840800c

memory/2816-621-0x000001E367D20000-0x000001E367D7E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\SimpleInjector.dll

MD5 50392527815cf7a9c524ed35f96b096b
SHA1 86773de8d04efdd0f5cde4a10859cd54b8aa5223
SHA256 70697f7f545912682a735c99cdeccec33c398b3fd6bbc480c4be730da077cb00
SHA512 1fb3eca1fc18a9304afc6eade5315f5c73f7549f4fa9ad634501b3e3c1f255e847c7fc3e99ec4620725c6ed75709311fa791bcef44352f3af67cdf95a056e752

memory/2816-623-0x000001E368050000-0x000001E3680B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.FixedDocumentViewers.dll

MD5 adaedfb21fa68af018a2df60746afe2c
SHA1 c34a794fc8969c8513697785e5ba646dd437e779
SHA256 2b31ad9f570fd23d513a47249f89064ed53f3cf1e8e348eefbb7d25be6fad7c7
SHA512 593846f005fa05218644824f02bce58a5f9733b1ee2e3f80627804b216e6794eeda0c79edb96bfab546f7d35379633633fddcfaf69095f30adf2edec0d155bb3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.pdb

MD5 e8aa334cd901edf5e120ed6d1768b227
SHA1 5278bdd96a24ec4a3ae9ae8c91c2fcbd6aef56b5
SHA256 c20c9d1743bba7e66fa9a95901f54f4e513d250f08f70dda65bb0d8c708a913c
SHA512 18aa31ccb4ed200496b668e1403d990e5e645c81c70b48a6a4fb0e209641cdadc4f99227d9e077b02ab3793d8650aebbff0c9c30925782ea9d6b703f7ccb2579

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.Common.pdb

MD5 6792817dca690cf3d52f5efd181cab76
SHA1 4cdfdc16f560c759f51409259edef189f21cef8b
SHA256 51029aabbcd4368b745d755706cb2b495325a0c5d8d8a78822baa88a5cc7a35d
SHA512 f9fd10c439d3f353e970c2c06a29bc03b8c6d2e36a9518758528f460d051b21ae0921d0b7b7a5a1afe68ac8130232eacd4dcc130ab91e0ddc23f2ec33fffa2e2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Valkyrie.WebApiProvider.dll

MD5 050d548c6ffdab12d3031790a76381f8
SHA1 095e1171f5ab4d2eb658a802121e572a32ac11ca
SHA256 609d55474e7f6871fd22ae7bec34b8f2e251eaab54a176a5df01b7a9e5389b81
SHA512 c0984b9e6cd04d31fd13156c0085d4b7e67b1024e7fc9ea9cff48730a12866339a063a9c15e22ae14a0d2a1db11c9bdfc7108ea6a327c381632c23910d933a38

memory/2816-627-0x000001E368010000-0x000001E368024000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.COT.Login.dll

MD5 5fd915a05396c4ddcd21508991a4318c
SHA1 9c1bebdbd77d0f13eb918d5b9d2c87edc73e84dd
SHA256 811a0f9d57c36b14d3c149066c3f0ef2d117c0b267870f007098b30a5fb9b901
SHA512 e2880ca325eda3470ddf4710d3471eb00e9e29ecc8d8940fa22f7246d32293deb8b3333987a4e42675741ca103e0f2519643888691df18d5ad1d3aab8f2d1fa9

memory/2816-639-0x000001E36C340000-0x000001E36C34E000-memory.dmp

memory/2816-640-0x000001E36DBC0000-0x000001E36DBC8000-memory.dmp

memory/2816-641-0x000001E36DC40000-0x000001E36DC78000-memory.dmp

memory/2816-642-0x000001E36DC10000-0x000001E36DC1E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Controls.Navigation.dll

MD5 64b10ac25f59777e7ebb0b7027881745
SHA1 85029e19b9eb4d58882828d7d01d3af8ac7d3294
SHA256 bd13102239c2d5e2201d4d8e0d9955ff26c5cb27cfe952c72849731ecd92b9c7
SHA512 0d81dd5c853e131dd8df25716858ff359f5da506fefea5575ebe06aa3b19b34f1399ab7adc8dc428f240fc3a3774e124f35447d820e65620d85ee6cb712480a9

memory/2816-644-0x000001E36E350000-0x000001E36E680000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Themes.Windows8.dll

MD5 f5c42ca459857a067ed07e02de1045fa
SHA1 d50657fe3e60f4432e8fc67f6f85276062f90b46
SHA256 196a1e24be95273d6dbc3b60aaf704818031fcff6962b780cdf13da841178834
SHA512 d59bf0adb43a4459cdbf6c81d4c9c05324cc4198d9b3e907cdac412c873c8b83d9a6dc8d39138f65e2088d520cb1634162aac773d0fac1eb02ec1cc92ddb8ca1

memory/2816-646-0x000001E36E680000-0x000001E36E84C000-memory.dmp

memory/4464-648-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Documents.Fixed.dll

MD5 aadfccaee394be81d28bd3096ecc585a
SHA1 66c7edd13df3129e4d188a8acdd1cf29cdefccbb
SHA256 00ac3169284891a885c352c05d54dc8e3b422002fec32874b352d6ef3f5facb5
SHA512 e0ac3db823a3b3176ab0180fe93f79518cdc30693d7be6b29244783efec4c59b3ec02122ae08a37dd1b22655ded0a41627720f26d0ab9b7840f3c9b02e941fe2

memory/2816-650-0x000001E36E850000-0x000001E36EA62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Telerik.Windows.Documents.Core.dll

MD5 7fb64cb114c7f39d886a482b6c1d88ec
SHA1 6f8eb5daf68a1f2b053fdb4d66c84a01f4756fb1
SHA256 781934a7b18b5c94bd4b52f3d44e3a5874dec398f7347672e1c92f1f09591f46
SHA512 f91a82f6ad9e00b865d08182e01f299a28d741c30d94499b3804593974608feca5840dd541e0fc8b813f745622ac73c60ad0d6c718bce0ec1df7642d54463b5b

memory/2816-652-0x000001E36B8C0000-0x000001E36B91C000-memory.dmp

memory/4464-653-0x00000000026C0000-0x0000000002762000-memory.dmp

memory/4464-654-0x00000000026C0000-0x0000000002762000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\EntityFramework.dll

MD5 a35746d7a8c835f4cdaa90efe1f11511
SHA1 c6869e2de30809f944e12b79f216ce6cfb68c9cc
SHA256 ed6ebd749052f9018f6699671ae5469adedf086cf8b1bd4256bbe9c4e7f6ff05
SHA512 bb8a582a573f1da3545925178f89616cb1652251723f1589a15be929ede18611798283718a42dba57cc41ac4a96b394622ef425ffae32050f54a3eddba2ed15a

memory/2816-657-0x000001E36EF70000-0x000001E36F46A000-memory.dmp

memory/2816-659-0x000001E36DCF0000-0x000001E36DD68000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\System.Data.SqlServerCe.dll

MD5 de710d68f76e076e161226836792c025
SHA1 e428220184ec752b7e1318481877139c3713e4be
SHA256 7f30232a69c65bb389ded22bdff2d19ecf6624561b9470757acde80b14e2fe4d
SHA512 66c09bfaf55d69195b5807bb148b5b7199926edfe13eb342a0943545c48c529302a7d56328319db4ca49645bebf64707e6a6cabe3aeeae975ba9206063245fac

memory/2816-662-0x000001E36DD70000-0x000001E36DD92000-memory.dmp

memory/2816-661-0x000001E36DE20000-0x000001E36DEC6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\EntityFramework.SqlServerCompact.dll

MD5 3d9c3a57e581ab7726cfad21abbd8d67
SHA1 21315e4fa45081d005272d14b3acbde585d37546
SHA256 f7f2bee4d299130a0fa749a86bf83925799ec2de4e8f8c4f8ff01bbedd53b9b9
SHA512 645d6f83ace042cdd5888dcc45a88b1bcfe5dc4f3dd7359e58fa9de53c8303facae46b4da61cc179d25dc32510d70242be546467fdc99509d306b54a2d8824ea

memory/2816-666-0x000001E36DF70000-0x000001E36E00C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\EntityFramework.SqlServer.dll

MD5 b9e43b7ac178bf49fc3c7c9de0f6e031
SHA1 4cc846edd69aac12e1889c1062c25eb30b57114f
SHA256 a1bf6c9e3820e83f43e9f20dd7d9b0a3362a93146f0afe0b1330185e2d51b0cb
SHA512 145d229ae1b95861cd573a157bbfa3233e7d6e0b290fb0251101536c45f1d8e3a0d4dd4986e789dc909586682abc6345e0d3f6de6fb9fa2f3b85cebcc797cde4

memory/2816-664-0x000001E36B920000-0x000001E36B96C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AMD64\Microsoft.VC90.CRT\msvcr90.dll

MD5 e4c2344e31d3c577fb2723c961069858
SHA1 572f0281081bbb7a87e491d32b4a29e2447cd75e
SHA256 4546eb9106e86e471caf0870acdd4d1fe34c2ad293f596fd55b82215b922ae14
SHA512 7f35d0f0bf6dcfb44a1cd7e07f95536010690722fd28d587450f158f87be0913f210b06efceb87d63bdaf4dad4ecc09a4cf7397f64c5284a36579a133cfd5ba1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\sqlceme40.dll

MD5 2463b0154dac9ebb5792be48dd9da715
SHA1 111e26d3741d7d6bb7c13186c99e859f65374e86
SHA256 9e4c6c6fc7eee4e1ce25aae114de3434b931202491c50498ab9847e57cc01d80
SHA512 dbe4aafd2bb03986792fb569a8eb5ba2101a9161c20612b455412dfa8d5507d3fdb2b0f5becc4f7874bd4ec8867e5da5ed674f22ec80db66778442a73f0232d7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\sqlceer40EN.dll

MD5 5b95f2033a574e491952daf40f19cdb2
SHA1 b824549e9cd1aaff10cadcc45e7a5ea289c42f8b
SHA256 b55993cd7098a4b107ba75b701dc90596ec2b30c4bee78c6a9bbb48f34ce62ab
SHA512 e68b8f77a3f8c5cb06735543029371d1d4712c2260748c2b219869ba1bad11c3a4538a2b088ce056be621808c499b1023fae05c6add876c0d55d84e7ff7543cd

memory/2816-674-0x000001E36E280000-0x000001E36E2A0000-memory.dmp

memory/2816-676-0x000001E36E2A0000-0x000001E36E2C6000-memory.dmp

memory/2816-675-0x000001E36E2E0000-0x000001E36E31A000-memory.dmp

memory/2816-667-0x000001E36DDA0000-0x000001E36DE1E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Newtonsoft.Json.dll

MD5 a6be9efdaa744e9947f4ee18de5423bd
SHA1 258e57ba953cfadf9fdb00c759e8152a6ae7d883
SHA256 6cc0cbcd5c4709c6a1c97f5581c347d93e586e7cc0d64bffb4d32c6e753476a4
SHA512 be94cb3d150a2066db44031ad81921813cb841786fa827fdb36fc09bf06bf48939ee71fffd2d76c5b805b59d6c0f9a3e2dc6927aeaf0b4ac062c92c9205f55b0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AMD64\sqlcese40.dll

MD5 b9855b76ef9cef229fcd56293e80efa4
SHA1 b605f3351cf7672e060bdf33e3a4519d2cd9c935
SHA256 69902ffb63494cfdea72192073a00755f3afd17be1b5512347a8ca05f16dfdf0
SHA512 4b629173919b3e1e865ff8a8cc9bb57ff746c90be458f5806d8fb55abbaee2fbae9c45463a4a88355f8719c0906b422951533d8f1c67cd3d2bc9370aaf41db2f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 8d4dc29f1b4e764ffd729ac5ee7c65fa
SHA1 6c8a7eb2d3519261f24758cf09a71701f3e7f3d0
SHA256 80650aa1edb75786a6f481ea720cdf180d8ddca281153e30614b799b1f23b74b
SHA512 c8ce6c5b3426ef8f07e11a6cdcfbed929ce6c7bfba142278dc32be52d71983e884a88e9304284f19f592ee1480039fb51fc7d0894ecc48ea0954e01673e28135

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AMD64\sqlceqp40.dll

MD5 af4e172abb526fa60d76f63bb8c6ed8b
SHA1 18f517803b1aea798813cadac07d2838b6345525
SHA256 7017da640e48baaca2b7fe60081437edbdade883327445633513d4eb6dc0208d
SHA512 ed6e6192dc91fe67a7245273642aede7f1b590271baa5acc7c1333ca1985f910bec31f664d19d02d6f1ee0360ee9f2cdad548bcc27a68fad4fff7e884a62b8c9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\APTAT.DeploymentCore.pdb

MD5 149926425af34888f96017abad2a5df7
SHA1 0d1de1cf456983e2ce4f4258f7817306ac195835
SHA256 855a63c706ec41e27ccb3ae5a163ec60982ee4ef75e8f333143916dbf804531b
SHA512 c21fb06754d8314c876f3b30c728348ba9c5f6eeeb396db1813ae537d317e07b94003850313ecafb361069664773e6810c55fb370846fb868f1f5ff4edb750bf

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 a1c26b66e6fe79c8b59a0ed7ffb31ed7
SHA1 c407314949d7d23453fe73f57d9cf3911a5eee97
SHA256 cc80cd11145b4f25bf850fe9c6beb25e499d972a9d9eeb4a9133e3ace0b27fa0
SHA512 a0a026694954abf4724f1579774442ff977ca56e79d5387ffe5d38c6d0a6cd001da3ecc2cf64174139fcf9a7e1bf5c3fe12f77ef39aabff4421e1caab603c096

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 ac4a3602d8f675e8bbdaa3d92a5c6389
SHA1 c98cf53c7ece2768a22f470c201c09ffff329574
SHA256 b1cb96aa6f40aba60d37ce198c826b7433d2f9a1f64fb3c546fc39ea22c92962
SHA512 da0984fa1f72249b516a91156732956c4e07453f2188eeb2f84c8897a829476169b0581fca39efce188b3759ef47a2fe7805e19ab33eec4ebe978287b799ee1b

memory/2816-764-0x000001E36F660000-0x000001E36F6D6000-memory.dmp

memory/2816-765-0x000001E36E200000-0x000001E36E21E000-memory.dmp

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\517efac85db7042e2b9ae54b76f4e58d_1237b9d7-f804-4a48-834e-966087ebd757

MD5 4f786152087be2421780544897125bbc
SHA1 1465783d441a6f6a81911d45a1a37717a67f75e1
SHA256 c7615ebd18ae705138de2779645a691e95be66508896269c01cd075faf8f2ff9
SHA512 5d74be14e8cf3b2b65aaee70c69502a528ae5a0a524bec6122b1ed44a7c1c53f64fe40edbc764908bbae8baffd732967ed1f5cf0ae508f9777ea7fe8a038f118

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 29315bbe6d0b38c3ca62db1914985cbe
SHA1 8882789e034af7e985442128f74b47a7efe27807
SHA256 222763d9a3fd5e5cc9a9b942a0390e5192c709895f9d1cfd2c40e564cc47fd81
SHA512 af29b1c72c40fd4b9a5a403bbfbd4adafbd754000dddb6c5ebe3b10f285b5fda423eb1c46b9cb3129a1b7151ff068f3db503ca76cc4415bb2b95076341912804

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 6d31e098aa0cc9b408a5f2f026a755f5
SHA1 910ee07c914efbfecf72fe9d3b5cbe619041367b
SHA256 d833245774ad464fa197963999ee9a71eb75d6cf028c7bcce37e73a96c2f1e62
SHA512 095032e26de79b557018e3d88f228e426e0ec5129a713e7091ac6381554c18034363326d893b071c75e08cf91343df9f72937e202b56ce294410cb9d9b5096b2

memory/2816-842-0x000001E36B980000-0x000001E36B988000-memory.dmp

memory/2816-843-0x000001E36B990000-0x000001E36B998000-memory.dmp

memory/2816-844-0x000001E36B9A0000-0x000001E36B9A8000-memory.dmp

memory/4464-847-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/2816-848-0x000001E36FDE0000-0x000001E36FFCE000-memory.dmp

memory/4464-857-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 078642e2e7e254f90956b6394e972e26
SHA1 c0c389fb4ef4a5d0c75ba4065acab61e85c24c0b
SHA256 9eebcc361a44f660710cea610f0cde8fded2ff60985b84baad2dede91ccd0fdb
SHA512 7ef3942b3d76e3e5dc7a5a211213d9017107ad308f88677deefeab13cbbc89a73d61c32b60ea7cecdca637f8da86f5396aef07b1140611770130515e83cb5b31

memory/4464-880-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff0d039d516de58f7b7041fadf43cae3
SHA1 9977bdc2e06fc81d0e6a64883e5b98f3310bd78e
SHA256 bbd4a47800e10376bc1432bd507a5d8f0ddb78031b1cb388b0a9884d80610f4c
SHA512 c0718f0ad2a9ed6e3a727550e92e58c61723eb2865f6c1151981a7a82d12d1337b51775fdd48207651faf4340af1fa8b9ce50284701556e0c6275ac767ee79e6

memory/4464-892-0x0000000000400000-0x00000000008B5000-memory.dmp

memory/2816-893-0x000001E36F870000-0x000001E36F9F8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d0dbe8583fbb8864c13ad19a3c40912f
SHA1 26360329fe6739747fa6640be635666832d7ef06
SHA256 611385b2616f48b204df6938b53659692efceb7efa24758192c84ff26f983211
SHA512 1cd78d670a7a180050e24cfe296de0eee6fe77038349fd9e71d9a7cfaea9b7e4b0a0790566e7af5502be40e00de3a7f10b7cef7c7b28af9b2b8061c7a50bd5d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac4b8e2cd4853c44c300942bdb552b3f
SHA1 0859bb0a77241b3e7903dc27a3cb88a715a08ecf
SHA256 982f21b5594e97eeb04382257e9dff1dee6c62a95f6edc8a5631a85514a2222e
SHA512 16966c0e0b72a1b81f56624a250b8b818e32ff1b8b1b1503fcf1fa58a034dcc0857a7c4c27db4835ad6c37db74e5ea12e1e21d812b09d54821ab82790f2aa7f9

memory/4464-950-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 186e03465bef3bedb5778f6975bf899c
SHA1 ac7101c1838de72f9bc8de4e53f8178a78325271
SHA256 e19750fa37ed55ed8f0da19efb5ac8839c4ea6cc11919baff57861206a9511c0
SHA512 3fc3827fae01bc58dbe9576e2e9e00fac9cb1c764e80f650480cb6ace9efe494e0a1c11827943b7c67651dd84e831f696134acc0b0cedb2749c2baf29bfa7860

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 98094a9f31f894a75c8f9ae0bb630ef0
SHA1 8b6f16f32bd5313719b01edb2db47951c19e8bca
SHA256 d86c7e2205761826a8ff57f67b091ddc8236e2d764211a648fe1f7fb5ffb6253
SHA512 227f1f9dedd0ff319fdaa324f07ad22e07015be4b47004a35b1af4676550f8959f19d492e10b663d45ba65014b078c80d9218bb40fcdfd219b3f7ee3b7e217d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d32d4a92ed09c8cef176a249c23541f3
SHA1 cea36b1945f85e89bda5132798edb742fb055e44
SHA256 3c8a6d6226dc63922bba6fe8a8f611b62a74416a75e3a4bebaae7364398dad9d
SHA512 fcb7c6c0a4ae804f6b3b5375132797fd8185a59813d019ab6c7bd8c13f46aea6b1fb5aa9f7853411e333c537ed2cf6d637f893a4cbd986a6a88995d26738f4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 789a00fffa6e6071a6c2e25e5bebc6be
SHA1 68205b1d4a19ef0be02c0cbd79dfe137e6e48742
SHA256 f2044f98c0be84abf34e1c25fc14b5971f6876157f4a22c03972c7851affcfeb
SHA512 d0b6313f151099d3090dbf163dc108606e18e758e6b7371b28b4cee753f471cd538feb75c7c810bc50b7c0b4f5104a176f0d333f3b0712b4ed4a18d14eeffd9c

memory/4464-1026-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 016314d909916a998fe5c00808a16c0f
SHA1 1df35df215afeac186ac87cb85b5c6caaee44541
SHA256 eeb729961d177d003299364d4e0c616684145ad52eec2b9ca40705846defa4b6
SHA512 a627d5a3a16154810eb579e029251d3de4e9735cf1a2664664e15efef7dce74cae62432828b346114fa0b83f6cdf00c033c26dcb039e105b941c483912b80f48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff126ec31d027c7bd997fc602dfb869a
SHA1 0aaf57f8d35740adf48af4880de90f05d0566cbb
SHA256 613cba61e439c676c0cbb0ad072bdc9630264116cc1c39fdba194245dab8c651
SHA512 e46cdc269bfc11fc64a3f8eab2b0cc0706934ae9613d1024c94d019ac35bdd6491d6e76b01742f74cc5727817a56af1977118be24ca7c9b9b8c3065081f5fff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ad3724fe48393fbd7d759a48fc7dfd75
SHA1 3c759b672a73bf565937c0fd8a23c2ca4678c4b7
SHA256 6cc141606879e0834f3994b19d82bbd6cacd75d5c8a11323b90fe708905b7a68
SHA512 c2636f5bd21aee6a54838b4541f1de695952ea1b75677b9000b4750dd899009b024d6f21602cc4d2d4b679ae7288f03f80643423c1aac80c61c2d1298bd43fb5

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\unhackme.log

MD5 3c54acffe4b0f144d057aebec0a773e2
SHA1 e9a0ab8240803d74df9f5112e38faab74e372cf9
SHA256 4e5741f6b0b163fbdd5f763de536a386e4029a1a4c005d633bf8e87c6f4e436f
SHA512 2f72b854ef1a41bb5bed0794a5ca68d7ced56f08f0069c670f3b57e38de01967e3ea0a840d0ec51a4a57aed41606b2afc446c06f4c36924b8eeb160333e1ade4

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\unhackme.log

MD5 72dd31d5d7590ed46c79a7dcb74f828e
SHA1 acfb710b2839850077beb44af53b96f389016159
SHA256 5b02f2e8c392de2dd281096f77acd9da3b5daabe00684621a438346b8d56e531
SHA512 ce249a87f3b126082d1368f1d37a773690758312be3e10f76add79d058d132992ae26455b3cdf6174eac63cb21ffac9b036b5b776129f41cae06514f5c18d2c9

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\unhackme.log

MD5 5610c88d04b6b27529c698719f985f61
SHA1 b6718726b9f3981e3c9ed5e74350819f85bfcc97
SHA256 eb996042c49fa54cc7fadb5cdd58021533376ba29edf175c5b119ed9ddbd61db
SHA512 2f5883492afd9394b0e14f7e06d3a8ed9bb916d7ccc9bbfa6e907903a0fb3590c56a688749ba39754e9513276042e0b02ae64e2ff11b606f0c076a13f4685b31

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\wu.log

MD5 baf9068080bb209dd7e8145d156696fc
SHA1 e0608b57a5ebb85d20d51b730cb3b9a936650ef5
SHA256 427dd585b878b9a556bfc14edd32a97441756408f6cb2c86b7f0285de8e54db0
SHA512 0c591cfde755fa67582d5f24525fcf5a785c1b1022dae956d5cca19f91f016deda2fe7f9ea7d4b6e01398cf33f5d4b3a05e38096baffe7c84fa0ddb7bd7864be

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\dbs.ini

MD5 f80d87797cc79d84b56d0cf0a171dae6
SHA1 1ac7ee9db795cd0c0e6bd00df404c2f41966bbcb
SHA256 20a5a25f74b037b6e3a2966b288320350fce210eee20c56a345c91ddce8b6d9d
SHA512 24ef830e306d51909dfcbc5e98c9b39259dae216709e1ed768e15802246802e059e98f99a2abaed6ce1af7903104632dfae4157c4bc395eaf6796234b96847fc

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\dbs.zip

MD5 ebf46c652ff1b68e82145e8503bb47ec
SHA1 899a6f2e7a726f6e005ed0363fc3917c2934e542
SHA256 355c191b0c49d592dd409cda1bcffa59cb430b7cdd01f7df948374da0303806d
SHA512 4b65ab9da76eea9d0a7c971c661bd1dbc2a877c52debdb43dbc40c3da77e97c56e051ed88115bb36216bb30e674e57c1ae7401753fa9920a3d53053a84b33db0

C:\Users\Admin\Downloads\Unhackme 16-20240603T183801Z-001\Unhackme 16\dbs.db

MD5 c6470c526b746c0bc54d9b371253ecc0
SHA1 f7f0bf326ecaa10c00b2a75fc76be3c4d48e7019
SHA256 d7e649254ed693f3028b2e4d87e4e9537eac12b4a50ff4c66edf209797ba3812
SHA512 917d5a9749e82a19ec49f3c6d8f82add49300b2da1a81533a8ff757163b7e5ec691814044330344699af8d0d45962d2c2134638ac2f302dbfc191e181ee85705

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 953f97cfdd0a2313c76a79917fb1a7ac
SHA1 d12a8bf5894d4aa73f5e7c8058a931856d0e6773
SHA256 94aea4763a88105c56df958b92a419f4da255aa0fe2db2c6a933207bdeb9b909
SHA512 5eadbd74efb7378a6417ca499d2d89718b1ce6528604f33899a57c6680a47c64c09373dc5823879ef9526dc33ac7e7d417410f3db526631c4bd165fc8bb3b07e

C:\Users\Admin\AppData\Local\UnHackMe\rr2log.txt

MD5 f5787c4690f907be400fc988c52f653e
SHA1 d9b1af8e1a22268da192eeff6c354b32cebcfc22
SHA256 b758c750c8cdd370a2aebdefd8a4481ae5038500f4b63ff21c306b4d46b8ce79
SHA512 f3cc3b3d10a64c093c40f99ee8a8d11788cdc2e12b10e54ddcdbbced2b058dc77e88f645c662da907e0bb15ce86aa2d2e0a8645fa0ffbf79f13289841412d23d

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 ffd8be925e1d0d2a8337ca083808215c
SHA1 d96b0eddc1974ebd3e814c30c69f596d1802ed8c
SHA256 030a9f89f481c6ba6b3f9f724844bdfbfbd987fb3481bcaffe89fe1f0aceb5b8
SHA512 741969990520feeef20a43a7532db0fdf927b78c739d7f619c6ad6bcdf6a6bc6da0bde1b13f0a64b91ccd8ff1a163d512c32b767c0bcbe211050e279af9dae8a

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 1a1fb5f7ff2ce481c3f9f0fbd3dfaf33
SHA1 3b628b6035a5e6a76c19f2825907e9952a55025f
SHA256 93c77c6e9b8e5c1803b9c88e205756311c4ca9b46d7e6de86158733ba210b7a2
SHA512 c63b83e430f4466e7e17086c0bfbf6420b05fbb8cbe6bb93bce38c8bafe34a92417a5d5886eaf02fc0d165ea63c01efb5a1f745901030364f5761ce71de6672b

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 16270d7df5f5dee43ca22fe72dd26310
SHA1 77d9f3962934d6ffc027cbaed699615234bcd72d
SHA256 4beb468d338cdac481e3767e33abe9649b51f5c327dc1f72dbcb1b1ea1cd917b
SHA512 02750cc6e01597621f7a3c728edf5750390cbb5b53319aaa48257ca20cc1818aaa2b509e66074f846abc759f4f4c6ad364e0283322f521d8f5ae75a06f9ec51a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 a198e00c03212e8d266f4ca98edb21e0
SHA1 7173505cda75059d6f88fb48144d38248b4be1b6
SHA256 c365bbd86bf2cc04e34d0cbb7b32eb14ba13c718551c06b0b10f9deda69d3b41
SHA512 2f180210e81509d692ccfe9ee01feac944073a612bf7f0f54e160005597d0cd19dbf0e06ac1866e8908b2e94ef0455d623545ed6f5e2e57d39380f38966aca78

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 425cac609c1483aab029abe8a8f1703f
SHA1 86fdd2b6e0e8aa45492ea66b8d5ba8ac70a780b4
SHA256 ecc642b6d8bb8e32e207d2768353da0b1542774a040de16424604b0c26f6e159
SHA512 b4b5f0ef428b449bb83dea0be8b22539994755445bf5beb3a0bf75f0d688d1494eb2902d3b9ee10e43d00141eddecd1d240cda726a82d4dbb9d60ef0fec79f77

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 0defa6879f830ea87bb58de1f660fa00
SHA1 f21824a809868fd75adf14dd737e2add9f348632
SHA256 a3c6ae6e60922df8a6895494c71741d17ffce251ecf700f2326e6f7523792801
SHA512 59e77e0d14bb0cbede456aeb12364ae3caca4084ab8a00223ed920301cf4cbb474c6199b488b7556c082dfa7e10128fad7ae7bc01608a5e0bde783ce61c184b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 f6ef63e6320f381fbd2f3e89fabe4ff0
SHA1 35d1a8609a3d329ad702809a493cdf4c7b15cc11
SHA256 2a4e8c87dacdb96b3e04e099e5bfe6f7c980e06af81ae0f4c969746cc0b7df86
SHA512 6ec2b39e5a7cf8abee6d6d1817b68a03993b734c404b0af6aba557ee308fcdad57642d91e2e5bea0db4ce4b82261f3bee51a2c502ab625c3c2fc0e9909f18a3a

memory/2816-1761-0x000001E3715D0000-0x000001E371AF8000-memory.dmp

C:\Users\Admin\AppData\Local\UnHackMe\rr2log.txt

MD5 4c0ceed4fdf8e51f95c98b3d945036af
SHA1 5c01b171fb2d37af9baa0d5b136361f99a6d5315
SHA256 aa41d21200c26d7d445ef9091a2b8cc2543a4e7c1e25c3fbc9b787e4af665bda
SHA512 4ef5802c13b9bc1997f603c821de9f7e5384b2e15e4e405de59398c018fc252ffa4c00f44e5a1ab437cc735be39f1724b872b0e080a49b13746788f78158ee86

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 03011d46915353ed3decfce4cc43697f
SHA1 04702d917962e583e5b02e21a65f6852b3c22d81
SHA256 95ef96adaa5bf99a1daea55e8d63b5773eea4c3cf1b0a45a526cbe3bd694a73a
SHA512 9f7899a4a83a907dd132463ce7a78c18ceab7e5fecc493ed16fb536355df74fda1a4c6f2f35aa299332cd6d4064ba89fa713b6ac5d385e3f8d4bc565dbdf1818

C:\Users\Admin\AppData\Local\UnHackMe\rr2log.txt

MD5 2d2081cf4cdbe1646eca053ce95b7315
SHA1 76337bb69822a22738d8035caca4b5aea6721b1f
SHA256 e001da74daa88a50caf3b1a9bdaec367985474ca38c1b04ea7f51ad224c7fcf8
SHA512 b158401bcf849b0bddfd71fb4b4551624b86c3fac19f0809b50b766cd264ccef8a54018699959aa48268a565b37176c3caca70d02616e1f27fbe8e203d218e73

memory/2816-2047-0x000001E371270000-0x000001E371432000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 b627d1b98d87e0c7c28d2cd9e855f806
SHA1 2d3393cb1e0fb84bec0e9f3ba7117b5a95c0453b
SHA256 f2388d2bd7f81badf24a9a9d15f5bf0ebf0f6f36180a6ae7ad5fe8acb547eae2
SHA512 e76ace0c779b4a08b92dfbfc717a3d028d681017c0203c88102a300e134d5deb92774d030fc13466e76bae01d836fdef622da8bc8925544077162a3a11af7764

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 f679711ca03853061ebc1a2e0642b991
SHA1 38468d43a6553a2aa481b4a4b093e3afd6a2d291
SHA256 7bdfa5ebda6f5f88026857789567ddee08bbd2935598cab61749314098a79af7
SHA512 c81bf46f2e161e765cd7cf729c5f8e42058e62285b71a3d3dcded2ee887a5012f459cbb0db16389418da5ce3e1bfc67156e1c13cac080a288b9f553db1efae63

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 69fb0d39bf858af6365abc90d0e640ed
SHA1 3b569e96399590a045f8cc030ea797205208010b
SHA256 8eff89c2c3244e27ad216d748a18aeabaadbd0840aff2da1eda579eba00ff55b
SHA512 9f880cccf82ad44b5755a5bdeb09cf831961c256d968ec3180933a9e4e4d3b7e179acbe5e649db92786afb66f2b8c5c3c695b1ed8a05f284a46490986c6dbd56

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 73f5ae1bb8803ff34e24440cbd8b5664
SHA1 bd964634e2c0788375ad837e8ece7f05b7f968d6
SHA256 067db0bf97a5b44adeae1f882113aed2ac6daaf6fc5690b501fec492e391af8d
SHA512 7124e307ca4afd22e0c99579b81faffe3dbc72b2fdf3c5e15e23f4ecc8aea93934d3daeb36bc622f152cd9b905d9e7d318dffac184fcccd9c68c27ccc83679f4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 2a8584c4042c2ddacbf678379e19243f
SHA1 ef897948e1b14898dbde19fea07e4eeced8bbce0
SHA256 ecb03bd3e121364f89954978bb9e13937508ea58ca1d5bf226bb6219b35ae01f
SHA512 8c61dc2d9688e4ad38415a2c0d1b4686b1300ae5cca4a67f62dc22a0a2fe4b12e91e5623cf016844dc8d8ab096f3ff8785a59fd737f5011695e40c9a41a0e808

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 f977f09ae94a8da3875f5ce3587b57f4
SHA1 3532559794fde7347a1b127ec4538be0068433f9
SHA256 23ca6547322ca07ef32e3f0d4f9bd39ebdf41e2d217695df30b7267577ca15f4
SHA512 81d807c5740fae6157cfc8b8fb05b042dbc7a716b8859f7a8125f01b28db008589d89215a88307ed515a02559ad984ea3bdc3defc5c20f361b84099538c7a9f5

C:\Users\Admin\AppData\Local\UnHackMe\rr2log.txt

MD5 26a4f5bab70ff02d3804882f5608f32a
SHA1 e185226d54f7efe115274fe86049418da39aa2e5
SHA256 7d81c0ef13c279b08266c6f548b87bbb8cb97ba529291ce6ef18983bb79de8ec
SHA512 ef152797a3731089f0a538016db695ca9f7c25f3f1ccb02cfeb8ab21eda3f4c9d6971033f4bfbe025ecd4f774c1c15caf16f673527d841e79c0348d9af868157

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 b6f0fbd04e6a4d6cb533e7b61fc7337b
SHA1 948b2e2315f7a701a510f4ede84b2f5a47422523
SHA256 6d2975d3d2d7015331f3cf8bca1cde7b32735499644b153100444250c959c6cd
SHA512 28e71295778f469ede1f62a676f3c5c8293f6f7658438debd200215be3130f924ad641cdc62d5518d5273a80736726665c88e9f9f61a8a959d59d985f956b6f5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 66168bf9a65ed66faf509e2ab8303de9
SHA1 930f8656b4db88e4a727b02f038016ae59cf3d09
SHA256 5cbcf0b4f48258728dbca83d3bf477a6547ef1f125d4e544300afaf5789bf039
SHA512 c130c4b2a6302b50e5fcb8056b1c069c6919efa589240135be8ab747adec9d23c8b103510a5b589e5146fd33f5b021d432daa6a4a44882137de01adbd3961dae

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 d34450a8233e1c515c9c254cfb47cd1f
SHA1 c9daea9805c0b268bb5e66e58e600d24a31ce0f1
SHA256 34a4ab3b3624b4d7c316996381cbd31753cdb6432409dd0cf6e59af52861803c
SHA512 9f172692f38a1bbcbe9efe5ad778c66264afed760662e1c570c2f1633ba649bd32710261d3b442df6ffc3cf644ff0c76dff8c81b4eec9c88c7919364ba9d3183

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 b7e60aed169ba96eb476b85ed55b8701
SHA1 e166cce0622f69914c3ab188017754b4722b5502
SHA256 d8118d2e36c253d44f7ee90b493e2169293c24cd3ad85e038920a1c7096d1bfb
SHA512 82f52c2b055fd141525ac12c82ae94783718d5364336123da4e27ae26bd7c2c4fed965a8c92247f443bcfd9f5ff701bf48b4a5401dde45d47ad8b8dd929988c3

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 768a55e0ada09f476e45163713cf593a
SHA1 e727bf0e3b2b292cad9230383338a3a9d6e95d88
SHA256 289bbb23864f6f5e837a06d1bbeab0da513847d34f65357992b6e2e4ba52f8a0
SHA512 4e89d99b6b54ad8d27f3472a71af94b269ea436121b80fbdaf748f42392920cb80cc87f5531b7e9c09974e85f35b48c0662fc9899de604ea60fbbf4b2a9dd42b

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 d4c605f6e906dffa5cf8f6adf7ae8b3c
SHA1 d7506502f0bc733a20e37790224ed89900f282ba
SHA256 d1d779963ac9affef7001c6f919ba51dd57ea8cfbd42460a8f6d659a496955e9
SHA512 ddbe6d19d2330b7383168e603288f0a5237a48f52122473f93dc9eecd87cdfef18b4252d3b2cbbe7d26167262f2f09d7f9148085a5da1827936fd4aee3b3f9ca

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 7d934300484805a5d710e40a1cc511a2
SHA1 f6ab6dba6bf880788b8e382a5de8aeb373d0c229
SHA256 d4e640162aff7d04f8963956538de6dc5d469fba6d2b3f641e7e8ad6c9bd90b4
SHA512 e9535c8e875cb6a1532deeef4ff4188a4f3841eea182a57a07474ab72486f6a6d31b67283d2702053cffaadfab1064dac4647fb79e0d1d209769a1ab33ffb73a

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 9898471400c0855de4fc50048cd543bb
SHA1 5eab1739b0031ae332bca3588e603c1a7d794bdc
SHA256 6d7e832f633c12498bbde896b95b061f8f968488f6de21eb98b3f276daade9be
SHA512 97a551a073f1d6d1d1b94ff27e73888aeae124cbd8d79a3ee0eb1536ceed5fe2d307eb79a420c7daab2f35cdc450ad0475de4f7b64db9281ed79731430e2c567

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 94fbbe9e50d49714dfb1d3eb8ccb2366
SHA1 aeaa1a4d58dc1c80fcd6c406deb88e7c52a98439
SHA256 bcb8ef466372ebbd4cf177d1c99a868e9ccf1f9c3ad06e2efb5d2cae4784d560
SHA512 b285661f181c183c44fd7979053c949b728f3b06ce0f37936ec31b1e9b1bc68cb756b07872b403d3873529b3b802fc4d3ac8494b156048d1d8a8b353361738a0

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 e181dbc2da71dceede8056441f598a1e
SHA1 452b782e67f89a210e42e5756cac192cd9198022
SHA256 87979103e939ae8cf8df90984732eba05a7361f92a1109888bd71eca21d5f709
SHA512 c2fd9771c3ef95ebd8ed69e4d676a4ba58a0213ece5621eb386a859fbbb03e44eb9370d70f64fae34223707b59b7df29b3a21972b588160d81733fa478429eac

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 59ccbf5f82665ad9d1e11e5c9879cd5e
SHA1 6462ff59d8c422698d9bdcf25559b235327f1876
SHA256 d82755d7501a3bd7f4f67d8b784fab684f492460d817a139b32e61ead24fb678
SHA512 e29ce24bf24cb59f4ebb1d5541bcb81e820700533e1c06e63e8c638695e4df0a3fc434331450983216ffd63aadaff7d47bac0352bc9a88cf1f749fab580d9c8c

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 813586a5a5acfcc050660de6aac0f309
SHA1 f055d29403f38ff8d4ebd0fc7119a3a66d9555bf
SHA256 10f97fd88cdaea0e94127421a0f2333d9e661754c9af2e0bcd860a8e651882a6
SHA512 119ed85a7ecca5c848c60a10fc9b61532f65a4439fa8bc244045a21d9e29c785ac4e18ae501e156cf0d9907d8c44933a7ca366208b85e1a0774b06f3d5596de9

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 7485b0746f8f707992e3b35a842995b5
SHA1 483b2c3b9b4e4749b8344e7991f5fbfce2623043
SHA256 1d904b95f8b36d4e2c4ea2b903c6c56b5af8ac96dcdfd628d21bf4f83178fe92
SHA512 cd79d28b7ff15e632285339dd97898fd973cd97ad19948425c29c252f81c0c7dcc9ae789372e80c81b0ef8e25162dd5ac1333c0e80723c4a0bfde52065a2805b

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 2185e2c9522f7c1089b90c146c8c8949
SHA1 8316b3c7943267737abbb5cd3fb88afea4db2095
SHA256 b71d2df992c0f6a8e37b11c35eba0887ea261cbf1427312333cba373c6bc3ebc
SHA512 2d132cd47152c985aeebcefff1dbbdb6e67eea369e2031992579403845409d16abfb8db11d77725c6659acc6a7e102d26c8d82627a79d7e44ebec771a3dcebc9

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 2d5e535d665c177a835345ecd11377b8
SHA1 a6591804292854ebebda83d0c3e7598ace59a418
SHA256 9fa77198536b84dca90837f37c2eef839e63ff199475533a89577c375a24c9b7
SHA512 656f7f1a336883044f7ddd64a28e599e6359e963f15b1379a4624bcc8965b5ba97bf31ada85d5a665ce788490184320e19be25cea770d28ba56719c299f14fa0

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 d0ebfd92f7d91c1ab038593c2fd89162
SHA1 f8a5d5691300646e8f4961d961fdc99186267ede
SHA256 68d8038f5c609410ff0675ab4c48a4fde43a5347392ae0731fc1dd46ce4eb229
SHA512 c8885b92a57bfe0289fa8c3ee779dfe529baa93515f7ff9f910571b2cc0e09806a0b3ca3b2af2418a0b1f9098d45aa789ad6fb246b70f1227edc40185c35b70b

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 193b36a39b41b84974cd06a58c09b62f
SHA1 67c473d4a11af847fefc2fb97a5eabe0860574c8
SHA256 c0d9b0c722b81c294f5d191fa271ba3e27ac154970f72ff5637e1c9e67a5126d
SHA512 da61843f91a40eed37d8cdcef1ef4695fd87e4b973d3ecebd894afd76859358202498dcd6f439da5b4ae6ecf49f99246f9e2a693305fd2beec2ea9f3d6d81493

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 4f20be63095d3e7b1bcf0fbf37ae4bb5
SHA1 d143fa974e1ff1a41cc33467b4928b6c52991e9c
SHA256 14c8b2f7dd63a91aef3df20bd95c41c9614e29815af2f76e143353b6fac67a03
SHA512 419ba85ac89cabb92b03a0ac2121869d187b37b59f1ae48689fee2776fe2288756eb42e2e3b97a1dabf8c3799bd28b931e96b57d57c35576ab32f98badf0c57a

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 3e57fb8a4a66b91ffddacce1dfcd25d3
SHA1 cb1e244e2902ae727ee7941989b879d5bcba3b3c
SHA256 48ab996ac56e4de19c58156a26144df5f00b37abf9091e6a47891709e4264bcd
SHA512 3165d6a66952866ecaf3edaaa4ef28ebe469f7348e4b01f7f55975e99260b1af1c9763ef1719d46e2846c1bb6fa49ff7166655af6a809402f626a878413d346d

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 487f835d50f0ab2d06a794b34bb896be
SHA1 4689ed3d0c5d3b50c6999e0824971e0650642420
SHA256 21711cc810ffc5adf41bc182cffa6c19affe5d0e6e21ac5153492bd43a114f07
SHA512 b2263c20ca2a3bd839bd02b41f23d1e30a73bc52de331a8c50189a664ba19c13e3983b3465ff814bffa07a25054c2a560e01d8c588a8f369b6b10072d3dee95f

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\A217C683499597E218CA6DEC9D2F0CDB.ico

MD5 09a4fceb45042104c106c72eddd31509
SHA1 2179e7925b4c79a3a202ac829d08192f946d5384
SHA256 ef03c05005a229a1ae3af029d807337d1459a1cb82e668b11aecd349ecd09460
SHA512 e7bc8f497bd327066aeef4ce8764860921a2380ad1e1066d024ca34e91d9853d14f6202a975528171db7a1088a3fe21de6106f5584e979fc07caec482b4d3f43

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 c9cdb52fcbb4e56a522a05bc97bd29d0
SHA1 89c09a5be1acbd4d03b9c798b0ca055968d72c4d
SHA256 83ded1fe9054e4fc9c1bd239f8bacae1c932a0657c18bc5b94acd91df42ff2f0
SHA512 4a081a1cb44865d9a5342841cc83e8ffee717980dd886548b4e29285d7aad28a26567d85915695ebe1b31aa12783575f80d72eb3a3e96cbae25839a2a51cb495

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 0b7f672d0ba03e98367055bfb007f83c
SHA1 c639275f0e53ef13ea574c35035b7c67cc94b0d0
SHA256 b576193621fc9e546fd8bbad1c3eb4cf2ea13b132772a7735772fef0de27caa6
SHA512 7055d6a709bfc1027e924ae1bb0bc343dbd320556ef016795728cf5a035c8bb1be3d39efc3d67910519048e87b110954d891863de656412da7b0361dcf9e35eb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 46f63a9daa4a9a951952c0443eb77f21
SHA1 c50d8e8aae2e9cedf832d292c88714791720677d
SHA256 816669652d9ec1c839d0e3eafe57199420555ede727eab036b3f77ca1cf950e0
SHA512 89d688b59aad3329bd5ef36728f548526929d15571488d1590a2b15ee85004ad4153ed26ae8305053d949d71e6614e1fb7de827926b707fabdc760c2c1153196

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 e47b31edefbc82801339ec93e00c9504
SHA1 f41fe2e22d1d53baec223d984691428bd42fbf21
SHA256 c703b38d0418ae0edc1177929689f9b14b78983430bae8956d2d6926f0ee7c7f
SHA512 842acfb9b87288dcd7218344be3a28c4386100cb1ec6c2e75a91f967587d8924b8ea3d072970f6c8782f6ece2756c0b1f703f610edba2e33d9bc9073ddfc350b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 95bffb91b574325cd6844a41f9533d60
SHA1 86ecc5eba2c7a57a8babb72c55bcbe927a546e2d
SHA256 69cc671b7e9aea42db9e08cf5cbf1ab1c21798bbf7186e38548022edfb77f1c1
SHA512 fee2f69ca1faf2f2b0ccd5827cfcf06963eefa370408dfa88f062ed10b3602ad22f14b231d9b859acd274ab60b0c87f19d3791096a1816730e58ea8ee2dfd9c7

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\615AF52EEE25F23FF040E99AB6CFADCF.ico

MD5 83f5e2ee28aa4f06fe26afbf26fc46d2
SHA1 623bc6d58cb32a1c386f9312ddb120ae9be2e683
SHA256 e8045f75ed323108fd6f9ba54c208b4dcabbff1ca782f9c96e41bca52f8b0aae
SHA512 ddadeae3f8835aefede5cdbb598fe7d368dfed48316be81f66797ec514b184eaa5c02f8291f14c5ddb2f1cfd65cf609ff114bc871b8b12f3b2fc85d74a6853a5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 fc50ae74a9cc782afd66a7b9ee1b1c30
SHA1 a8b0bf8877ee4ed28d5c9c7a86419acc48453a76
SHA256 b5eedb612966739e5a3fc5e6551d35a6edc894a3acc04ae2a630262ce345cfa1
SHA512 82239320da0b2ab0d4de26e833c53e208c7835baa9e82d4743a906963defe7f45d437d2f540467d0a4182c3d80fda186b617180ab3226bb58092bd258fead7d6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf

MD5 e2a96b6117474f43b697567f9195f50a
SHA1 f79cfcd6319e728ed8737d40343fb4378431b6ed
SHA256 ac8c50570d489a35b1cf146537bc6555e62f1205c87e3521c5f002208b73f818
SHA512 216c74d41b952a68bf91291f55c05a1dd8b32bac104f8402fc95a8113c85a410b0ae29c5dd238e3636dc0f5a40aea85e7e2adacde6018c1e8a585a6c47794831

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\051C9E07F650AEABEC55E624287A8206.ico

MD5 39bf78aacc9ebfa31905afea2a17f555
SHA1 fae647beccabbaad716bb7db3c69f997188f943d
SHA256 69596e3646ce3281e2848897ac55b3f2198768bda7c1c777cdf102eeb8b3955f
SHA512 4e448a25aa1fbf4ac2dfb68e21c4c96a48feef797eb7728ce6239af2cceb0f0e73f6d154939fd04e0d4781e95049e22eb6db926c025fa3a9382a89d078a9d889

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\3602B72E7195508CFADDEED91BD50CF5.ico

MD5 88ff69c3dc333a8a61226d1a32667875
SHA1 c98d4fcda9c100d8ebb5da256836d9393e94454a
SHA256 d8714d0511ff74dc3452e51158edbe2fc020940fbe9898d901fe13d34cab1a92
SHA512 eb01ced74f2b32bbce537c2186f56917f5b6fd1666b8e4d7fa9b8840de9202b806b442ec7fba868d7b9ca250b45b8593ef89780f8ffdf83a59f9555eec8e6639

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\82947DC49FBBFE83A4B3EB4F30E5C8BD.ico

MD5 531c39d1070385b20e673d4fe7d5bb8b
SHA1 bec61d0205e6d80784be510500adda6e28792f9f
SHA256 eaec4e4155c33ec0a302c367248c0f6923a294f3672144f4b3db5810d890bc25
SHA512 52ca01e31492d1419257ed8383c538cbed7d58ba18cfa56d96657203b8314ab5a6c77598adf7b197404260791993feb80a887934bf23128a1922e312588bcb45

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\3B324857BA92BF8FEA469E902E9C8A8C.ico

MD5 f6df327668fc60d782b6d02c482bdcd5
SHA1 df7f936e09ad02d7be6b2a3ec75f8c5578add8c6
SHA256 7be3b185c74904cf9da94e3dbf760316e39e2a7727d97e8f1ac7faaa1f8ada98
SHA512 4490f54986b69fdd639dac60cee3f0bd32b9d1e33cbb987ea60226c94f9c4b6cb884423e0cd188ecc0220bab25acc7ec6cf7ddef412ccd2acef9ccda73b5df9f

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\00063BB847EDED73D6009BEF93BD2D92.ico

MD5 48869801a3a95c96331e4e6075a15219
SHA1 878accf96d6016ad72d75502ffcf49e7731e32cf
SHA256 af63fe4a7871b851f23bbcf3302c696027eb7cd59aa44b2e61e28607b41c539b
SHA512 04cbf9957b189a063788fe3178b7777f895dd41ccec1297dd8777b7a87d4b22f359ac573d10de79ee597725f9b95b7febdb35b43af8f0090a8507305b0c79d27

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\5F1045D2A4F62C9645EEAA5C4B3CFAFF.ico

MD5 fc325fe9af020c93e6404a22f081ab7c
SHA1 fa72a728f66255b2b996cf72064aa3b499988564
SHA256 a50702147991c6c110e5454cad76f77a991ea624306f10f871d4ac87871be8cc
SHA512 5cb63232df76782f96307cad53cb03be96d07b633d2e15246db7c8ee7fa298d28c450ed3a89b06657bc3317bbf598c52d42daefccbead734a72be7909d9ee8cc

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\DF04F7C48388E3B8EE69AE5FCC8C4A42.ico

MD5 4e13a1c127d20d9430361c4921606bb2
SHA1 6bfa1433ac2a72da440392906477845cd4f66685
SHA256 c7a41be0e4352830766b88bf2efb20be30d22819d95cbe35208fbc019e296c39
SHA512 5bd91d8de75623f167ffd93fb8ff5f371e9c80ec2370e5694536eca18e1112056778223d2f55ccac5942254a9efa95e7484b985d57ae09d0d0e0f1134bcb1d14

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 cc5c3bb0d96091e56aa09338f52d5514
SHA1 18df8940c44fc55991e872a752bb95e021402897
SHA256 68246b085e2e728070fcd54c6c16b4e5bc7016267d2b07fd7d7ac29ebfdf1925
SHA512 18e0dabb0508d1bdd0ab0d68022f9963cf8751907829aebbae61fb42165ef7513bcc9ad0e5c48757bdbbbcee517c81e3d10334d8a7b63d7ff1f61b3d07ecce3d

memory/4464-6125-0x0000000000400000-0x00000000008B5000-memory.dmp

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 fc24f3ab7b39c5f487ec5c32212025e9
SHA1 7a9c7bd86aff77f29b354ef93b3020f053cf417b
SHA256 b4118fc39236f063a48b8e99e542e83bf8499756af69fb10cc1c1e6b9d39e7bc
SHA512 b22f06a37e31bed01e8fd0f7d49426235bf644a55a94fd26b0c8c5bb9f9558614e8b0f12ac80bbe019f1439fdecbfc90f7409f908147c2db232c1fe753e3f7dd

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 9792f156c0ad3af530e540f9378833d4
SHA1 4ea9ab8a23520096950817721ac77acc47362695
SHA256 36912b7de3728cdcefe0d2d641684d9bec9bcb1a47909f3acc51f81495fcda20
SHA512 6455da21fcea96e93abf49ead1e611feaa66ca51bbb2e9a2fbdf632d9281835a241cef370b5ba3a2f06f1f2b0e6ea2b367560f5bb27630b76af471a4451908d7

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 b583188fb4c20974ec2ac4d2ce26cd05
SHA1 5f0d05717ab87b54abf781c9482c6e722c98e9d2
SHA256 c34ff0ca7f6c2dfbd9069a0fb6db87afbd79825443fd087e933a449aa223bf18
SHA512 a6437f1b177b4570529552859e4a0423021ffd51918b59063613971b7c34f7315817cb03b8f0f585a9110d2cacce28d8ccc637165a3e52fb52187b30aef1832c

C:\Windows\SysWOW64\Partizan.RRI

MD5 a30ab70193304d4659bfe9c9a273619d
SHA1 e2f11f055be60caa56a2e350a6ab3603711e5c82
SHA256 eff57fd1ba5d0d126b9da3718a8b126c3f05148046479886a5ea7642cf20a164
SHA512 3d0e7cdbb5d80d51d68207f8c72a8f60c1f094385bfc8594c982436123b8471d2771adf5279a192bd58023a79ddd261c4cd774740c1519746c2af96275ae82ae

C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp

MD5 8b9da8a3af4847c59bc27ce8802a1b37
SHA1 aa9620bc028f01664ca21e9e790889608aed9462
SHA256 cee7a01249e4b84f523b76ff412445d14772b682edb69e0295f81f77f4af797f
SHA512 fda37dc96c4126b1e6e70f6088b33c19c3a6316442d3945dc033957af8d30328f1ab44ac79f5268c979524448b6b43ae3424281adea19192233714f874e2239f

C:\Users\Admin\AppData\Local\Temp\is-RP3U7.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\C6D5C30292223792F28901407492E456.ico

MD5 3a769cba192be85bcde6c5d715803b35
SHA1 2dffee658d7a0feeba1cd428fd14a834acda51fb
SHA256 736c5d0e4b7f4b76d8e010a501d94a007140b6802e614e6aee170c124d1d623c
SHA512 156a2b557b4dd5a17ac2d032cd8855d8cf262563120bcc7e0f2e5212a0547b4f6ca27465cdd59dceee2277354ffa1d22821d0824023695863f74ca20393c7703

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\D0BA932CD1C38DD844EA3810C04312FB.ico

MD5 1267c4227a86ce8348d6e9fadd2c33f2
SHA1 4549fd6cb410e48cebbe8b84d7667303eb8fdb28
SHA256 c2571d009231ea6acc707d96e32bb6c5e8bdfc80c65fa39f7b3fa68b89ce90b4
SHA512 7aa858bb8bf685dc6af2f54a43bfb47f27ddd16df81bdb40f80c51d66ad6a4612a9a421bd9e7ad69951b3303149b623b2c6dc476d5a7114f47a7715e4b957e50

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\1C6E9288731636C0E9A802739CC5D2AB.ico

MD5 8bbbf7b3a18b814d2dc6bd9c82fdfbdf
SHA1 241ffdc9342583184b10140cf042f30573141f5a
SHA256 734927c995efb307ac21b1fe8f2cdcd8e641e976d9da10648d1b0a7bfcbf6cfa
SHA512 a06489916c804eae815601512e497f9a66194ca95a1d5a449bd8042dc4392a465b95619f7e6cf7a6415f2a34f33e7929b184a92e7891dc2a0bb7a364000d0ed1

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\9AF4FDB488EC6D4351E8382540FB7F7E.ico

MD5 d006fac02a92e2778f3d956cb8c1680f
SHA1 e7dac7f18f46b14e2eeb30cc540df1da430e4b67
SHA256 7719a7958026bb61aa82206b9a32cd424b4b620762bdac179cf234583c4415df
SHA512 7a3b0e81ab1e991300ff983c620a2f9e3cbb33d30a5de531b8dda3f85407139d82a013e8da4f365987c4307558e8d744dbbec12229c13d6b666bd1c46eaa56cf

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\E678BA8F7DE2C584D65D67F503BD26F0.ico

MD5 af80fbb887437fd018864a0749464c19
SHA1 5cb46e321dc7beb17d1fb12e2ef52a19b372ac58
SHA256 bc833cd045c784242f221955acc1352151670014b92547c5e86a3c64a1312419
SHA512 47aa1cf7e59364ec88c540bbbff5a2093c9070a3fc69d3099647fb0d5663f8baf023e152a1a593788a788982df1e600e218734e968c35bdc25f49629af54d61f

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\6367661BDD77826A8D0F74436048696C.ico

MD5 8419a0fe4df2b67967d7a92c86a7a30c
SHA1 7d561376881a8b1e047d86c486ddafcf1172435b
SHA256 29ee8b3d9e072804a7fa8ab0ec73684f798a0168ee1d579b2839300268584dc8
SHA512 d45f00686975ba2bdd7d8d70b153d57e3202d9cf17a9c2686ace8963699521409ba05dd513ddc021949b7619821326165fa9855f662493964c3e7856743261b8

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\C47816A0A4337039C6025005A41187B1.ico

MD5 790417de19979f232a569a9f58ea0146
SHA1 098dba53047b2aea1a5b7315b60216908d7e1d6e
SHA256 0e3a834bda49e7b7cafdfa78fa036678c4c2216ff3be4242ba7cf2bbdb1b2790
SHA512 14681abade3e4fd10a8855f82aec19c8f37f4c4e95662b5dcbfd65285a6f878078c02c8529df652b4291457c003a7b36003122d24db8be07b0f0754104fdbae6

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\1DBACF151FBF61072A4C18A8AF35C707.ico

MD5 21555f7dad547b6962578535afce4f7a
SHA1 fbc48b9bb3715aca0d1345d92f30f3e21ff2509c
SHA256 658d830d54504c21277b53344c07d16b03f936d2f3782cb323d93c5611361d6d
SHA512 d007b4e14c98be8ca7f86e82c3d35e888ec9653a9db813ede4c47957f5540c5f405398cb953b56cb1836a106a5328e74ca27a28b10499a5230f5841297319af9

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\1C728FFD22346CDA4C30ACA95F39002B.ico

MD5 e2575d61c19502ee9f13348ff10ae7bf
SHA1 0156b254c22eb70575556badc42505f208af09dd
SHA256 417cb1f914fbad9fefc1304e3ad49bcac41d66514da31f0d01309f374fc4cc01
SHA512 2a84f18010bfcacbb985d41d6cfb15b3047ccdf59adb2f8c032b48e65cc8ba82fe95897177edd4140533dfa1e6f5b0fac97c970ef6bb51f0ed6ec3aecf40b94a

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\B61128515D9B2C0ABCCB7559F15C7713.ico

MD5 6971c7262f6d23f4ccdd91b046ed02f6
SHA1 52c270853bd49f45ac4269c98f2d871e24f9199c
SHA256 e709cd1202dcecbc9136e1d3db5a9a94da06c525b2231946e933307e36e5f830
SHA512 cf6ec42e997becd662ee26ce3055436e7e5a4d1358e33f558c2ce5a592ce954fec3bcdaa86930945318f93cf6bfd18ea469ea59fa9a393aec4bb1b5aab284791

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\D8E6AA2C03C232536C2C37CF05E024F9.ico

MD5 2aa59ccb93eaa91bfb6c6d8c6f73b481
SHA1 0a97df11862321ec0d9a897bf19d63784d3901f1
SHA256 5ab7723d554fe061355dad5bc025b8833f398116c1a1a0304890754ca31ad174
SHA512 999f48ef5e811d17e2e097f828b9df375f6a3628882af8555cd91fc0a5a9797169f80ef33658e8df1ebfafe2658995f63e0b70e8ece6f315bdff311096b59059

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\DE80E6488D8B4888D9D228D48E7D2A14.ico

MD5 0d6b10714f31ebea009f7378d6e5fe8c
SHA1 2b35b5e3dcfebd813b826df9af79a7cbb3824d88
SHA256 f3dad0c91f26a8aa57b8e6a9d7a7747b9b32eb565da6650fd38a0b883056a907
SHA512 b7491610107bf295937349a85d760bf44e786aa8161e309ce5772feb66d47839fb051087db373079e0b5380eae0477281912443a6c2d93160fd4d1163d109bb3

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\6C427281AABDC83C8EDE68629924B871.ico

MD5 786dfcd11ca6d9d9df878e934fa76386
SHA1 c20f865a49038395333a9c5c97d72e3aa927da16
SHA256 932a78916f9ec9731890b644454e843fd4ce4280a53e2d6066a1c94f881323b5
SHA512 34ec13ea7e98050941313eacda1fcd6d2144ffba8d3a4d384a4f2d4fd199c6424b27c3cec6fa2cc34b7004ee44329021f6ff1f58f8f6d6681b09bf2dad35c3b3

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\837F34C05B471B95385D3592DB31D926.ico

MD5 0f977c0bef4175f89f81f5a14154c2a3
SHA1 ede951dd12a5693e243a9981f39c6005c0788f82
SHA256 dc254b03df443ec712a6c53fb55b3d15650eb02dbcb146e45f69565fac11da01
SHA512 e4161e36fc9adcafe783d2651940f24ce67592018c3c084e4b4b699271f90aaa2aa7bce94e7699dfba6608c144dc756456e27724a76c9c4454723d611bdeeedd

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\3A8E3D626A3D149B926435626796BF6D.ico

MD5 8460eff5b73d02102f38e29c2aca80cc
SHA1 886c395a300e4eb221d60747112d5498387b430c
SHA256 bfd02f0f6e73e4379e42b0a5dfbf99237ed35a5eca0ce12c792b069c5dedb0cf
SHA512 a7b3e55c23af9d60f9e6b2562c660337119ef8ffdd71fef4108e8839aeb06b0ed69b060eb387e7d3aa5f6926c31026abf2e794a8e6bd9dbf2ef90ed771b51287

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\1D0949761E9676FDA6525F8E6EC4B69C.ico

MD5 e36163133a1f5465370dfa4aceaf5a44
SHA1 61880b63b9602aa39aed3d5019637a2adbf0b6c3
SHA256 244f8add317e2b8fc8581ded029769c4564c422ed8f57ccea274ba46d106ac18
SHA512 f8df7c4d9acd246fc2eae4b7fbe5c4351477c2a8b83ec93325efc4e7f4262f570fa0c306a9eaa3630be89d2d6344cc658bd772e624d3a7dafe571e93acabd1d5

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\06FBB28E8494CE1A10764B97B962FD36.ico

MD5 37d1252c2c10a3f8aba7ed4d1b4737ec
SHA1 c17be4cdd4d9f710f25367bc5c777ab41550f46a
SHA256 f5b9973fbc33d4b94dd7c2e49eb7e70906e59a28e76ad4487b840deade50de2f
SHA512 4709098d23e9b4e70d94925121518fd2f14963e57db4eff6bd29a54605ff8875ceab07d1c876e2fc897a216ce99dc6ac0b522e35db90d9d84186878798600ff5

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\353B1BA76999167A468E7878D117A366.ico

MD5 cf8c8b1a47e01b30aab3b629f5564cc0
SHA1 b1678e4ad72a1d4d4b728ea5821d0333322561cf
SHA256 695512b3b290ae430b51c81742f3b642b26957855f93c471fbd98a097b5011d8
SHA512 049d60045b9111f1494afe4cbec95a8f76eed8f02a1cd1fb3ac902e2ec71c521a0324a578ef1635f45eb17b7df74a61ad3bfc939bbc0e05b1768ef1b82107532

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\1C4B1656CC8AEE823EC03071E7C1ABF0.ico

MD5 ee8a36ff70a342be1aab7cc5e3beefb3
SHA1 17443c3038fae2056efe6d10b373e76cd61f21f4
SHA256 66f31ef1ecea060175d6c9013cf84edc40066e9654d4be5d1ae90839568465c9
SHA512 ebbcc2019c34d66d575155f1e1517df26c8a7cf5c855c15d240ac93f7e4f7647b11620391532b857b4235e90d3c1ca2f59cd91420963b36f76eae165a628a8d2

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\ECB7E253D295F3BBBFE12E491C9B7120.ico

MD5 0a398accbdd3680823ec1a832103652c
SHA1 42f3d8c6143886c804d6c695fcf7330340fa4296
SHA256 d5514fd4ce5703ccfa1bd3d560c2843d34fb4484fab77498fb9e3e25e25d3d11
SHA512 50af5e73206f814144c9eafe86bd60ee464610e85356c889a48a00160b7cb9c8cefffb8af0fe1803920138f73ca1ea19b7fe4ebf5f6eeb240abd1b9da86680f6

C:\Users\Admin\AppData\Local\Temp\REGRUNICO\F3C1DBB5500CBB8637541A1B080ED008.ico

MD5 5eff269c847051fd52f907e6b19b972a
SHA1 f1efbc81b7afce7c062fb24e48167b46ce69a21c
SHA256 b2d493f1f85cda79eda390f7316893afe11158d04231fc7b23a12c3952083440
SHA512 f0b7010708c76d9224edcc02a5148dccb6b5119de4ed57e0532d5424c4ba7e1180615394a85dd01faf5d67ca67cfc3bdd8b7eb48616edfb4454d659e9a57c91f

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 c6c47bc900e0d35188e32004c52c6efd
SHA1 52bf84dbb83620ab152c1608a325752c2efad082
SHA256 af25280c9d73e44853458fa594b2396667593ab6dcfcdcc9cce953c08eae4471
SHA512 cd47080583c80afb909430a042422dee36640413ddfbd0823654846c8f0f689d228fb31057c3c253eaaf688f5a0713605fd5d358ad165a1fdc8817b80db54811

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 9a128cb7f18e1ca2c61a0c2fbe0cdd4f
SHA1 f336e88fe2deb277f4c276a24998c86697eb159b
SHA256 0b446e48c8bb46b17f0d17a2c22dea52bdf69c5d2ada5c0b6ce7e14b85b36bad
SHA512 34e91a02fecb3c38785567432b1b8d5320b85c3e6a8cf6f9767a77586b172f121fdd16604fbc1f8e7fcdc99d80fb9152d56bb1173ec234511ba62eb3a7bd38a2

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 397029980ad1537c3cae46372a666622
SHA1 36faf8eebd9ad31a395c53424f9ab2d0e378d6e0
SHA256 4c4e3a858dd10b0c90159f9f14c3bf7cd91c86763df63f473612735782f8f4b1
SHA512 ce9efe54277bcc3ad49a3da22cfc8870d8fcc46568d49575f35d13b68fae93afb8d7a2499481cd789c86ba8ac9e3758eb7f05f7e5e226349e8ed4cd3df552cf6

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 4ee026111e570980efcfb3216d3abc17
SHA1 1307c4ebfc2b91f5b5619e428c591ec824ba5544
SHA256 05e684f83ad4d8319e0690b9cf3223ac7262a3cd82527f1467e185ae9ae96aff
SHA512 bb268855ea14d1b83557abd0edcfe0c54eb7bd41638272b3d9976e43bdd6e4dffdd7a80e341bc935600ebf7438276799a71c7b48cdb135e0d83aa881d9ca1528

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 01eec9a3a4fa1c55df33ecbdb3c4532b
SHA1 6d2e3a8d0f9d780c749dd3b3ca974021ec83a95c
SHA256 844f9c2a6755373f0b3cde72c52e72328e07ae03ce10e931bcf0ae0ba265a4de
SHA512 92ccd94337ac419beef61fb9705b59a7f7df6770120d701b63c35fa8c4038d21464eeb5709cb87cff29e2aa8171c6a97225094b346f6a68c905ef030179f1840

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 26a886d814c5454a210346689b6a4d14
SHA1 e57857b9dcb99a372f8dd6a98e7554f88223546c
SHA256 41d3503795c09a5714f9ddf6c976724503a3892eea44c7dc4dc76646a6094063
SHA512 22a29d058f2f6360e55a692239b598b275ad0f4626d941f2785514d5f967469b2577f672fb186387dd2915e8cc6c03c1f3f63836d9e165b4d3d8cd85c8fa0d52

C:\Users\Admin\AppData\Local\UnHackMe\lastscan.ini

MD5 0821b7850513f56ed11dcbd05fbc538c
SHA1 13d151a7ce14f527db9c4b19e836046b41c08166
SHA256 fda5e9e5bda1ad46e5c9c30426b00ba2c237c53e740e003b22a7a5de6603bfb4
SHA512 ff2e05fef96ec79aade8f7cb7843e0d2cb5a0505c57fb501b559bdebf8bd11c778c8160b7dfe55c00f8b7b64a62426cd5e04e10edf07cb793068b2319df5669e

C:\Users\Admin\AppData\Local\Temp\GreatisTmp\regruninfo.log

MD5 ad1b5265b57a51f2c4379582788dfbb3
SHA1 8ec3839235874943c25741b027e04e9bf01d5493
SHA256 54b36d5fe1a65d4f07111c74b11fa870ef32c605d21dd0989ce3dbbf57669cbf
SHA512 cab132be92b1e8ffbdadfcd5a4ebbd4dbfd6a4df0e4f4e0ecc828c1a85d398cb9830208b4266172539ccc87d2cd1120596984a74423bb4343d6e52d6e5923d99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0863fabe476edba5f0e12cacb72dbef6
SHA1 0deb3554b6eebefcf999ab99ee9603f38e8f8ef3
SHA256 45da1e69d49d4cf816a546403501cc60d5af66f888aed10000900e984d4882a0
SHA512 48f20f7c2daf14272398f2c351451398f5e9afe480f51f56875e8ebf02a177c60a26afea8fbc31544fe13c5c3dad98a9cba4e836f8dd79b48e8fbcfc46a33515

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ba316c441711863fafbed51f9f66d0a8
SHA1 d43edb929739560b449a268d4574a6ac4861888d
SHA256 433da4f055b893fd3e527958eb2ad87be7073f560c30f83a33bac54663e59c62
SHA512 f1781adb129b4ee990def503a88e4ed288361e093c70351e2e2e692f777ac39843c83e039709f9eb3855d3da3b1e2bbfa5b1b1e51f94d51ad10b749172d2acec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e2dcb9ad508713dc97f7c1942eec2d46
SHA1 7ff45134e752cd6d5d769cf0f26dd2eb53b0705f
SHA256 a20cf47cc45b72271609222145a7495b888fee4967fa11676d0a3ae4d2ccd38d
SHA512 23eecfae8ea4eb20e9b501fbedc8ac54776954d68ce60f85cf3907877db378fd57d02399e1ca36e840ce84614ca794250541712fb895294d05e83e6a487ccd91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe62d878.TMP

MD5 0712d2af9dc528ce5be7adac21e72d46
SHA1 394a910bbb256751c30a91acddb378a56e041dbc
SHA256 c1a0d97b9a0129a7f5c85cc91913c20b449245387ae4a2f2828c7828baeb6c01
SHA512 4672a5ee34ff970f9ba7d196fc177babaafe2a6e540a09e41dab38088d9aacd91d3e255b3385b91597fc3cab0ed5c53a2b937820ec6c3adeff4a144cd5f136d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 14178d2f0ac8d41f7e01d9941bd907ed
SHA1 cb1d59570fca42dedb4b058d23c73834dd3c951b
SHA256 f5ff77097f7879a2cae64e0dc27d25ba8c2bf699f7f15da45ac7f7e3f35e053c
SHA512 0b07d81b478213aac72af079d7673b5ca8ac805ed86bea6cf2637e3aefa007532537c404a92927f812687f5679245ffb31fd1512aef26816bec3a7848ec8e889

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4473fd31-8364-46d7-8ddb-ba63c05b82a9\model.tflite

MD5 6d7c2f9e94664539dec99b3233301b01
SHA1 85812b004742cc1c211c92911131ce270f8ba769
SHA256 a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534
SHA512 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 42f6a78517ab22a7729545b17edc7cee
SHA1 3756bae50672d5f423a96e6168ac5b3ca7322536
SHA256 aaac2224e60c0d49ce86404c8faae662f3e38da76da8873a3978838be49c050c
SHA512 423910b92d45ed6cf3eae6486cdcff9b670819403f9b9f6a04a495ddfc00a1096a5e12e021c50aedab18f8ff06b49b040b2472143eece2d2fc2012bfa0c221ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66677296d63ca24436cca2fce821421c
SHA1 156730d504f747e84410e05723d57e85e0b10279
SHA256 b7f8adc039ed5b8e912f2806e9488c38772cc2bf54052d76b2424e1897f76282
SHA512 33b0e5a141695ec135ad6df290672955bbd038c7c008feee505cc6f5b647ae9f974286fe5a3e779a4ffafc3eb7099e929bf970363b5df597913bd8e0be0b48f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 8bba2516f31ec7f2e08927289e212d9b
SHA1 78f03abef41b96a1d2fcb43bda9a39f527697ca8
SHA256 76710d555c8b489f86d7931f78791513b8ed2e67a236040e121a717ff987916a
SHA512 0eee53a780c73884d83d672e51c848dd14848848e6eac6f956e27987c7af3b36ecf34e61403e15692b5c535bd3fcb7a13b818093dac0d601f00f478ee69391e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

MD5 20e84051d7b8c097a4c7f732f1b7cf75
SHA1 fca1bc9a1bebe2546b785ac5d5b98506ed7d1a68
SHA256 c7be541f2287088ef1849c284f3d83695474bf9811f1f062621f78bb5e07361e
SHA512 883de352f9783c327c6a996c556c6c2be806ecc53c5059f56c2fc1ab351ed5319bef7cc14f894a9a3fe3584fccc72d945e2533a61f925e80c3ad6bf2b8f8b957

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

MD5 68d17b261d94d13c812fcaf75f673ac2
SHA1 adf25f6cbd405f592adbce0a97b827101c2af0ce
SHA256 328a870944b1fdcd68375a2ec5f01dec0c9a1620ff0d2d375cb90dd8777fc9ed
SHA512 2ea653a9db82bc0a8ad11797a07009da8b22167e36fec83fbae8eb895a1cf3118a899d9ae3f61e87324d398b79cd2432ef66016f5de9636de5e69ab5d459367a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4c06f7767f4b832c0dce63c220b33400
SHA1 a4c4cf9f160ec4ee2725854216b918dec6837a8f
SHA256 dc8cc13835fef73a5d5ef2b017b3f6c9d05af21c78531b3c6ece285d7c1e6702
SHA512 877978855f5b5ce7321df95028cbcc951c21834d2c44c910adf7d6bdcdb7986ccdf3b88b3f53e8f68bf00232a29f84b2563b747f2004815a015eedb51209afcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ca5fbb5e2db954fb2b1753cc505d259f
SHA1 5cfb178bd3595aae3995fb5d3fb329ddb379be9c
SHA256 acfaceef7f58cfd9cc8e77b12aa8cc1f11fafe7385aadc6df02bf3dd55aebef1
SHA512 0dd2937252e5fb09deb8b9a0130aa92e62e9e840afd33e2b58851292f7869fb3dd0dd5342f7961ffca844955b90c4e31c2e6766086007c7e9d2aeb4f431c767e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0ed9795cfe3550126184a15e56575ff1
SHA1 20d1dbcfb34fd2353c12590b04b5f71831d3b16d
SHA256 d0b7375b795f22a58498b9f19069e9db92b033dfd5c1eb6491a045571cc6a932
SHA512 d0d0ffd889954a0b0157f8bae6b03a0059daad6819c3011c03cac6b8b66919b9553e56267c44e616cf59cd7eeb6cde47d259ebda4dc142fc98e3793c6dc9a7fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe63047a.TMP

MD5 58ca389fa6d5604ff89c2f127108ddf6
SHA1 4586345c20f9f285474134b05e5ca09858e2ff9f
SHA256 db6269d62db82793f14a3d7c33f4345e6331cfecc9079cb05dbf2294afa5a429
SHA512 049266e6072a2ab7dbe9fc897b094258270ffd28ec05faa0db418207b0f6d2ec24b490bad18e50c7460680b7b267b1af81b39ac3e39af6db921e7c19ba4680e1

C:\Users\Admin\Downloads\Unconfirmed 994676.crdownload

MD5 ddfc82cf4eab81965e3ec8ca8915b00a
SHA1 1e5b94be6922e6198afe39a7fc695db291bffcf6
SHA256 4819d87fe9d0d0485fe85a3843a3e3ecd61ebe50a115dad01ec10275272be82a
SHA512 ac08fa6aa1e55a653ad48305bf19c346d0a82a30830ae5b8c84d557e44c57511e39c68deb786044481074fb694d3827f66cb66862ac52fb4437663e82d64ba42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc21a793c37e3e461d0c991b810aba21
SHA1 f80d08575b6d46822b57980dbec6eeda22afe6b0
SHA256 22c2032ff1e08baf18a01f81ee3363a031ae05bf0a01637cc4fc689b96e54cb1
SHA512 295770cc31a6f2092efdc000b3bf0d79a1ec866a2a651478d03d776fc37371a6f385ea1738096f018bc2efd26b76d436960e30c6c83c1f5a09fbac142f6e7561

C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat

MD5 b0bbe2477edee7f1988efe020be61f47
SHA1 046d11c51292242199566bfd47672910b8ce92b0
SHA256 8501e72068bc083bd2768dab5ef7725799f8be6f91fd3cbaa3aaefcb63f38819
SHA512 4699ae466714ae4aecf08f3de4b17e622ed924692dd916dcba8262067882fa9bc399e8e6d45c1bed679338bfb06afbadc141806f1a93811e994db82594ed7a5f

C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat

MD5 c028389f1953c9b589fd443fa1e81ada
SHA1 71984981e898ca204d5ba03c6a27edda06030ce5
SHA256 5322432eac061684c00d4381fc2b645885770f83242f212afe3757b7e310dc7c
SHA512 f556b1dfdbacc63da5c7a3e699a11b3395574d01adb568fc983e025e2900af87bbbbf49cb6814e2c54baffb4fb8d5ab0ff316fe143ca026708afcb9db022ccd2

C:\ProgramData\Norton\NPE\NPEsettings.dat

MD5 dcf23f9d68a295191aa646be475d0f0d
SHA1 a5fd9e96c121da59e6269d91bef2218503961a04
SHA256 70a864c8041e519416b82c413ebfaba310ef67f4fc3ffe425604d5ebb77744db
SHA512 7e39fe0bbed646c89ec326270aeb3c0476f0a05c17cda2a5f989d43a3281a9079ccc6683d42582b13ec8a7397c41f24bf57be9ad7c87781d37e2fa1bb629480b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9277ccad5dfc34cc5961e6df7cae63a7
SHA1 a56d8d51288eaa78156864847db12150d2ce33c5
SHA256 fa8b1f0b5bb68c898bc8058f8e6f676feee30c2bf36d3b3056977d0999eef099
SHA512 f6cce7a0c7a314f18ddb936235d608e520ae7604a9c53944fe09b30c7fad1f27d4f2eeab0d91b6bc062c694ea91e1664cd3e96b5077ff747a8447dbee9c80d28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 625cf18a413501829d04b53b878abeee
SHA1 e8f917b0d3ae2d14abc5aed10b7fec9e3d1776f5
SHA256 995a0b5f752743d41fbebc98faa0527540826db7af053534bdb4972ad7a1ab90
SHA512 531faf95db933acf5f891a0fd814dbd5ae757a0173e36a0fcd3cc9263d0a19e598dfc3cae46fc7b44eebe0899b1c4991406c0ca4a5218576d5cfcc4b1b667bdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 263160fb205f7ee04d6e9c73c1aece23
SHA1 dca54cea76d67eb285e55b214fd59f202d7098dd
SHA256 777aff7e0a62b46f81580f83a5472f44b089fd3d9c4281f4a11da00931884f79
SHA512 0bd13cf3d529811a480229b024c6cf3b3ef24493c26c4adfeefc6935bd6f8fdb5b795b542cbb19b223de039889dce2042b58f205ecd59028044a97eb0a1dd2f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2cefc0ce6247c09e4bb2bb49657070bc
SHA1 57142f697c143bcc44e54bd3a42e5323ce05faec
SHA256 fc9c8fa6c0de004e5257a1f28381dddc9f3cf1e09d071896c88565d1e62b83d9
SHA512 0ef9bd7f08cbbd18e576466b6cf039993ed12eb8ee094a132d57bd71121373c7315111b640567917a5186a114f24874ab4cc68bfaa7b71187b85835c41aced0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 3f2bcb7495a38b9190197145fc64f0b0
SHA1 01b9e3ef669ce794c406e8821c910397276f33dd
SHA256 c61fa5d9fdaf92bdedf62d0d801246e5ea5bc2f0dfb372daa40d9ecfd9e08c91
SHA512 1b0958e935ff23bc831dcb530bf14de19848d7f7180f2c58fb165400d577960c0a2ef7d4f73dfec2afa37dbdffe78830352c4bd7cc2647be53e0732e48590a92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QNIUHILU\www.bing[1].xml

MD5 f7026b24183ee35eb6373eefa9ab4027
SHA1 fd423f38a15cee327b70c18301036c0a04125519
SHA256 13af8c05a5b70bdf8a6ef1d904931b4f6c968af9f672c0bb2835d73f0c3e518a
SHA512 57edc0c987f39bd4daa6d1d26b528dc4a9dea40ff12bd97a57ade3a040ba6265479e4884041d4a3d44d70844c5287a80b9980f2846cceac7c818e329df65552d

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QNIUHILU\www.bing[1].xml

MD5 d9dbbc49c0a6891439bd5f7d57932e58
SHA1 80da2eb3a1339b19383bbd64300aaa867b3648a0
SHA256 4694339c8d082ce83e0d8d9a4760f0a744aaf23562ae2440a5af99f5c661234e
SHA512 1ca58aa321e47a3755bccb278823fdbc2f9cd3b84cca2306fc9e839cec5b3b3f06d6e61a73f318fca8e68dfc5b09653f53228a038d9de5dc7849e905424c3e04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 fc0277ac791e6a5dc4587053312e212b
SHA1 fce7a450f71c5bcc85364f4b58882eac312c6d4c
SHA256 9993c19b3aedd7349f2a2435467f4fd0c5119dd14e72be7f6e8b395d3652d153
SHA512 a0e4b7a84c4593ee055918137a5e3d9b38d87733ceb9cadc46bfc07ffb81783730b76a16861f267014d44ad6adb387c661b65c7573ea4448d9b87c3369f00470

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c2fc25c0-4b02-42c3-8433-46e6d754d245.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 52707271911d730c802906091dab2300
SHA1 e5b2010520b15bf166a14dc5b74fc90d0d8b3641
SHA256 69cee9fb7d066404b484dcb8455dc6ffd64bb6ff07a4a733d805ea1cbf059282
SHA512 e4209f5685acf9ab95d9787907d50483ebe3ffa0d272f64ebf24f27ac7c14bf1a6bda41f97d6d8f8ec12596a75f75c665cbd3552bd37b0c6be057ffe5fab6456

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4e24e118d05ea0f85f9dadb1c248b6b
SHA1 4fbe8f3b4285d159dffda571601f401da4633b2e
SHA256 81651ff927071d87aed1037fba3c38cd74f9ae8537cb10c1deaf34fb65990fae
SHA512 af53a2fd3d2a5009728dfd5ae4ea2c241d129ee97ff8c97ab091aa2088091bfaafaae6d9d785fd45d1c2abf2498219cdfbf891abb748087e329154a6ba257154

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f6418f0a7d1a979bcfb63cdfbd26462
SHA1 469e23a8cc1acfcaf60098b6831d218170fbf3ae
SHA256 aacaad39dd3c7873b747856be3f79c6a900d0797f001581b922f3ff64de70974
SHA512 637830c0e5d80601ff844d11170cb955fe51640c242fa8147656658a1d1af9f50f39adbc5a608f9566caf13df95ad3ac9912e8d73fd51577ce7f2c95d3376858

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b40db7568a77d4bed6365c684d6e68a
SHA1 e17ec6d47e2d6c62db6b5d3723fc14cb5493f3f5
SHA256 03eb8d93e8200ddfac4353f3251cd58e2351335fc3db2d8dcd4b6649e6f28b86
SHA512 3958898632773fddac735d15828e03f63bb8848c45bb57a94233a4015b72532c58e7dfd62fcca7e5f7e1cad7bb59d82ef9120b7b714789b817e05a183e9b492d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a6d3033a7e763ad2be3b6b4a0f8571a9
SHA1 61d6dc12b131602afdfef3b76f2d9992c56c60a9
SHA256 653bdb7a9382c075e886256ef924d392a6cc549a1e93b8ccfac36e615acee350
SHA512 56bc210f884fd8bc6ed48fb9b95bbb5d3f5ae4197322881628c38f0ac6160487a0d08630b8e217fe4595572c83307c2188cd1d3ffed20ea06f26d775eb4411b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c86ba2c84b9d582f4bdd16f5330380fe
SHA1 a14410df92b12017c4da6efc5ea119e75751d632
SHA256 75ea47ad56cf70f05a82cf9de5aad817d64ba5d4be4e8bad81777aae5f656d32
SHA512 dce23936065bd1174033db470ec0128d36137855b25bd856a3ab2427fe5706db973a85194a196f4f30a2ca5a44362a5e61bf62f059db10c540f0b970cdfa41f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 453a6562f61c52aff6a290c2d0ea19ee
SHA1 04241b579488b4d0a65a4dcd93bd6bcd76139185
SHA256 1b882c41c28e078bd9b87fa86f154e1d431a3ae52afa0c73dac2f0de2a72cfc3
SHA512 3b22839ffdc8a095b509aa43ef1f34a924d961173c551e6b6f14f68bd98f43a5771c2e6e762186b973d631b0177036f07bc5aa34d16fad0899bb41d90f702a5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 61438ad0deba4b9264cc93b590e75c24
SHA1 9fac0ef8b9979fcd9bc3760c2eff1a1ab59f5bc9
SHA256 774d32485da8a31f5bbbcdd58b7832b51982ca439bda0f3e4a093ced8dd5f4b4
SHA512 59e60b70cc562f9c5706dd999f13d07baa6f058253a8ab9e9011281500eb48ded9e11e650ec294ba843c20017ad324cc948a2002e5c071b2c8f701a37384fe91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 786a401e2451264e82bd6b81de436c12
SHA1 0b72bb1364f2c9bf6ba6cf4e3af1bd6deca98bad
SHA256 e0d7f792605a79dec7343f3d472bdb2b292f7823a4d21c242ed185cbb1f9a342
SHA512 9f0a88a185b3c5bfa9f80241570bb579dbe6137cac6805136b0f8f2347930704efcaccfa9d42043e221c6a372adcac7b86540452b63cde32f508cdee138daaf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e3958426bfaf1f8eee98d3cac093845e
SHA1 4cfc6dba91fe502300c060bc2f28c355b1d38ab5
SHA256 944cf4550e39c684a7a926f6ecf0283eb3dbf89529974a80e85a02c4f37f2ae3
SHA512 63e2188ac92d6683daeb1ef43374d12c8968baa6b8a40be1a710d29a6591b6aea267d179f282ca7d695b972ca4c0656029da8626d2bbc8b5fac3d4f2ad9c9368

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9b16a9abb16305d6135ebeb02f35de46
SHA1 e48eba26a2cc226c18ff575d3ebcbc35fbb4a0cf
SHA256 9ec286f5c60258ef7471333f18a29d6c2ea50138f235230f8148a81af725eb5b
SHA512 9b87417af58f429aacd9b856d62df77d2318b3c2333c202245d9b83dd328be201033279de233223dd7ed01670a8469f1f099ae99e9fc62678d4c55ff79b1edce

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\KVRT.exe

MD5 37226eb4f1c7a0b79275c1401f83cc6d
SHA1 71ed962d1e0d212869d92c23d6e20a4e1e7ad430
SHA256 be00dba953a6f26990e020bdc4e3f13e5799a3ff60384768ee6c1af37c656a4d
SHA512 afea618c795406a49d159e1359e76168dc6b6dee07234666d21ee21bb5011fe9af57a3425e76126f2595e3d180cf2121db5d02258d7aca77b3c4d8621a8aa15d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3789bda2b5990e82f49b377258a98f1e
SHA1 dd8401ad686632a2f59dabae2da8d02eaa5e667f
SHA256 69749fc49b8edeb1db322908ded4043b39e79b6cc9c47c6f3efb80677e7e29ba
SHA512 2ddd6ef764c2a5d50affa53e3e3b3e205766f0e99f7f7bd9249759388396f78e81402a893744e15f542683e27dbfcce04e7fedecf0b7d38786520fa261cbbe9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07a8c44fb1a681906cc28935ff74f37b
SHA1 59e162bea56e2737a8035ba7cbd003eeddd9405b
SHA256 ea3d864c6e8a094c569f173f3f6f5ec67758b569e4a694c4bd32d6f9bbdeac91
SHA512 1cd241e8c94b43bebe7812c1b8246d2a3b30f1ed3065b8f4ee9fada5ad2cc2cf0e7a6bca73ce06c06bb0c30fcef0dc4bf4c88bfddbc2db15f48a9bf485eee4b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fdb961a8e80e0b28ea37329ab74c15b7
SHA1 a3e1e317405966257ca21cba277d9b233726aee1
SHA256 083d38e4f96abe2bb6101904d9c2f1278e2683feefe4f764c68b0afd1b44e0ba
SHA512 a4a1c67f9bc9cbbab6afa47c7cbb89012ceb222811213683aee3ae4e081c9c472dec09ba96f53c96f1f12e7a5927d237c52e14a3f8748cb8d5fc7546a9df6988

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\Bases\Cache\sys_critical_obj.dll.802c20a8239d0082e57135d00bb9b003_0

MD5 802c20a8239d0082e57135d00bb9b003
SHA1 9721cf68faf500fac464283cfa86e7b3306b509e
SHA256 d66ffdecef0c81c7cbdb2408b65084d0ed78e04e69ae862fab7990fc2f834c75
SHA512 b1fcde7e942aceaad1bf84655c3633e47d22cc515db2a61ba4d80f8aff2240257095c08af766440cebaa2cadfde3762de313e8e33421b31d9c3eb9e94029db46

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\Bases\Cache\kavbase.kdl.698f3643991f1d3a51ddeed4d9ccd274_0

MD5 698f3643991f1d3a51ddeed4d9ccd274
SHA1 bc587a79d722f3dd0dfcac11bcd14fb9d040469d
SHA256 5cb62f07effbcde0b37dc26bcfd6671ce38ac5c292c2cfe04eba3300e2363eab
SHA512 8291624a680825979c11a7e59b1f34010e959adf1398a2f098a9fbe38d1462943289c4588847967c988e8f96d1ed2a9b9124d9868cdbb02d5d2dfa5d037211bc

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\Bases\Cache\avengine.dll.52c5f0ba7444d13378e2102a58232671_0

MD5 52c5f0ba7444d13378e2102a58232671
SHA1 f484829da9c5e3a44cc5e0ffcc7d7550f6549dba
SHA256 de3b4f0d7a3d26785943a777166ef7f9ffa866ecc6f4170b6970af4e296671e7
SHA512 daf7c7dcafb6e1cbfd3d79fd9401f90934a8d5ff8a09b619fcc14c6619cec2cc10e40d808605430386c7b6565140165c4ea0660e5f253a8feec4729c6a2b1bf6

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\Bases\Cache\kavsys.kdl.761f656789cb55eedc099ba3cd372121_0

MD5 761f656789cb55eedc099ba3cd372121
SHA1 1498e8b3e8ae171002a0d92f66877adaeb6f19df
SHA256 0ad762cc4c8548fb7c8ca6e97a8d1c5078acb2ab3d4622d00fe28bc8cf893095
SHA512 9b3004efa350d45eeae4c7e42209e1da6d7800f1a823ed734fc82a6f592adb75659cd712a72db69cda3e2d9c352b9e9e8eaf87d1d309a61bab1cc2b1a6f13d3e

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\Bases\Cache\qscan.kdl.ccf5fd3fdf62d187e66af0757868e5d2_0

MD5 ccf5fd3fdf62d187e66af0757868e5d2
SHA1 ee9dcb9e130505bfb654627c6064fd7792ddb95f
SHA256 1076d20f9d7823b1888fa0564bc1224a9ee66ce6ee4c632d1bfcc4feb458d998
SHA512 2aba637da52e249628ea63d6083221ba36d0e211bf7e8bce2d1eca0155cb73bb0c058cfe5a6e0c658bae463debcacf07de08afc3ee91a01f7335c9e55c3cb73d

C:\Windows\System32\drivers\klupd_ce4e31d7a_klbg.sys

MD5 ed6cd641a02baf78ecbe069e0b18b3b0
SHA1 cc4d47d1d0fcd3deb841f58923ac309f3be42081
SHA256 66e7b89188e292d0abce941fcb2469e515e2a1bdbe07ad9868a34feb5f47005d
SHA512 cb945fa49683b92841a7a915c73eb11b00fbceee8715a166d256cab0971dc4b4d8b2c7ad3c96e4efb73a7ea9c43ef6bfc9ff3acaffdc08df40b00048ea903abb

C:\KVRT2020_Data\Temp\FD710C439F89CA6B7D8CAF3EE6F307D0\klupd_ce4e31d7a_arkmon.sys

MD5 fd710c439f89ca6b7d8caf3ee6f307d0
SHA1 5273c87564d9fcbf99b846195ea8bd3102d65a76
SHA256 ca317c531bdd3a23d401a242a904e8eb81401c79073eee470b6e1078f3645faa
SHA512 3df58ac276362fb7d7999bc8e902f22e9ee1501ee2e4f653e58595d411752e18bf7ee0cbc95766ecb8da34a5ebd3a11fd5bbf5450b1c01fd3ed8ee0e22183b09

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\Bases\Cache\arkmon.kdl.ffa97045d8465e2172bb1d40a8621d1e_0

MD5 ffa97045d8465e2172bb1d40a8621d1e
SHA1 2805422d402810eb5c44d3c522e763eac8e944b2
SHA256 a23155cddf6a696f403d6299edcbbc77a029a35c7fa65fb0ccdcd4d5bd2c93a0
SHA512 dbe1d9afe191c2cbea9d5e0b434f908bb802cefd7937a2054565bb28b6defb43bfb6ad76310535832eae5e3187bd19f6d92c38f21a97bb35e1f29d9d8f35f162

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\Bases\Cache\mark.kdl.68d9adb364007366de31df216e06bef3_0

MD5 68d9adb364007366de31df216e06bef3
SHA1 5a1b5face27868c07021b9b4af48be81f12b31c9
SHA256 6692e9e3e029ec4f48b752cfb197d4e9b7f0d8faeb0f6ce51a962885cdd99fd0
SHA512 0629960df306e2d2ffb6c1d8760456b306e15da9a0a3682e912ff4b816a517428d0871e812682072b1cf388695440acae40ba3f5804b92d825304a1fa18b613a

C:\Windows\System32\drivers\ce4e31d7.sys

MD5 990442d764ff1262c0b7be1e3088b6d3
SHA1 0b161374074ef2acc101ed23204da00a0acaa86e
SHA256 6c7ccd465090354438b39da8430a5c47e7f24768a5b12ee02fecf8763e77c9e4
SHA512 af3c6dfe32266a9d546f13559dcba7c075d074bdfdaf0e6bf2a8cae787008afa579f0d5f90e0c657dd614bb244a6d95ff8366c14b388e1f4a3ab76cccb23add4

C:\Windows\System32\drivers\klupd_ce4e31d7a_mark.sys

MD5 124a94969ce6660453ccd66e40ecdbb0
SHA1 46f7ad59b93bc1b78f76fc973ce728c7951352aa
SHA256 5938747dbf6aea335fdf9131fc912452cee781dff8be61750a9b2ef384b5f835
SHA512 3b25bc9eead7f09350c81bca4eb1a11c5332b128918802385d15fb35d017bf2a5eef64966c3e6bb74d4450d794327a1a81c0521dda8b742fda17c0bcc50079e0

C:\Windows\System32\drivers\klupd_ce4e31d7a_klark.sys

MD5 5ea5aa37289ae16948dc771223f94160
SHA1 640392a0d01521cb0e4485d5641f74e64e1f38aa
SHA256 4b1fd5753737f72f2b8cb0fb299c6c0e3857df69dc19931351d9784f52f307b3
SHA512 2721db2afd55f6abbe54b5865cb41f72216a52cddb6d07721cf0bd1b76fe58b47540467ce9b503ab56e4c614765c18f559b17d73479a4f5a0fae8f6093772455

C:\KVRT2020_Data\Temp\ioc3712F6C0-9028-2847-80A8-C88F245E8EF9.cmd

MD5 a5b39174b06c4a37872a2fa856838586
SHA1 0a9ed4bbe3f27dcfd32fa8dbd9bbc4d83ee74bfd
SHA256 c08afd1da8ce2396d470c5763333e10b29afe93783205f0ea53d59b2a9b99d1f
SHA512 90fd517da8be70b34bc95ac3aa50689229212aaaa29ec6fbd364667bab557f4c5e104b5d3741ecc7c1acf0cb94b37aad22311daa7ca113492451505c72d436df

C:\Users\Admin\AppData\Local\Temp\{a7cea7de-51e7-415f-b3ef-6a8b21d9b645}\crls\c7e6bd7fe0e4965892ad706f0d2f42e88789b8041daf5b3eea9ca41785297798

MD5 4b03934418970c06f092afe3d2155bf1
SHA1 56a0e9666c3ee0071d70b9d2b364666fbb93068c
SHA256 c3a63c68ae58f008e5eb52c8e515fe6f5f978e3a8e33ff3c4c4ec43b186486c6
SHA512 7846f929ec6d68397c60155202365bbbae28c5faf053c67469b378bd059ac7fd8575ee4973d905e51471cabeadcf3251d229057fdba70eb5df478ab4eafb39f8